Scribd Logo
Upload

Welcome to Scribd!

  • Combo Fix

    Uploaded by

    Agustín Rosero Ramírez
    46 views11 pages
    This document provides a summary of files and programs on a Windows 7 system. It lists software installed, files created between two dates, files in the Windows directory, and other system information like running processes and drivers. The summary identifies the operating system, date and time the report was generated, and lists security programs installed like Kaspersky and Windows Defender.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides a summary of files and programs on a Windows 7 system. It lists software installed, files created between two dates, files in the Windows directory, and other system information like running processes and drivers. The summary identifies the operating system, date and time the report was generated, and lists security programs installed like Kaspersky and Windows Defender.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    46 views11 pages

    Combo Fix

    Uploaded by

    Agustín Rosero Ramírez
    This document provides a summary of files and programs on a Windows 7 system. It lists software installed, files created between two dates, files in the Windows directory, and other system information like running processes and drivers. The summary identifies the operating system, date and time the report was generated, and lists security programs installed like Kaspersky and Windows Defender.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    ComboFix 13-04-18.02 - Planeacion 18-04-2013 8:45.10.

    2 - x86
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.34.3082.18.3326.2266 [GMT -5:00]
    Running from: c:\users\Planeacion\Downloads\ComboFix.exe
    AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A0
    6}
    FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
    SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20B
    B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\etc\hosts.ics
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-03-18 to 2013-04-18 )))))))
    ))))))))))))))))))))))))
    .
    .
    2013-04-18 14:02 . 2013-04-18 14:02
    -------d-----wc:\users
    \Planeacion\AppData\Local\temp
    2013-04-18 14:02 . 2013-04-18 14:02
    -------d-----wc:\windo
    ws\system32\config\systemprofile\AppData\Local\temp
    2013-04-18 14:02 . 2013-04-18 14:02
    -------d-----wc:\users
    \Soporte\AppData\Local\temp
    2013-04-18 14:02 . 2013-04-18 14:02
    -------d-----wc:\users
    \Public\AppData\Local\temp
    2013-04-18 14:02 . 2013-04-18 14:02
    -------d-----wc:\users
    \DefaultAppPool\AppData\Local\temp
    2013-04-18 14:02 . 2013-04-18 14:02
    -------d-----wc:\users
    \Default\AppData\Local\temp
    2013-04-18 13:22 . 2013-04-18 13:22
    60872 ----a-wc:\programdata\M
    icrosoft\Windows Defender\Definition Updates\{465CBB54-975B-48D5-BC60-244143771F
    49}\offreg.dll
    2013-04-17 23:22 . 2013-04-17 23:22
    -------d-----wc:\progr
    am files\iPod
    2013-04-17 23:22 . 2013-04-17 23:24
    -------d-----wc:\progr
    amdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
    2013-04-17 23:22 . 2013-04-17 23:24
    -------d-----wc:\progr
    am files\iTunes
    2013-04-16 11:15 . 2013-03-15 07:21
    7108640 ----a-wc:\programdata\M
    icrosoft\Windows Defender\Definition Updates\{465CBB54-975B-48D5-BC60-244143771F
    49}\mpengine.dll
    2013-04-15 14:47 . 2012-12-10 20:48
    35840 ----a-wc:\windows\syste
    m32\drivers\RimSerial.sys
    2013-04-11 13:42 . 2013-04-11 13:42
    -------d-----wc:\progr
    amdata\Splashtop
    2013-04-11 13:42 . 2013-04-11 13:42
    -------d-----wc:\progr
    am files\Splashtop
    2013-04-11 13:42 . 2013-04-11 13:42
    -------d-----wc:\users
    \Planeacion\AppData\Roaming\Splashtop Remote Client 2.0
    2013-04-11 13:41 . 2013-04-11 13:41
    -------d-----wc:\progr
    amdata\Downloaded Installations
    2013-04-10 21:42 . 2013-03-09 19:38
    -------d-----wC:\Vixen
    -3.0.5
    2013-04-10 13:42 . 2013-03-01 03:09
    2347008 ----a-wc:\windows\syste

    m32\win32k.sys
    2013-04-10 13:42 . 2013-01-24 04:47
    196328 ----a-wc:\windows\syste
    m32\drivers\fvevol.sys
    2013-04-10 13:42 . 2013-03-19 05:04
    3913560 ----a-wc:\windows\syste
    m32\ntoskrnl.exe
    2013-04-10 13:42 . 2013-03-19 05:04
    3968856 ----a-wc:\windows\syste
    m32\ntkrnlpa.exe
    2013-04-10 13:42 . 2013-03-19 04:48
    38912 ----a-wc:\windows\syste
    m32\csrsrv.dll
    2013-04-10 13:42 . 2013-03-19 02:49
    69632 ----a-wc:\windows\syste
    m32\smss.exe
    2013-04-10 13:42 . 2013-03-02 05:07
    1212264 ----a-wc:\windows\syste
    m32\drivers\ntfs.sys
    2013-04-09 16:50 . 2013-02-22 07:17
    181784 ----a-wc:\windows\syste
    m32\drivers\ssudmdm.sys
    2013-04-09 16:50 . 2013-02-22 07:17
    83864 ----a-wc:\windows\syste
    m32\drivers\ssudbus.sys
    2013-04-09 16:49 . 2013-02-22 07:16
    15304 ----a-wc:\windows\syste
    m32\drivers\ssadwhnt.sys
    2013-04-09 16:49 . 2013-02-22 07:16
    15304 ----a-wc:\windows\syste
    m32\drivers\ssadwh.sys
    2013-04-09 16:49 . 2013-02-22 07:16
    32064 ----a-wc:\windows\syste
    m32\drivers\ssadadb.sys
    2013-04-09 16:49 . 2013-02-22 07:16
    17864 ----a-wc:\windows\syste
    m32\drivers\ssadmdfl.sys
    2013-04-09 16:49 . 2013-02-22 07:16
    15560 ----a-wc:\windows\syste
    m32\drivers\ssadcmnt.sys
    2013-04-09 16:49 . 2013-02-22 07:16
    15560 ----a-wc:\windows\syste
    m32\drivers\ssadcm.sys
    2013-04-09 16:49 . 2013-02-22 07:16
    153672 ----a-wc:\windows\syste
    m32\drivers\ssadmdm.sys
    2013-04-09 16:49 . 2013-02-22 07:16
    1418432 ----a-wc:\windows\syste
    m32\WdfCoInstaller01005.dll
    2013-04-09 16:49 . 2013-02-22 07:16
    1418432 ----a-wc:\windows\syste
    m32\drivers\WdfCoInstaller01005.dll
    2013-04-09 16:49 . 2013-02-22 07:16
    136904 ----a-wc:\windows\syste
    m32\drivers\ssadbus.sys
    2013-04-09 16:49 . 2013-02-22 07:16
    130248 ----a-wc:\windows\syste
    m32\drivers\ssadserd.sys
    2013-04-05 21:46 . 2013-04-05 21:46
    -------d-----wc:\users
    \Planeacion\AppData\Roaming\vlc
    2013-04-05 21:29 . 2013-04-05 21:29
    -------d-----wc:\progr
    amdata\Readon
    2013-04-05 00:19 . 2013-04-05 20:43
    -------d-----wc:\users
    \Planeacion\AppData\Local\Readon_Technology
    2013-04-05 00:19 . 2013-04-05 00:31
    -------d-----wc:\progr
    am files\Readon Technology
    2013-03-26 13:26 . 2013-02-12 03:32
    15872 ----a-wc:\windows\syste
    m32\drivers\usb8023.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    2013-04-11 20:27 . 2012-04-12 16:19
    691592 ----a-wc:\windows\syste
    m32\FlashPlayerApp.exe
    2013-04-11 20:27 . 2011-10-19 22:43
    71048 ----a-wc:\windows\syste
    m32\FlashPlayerCPLApp.cpl
    2013-03-12 06:10 . 2011-10-19 22:50
    237088 ------wc:\windows\syste

    m32\MpSigStub.exe
    2013-02-12 04:48 . 2013-03-13 06:16
    474112 ----a-wc:\windows\apppa
    tch\AcSpecfc.dll
    2013-02-12 04:48 . 2013-03-13 06:16
    2176512 ----a-wc:\windows\apppa
    tch\AcGenral.dll
    2013-02-05 08:54 . 2011-12-14 20:40
    37344 ----a-wc:\windows\syste
    m32\FsUsbExDisk.Sys
    2013-02-05 08:54 . 2011-12-14 20:40
    233472 ----a-wc:\windows\syste
    m32\FsUsbExService.Exe
    2012-06-06 04:06 . 2012-06-06 04:06
    2174976 ----a-wc:\program files
    \Common Files\atimpenc.dll
    2013-04-12 14:25 . 2013-04-12 14:25
    263064 ----a-wc:\program files
    \mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck ------Note: Unsigned files aren't necessarily malware.
    .
    [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514]
    . . c:\windows\ERDNT\cache\user32.dll
    [-] 2010-11-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514]
    . . c:\windows\System32\user32.dll
    [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514]
    . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.175
    14_none_cf3fd62ccb9e983d\user32.dll
    [7] 2009-12-16 . C7B21BEF09EC7249556BEE19F9D314CB . 811520 . . [6.1.7600.16400]
    . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.164
    00_none_cd604238ce73b38f\user32.dll
    [7] 2009-12-16 . AE2B4D47934D3798C984D51B1694A490 . 811520 . . [6.1.7600.20496]
    . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.204
    96_none_cd8e8f8de7d4e9b5\user32.dll
    [7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385]
    . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.163
    85_none_cd0ec264ceb014a3\user32.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{9DFE2FE9-CF99-4ADF-A28E-9
    B5ADB8DC74F}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
    overlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2012-02-08 00:49
    22376 ----a-wc:\program files\Internet Downlo
    ad Manager\IDMShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2012-11-14 366536]
    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-03-05 34748
    40]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18708224]
    "KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-03-28 1511792]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Works


    tations MP4\avp.exe" [2010-03-13 311680]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe
    " [2012-07-03 252848]
    "Xerox PanelMgr"="c:\windows\Xerox\PanelMgr\SSMMgr.exe" [2011-10-23 626688]
    "NSCSysTrayUI_XEROX"="c:\program files\XEROX\NetworkScan\NSCSysUI_XEROX.exe" [20
    11-08-30 266240]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Dri
    vers\RIMBBLaunchAgent.exe" [2013-01-17 267792]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScri
    beControlPanel.exe" [2009-06-17 2363392]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1.0FO\adialhk.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKLM\~\startupfolder\C:^Users^Planeacion^AppData^Roaming^Microsoft^Windows^Star
    t Menu^Programs^Startup^HotSync Manager.lnk]
    path=c:\users\Planeacion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S
    tartup\HotSync Manager.lnk
    backup=c:\windows\pss\HotSync Manager.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Planeacion^AppData^Roaming^Microsoft^Windows^Star
    t Menu^Programs^Startup^Viderio.lnk]
    path=c:\users\Planeacion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S
    tartup\Viderio.lnk
    backup=c:\windows\pss\Viderio.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe AR
    M]
    2012-12-03 07:35
    946352 ----a-wc:\program files\Common Files\Ad
    obe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAM
    Updater-1.0]
    2012-09-20 12:27
    444904 ----a-wc:\program files\Common Files\Ad
    obe\OOBE\PDApp\UWA\updaterstartuputility.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemo
    n]
    2013-01-28 18:08
    59720 ----a-wc:\program files\Common Files\Ap
    ple\Apple Application Support\APSDaemon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
    2012-02-02 15:55
    3209216 ----a-wc:\program files\Ares\Ares.exe

    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDT
    ray]
    2006-09-28 19:21
    57344 ----a-wc:\program files\SlySoft\CloneCD
    \CloneCDTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DF Manag
    er]
    2010-06-23 17:31
    2068992 ----a-wc:\program files\DepositFiles\DF
    Manager\DFManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook
    Update]
    2012-07-11 23:20
    138096 ----atwc:\users\Planeacion\AppData\Loca
    l\Facebook\Update\FacebookUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Laser
    Jet Professional M1530 MFP Series Fax]
    2010-04-09 20:09
    2460472 ------wc:\program files\HP\HP LaserJet
    Professional M1530 MFP Series\Fax Driver\hppfaxprintersrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHe
    lper]
    2013-02-20 17:35
    152392 ----a-wc:\program files\iTunes\iTunesHe
    lper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR
    ]
    2013-03-28 09:32
    1106288 ----a-wc:\program files\Samsung\Kies\Ex
    ternal\FirmwareUpdate\KiesPDLR.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPrel
    oad]
    2013-03-28 09:32
    1511792 ----a-wc:\program files\Samsung\Kies\Ki
    es.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTray
    Agent]
    2013-03-28 09:32
    310640 ----a-wc:\program files\Samsung\Kies\Ki
    esTrayAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScr
    ibe Control Panel]
    2009-06-17 17:13
    2363392 ----a-wc:\program files\Common Files\Li
    ghtScribe\LightScribeControlPanel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyGarmin
    Agent]
    2010-03-16 14:36
    337256 ----a-wc:\program files\Garmin\MyGarmin
    Agent\myGarminAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
    2010-03-26 15:52
    1234216 ----a-wc:\program files\Nero\Nero 10\Ne
    ro BackItUp\NBAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSui
    te.exe]
    2012-05-16 12:44
    1084840 ----a-wc:\program files\Nokia\Nokia Sui
    te\NokiaSuite.exe
    .

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9Lan
    guageShortcut]
    2008-10-14 01:41
    50472 ------wc:\program files\CyberLink\Power
    DVD9\Language\Language.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteCo
    ntrol9]
    2009-02-16 14:55
    87336 ------wc:\program files\CyberLink\Power
    DVD9\PDVD9Serv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLau
    nchAgent.exe]
    2013-01-17 21:08
    267792 ----a-wc:\program files\Common Files\Re
    search In Motion\USB Drivers\RIMBBLaunchAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2013-01-08 17:58
    18708224
    ----a-rc:\program files\Skype\P
    hone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellEx
    e]
    2012-11-15 15:05
    296096 ----a-wc:\program files\Real\RealPlayer
    \Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolboxF
    X]
    2010-04-16 16:32
    58936 ----a-wc:\program files\HP\ToolboxFX\bi
    n\HPTLBXFX.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiV
    irus]
    "DisableMonitoring"=dword:00000001
    .
    R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C S
    ervice\c2c_service.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32
    \Drivers\ssadadb.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windo
    ws\system32\DRIVERS\ssudbus.sys [x]
    R3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [x]
    R3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [x]
    R3 hid8103;hid8103;c:\windows\system32\drivers\hid8103.sys [x]
    R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu
    .sys [x]
    R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sy
    s [x]
    R3 OracleClientCache80;OracleClientCache80;c:\orant6i\BIN\ONRSD80.EXE [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\dri
    vers\rdpvideominiport.sys [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32
    \DRIVERS\ssadbus.sys [x]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadm
    dfl.sys [x]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm
    .sys [x]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32
    \DRIVERS\ssadserd.sys [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\
    DRIVERS\ssudmdm.sys [x]

    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Servicio de tecnologas de activacin de Windows;c:\windows\system32\
    Wat\WatAdminSvc.exe [x]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sy
    s [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\a
    tiesrxx.exe [x]
    S2 DLPortIO;DriverLINX Port I/O Driver; [x]
    S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [x]
    S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService
    \HPLaserJetService.exe [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
    S2 klnagent;Agente de red de Kaspersky Lab;c:\program files\Kaspersky Lab\Networ
    kAgent 8\klnagent.exe [x]
    S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [x]
    S2 PhoneMyPC_Helper;PhoneMyPC_Helper;c:\program files\SoftwareForMe Inc\PhoneMyP
    C\PhoneMyPC_Helper.exe [x]
    S2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSI9BF6.tmp [x
    ]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
    S2 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Spla
    shtop Software Updater\SSUService.exe [x]
    S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Serv
    ice.exe [x]
    S2 Xerox MFP Fax Server;Xerox MFP Fax Server;c:\windows\system32\spool\drivers\w
    32x86\3\XrxFaxServer.exe [x]
    S3 Blackberry Device Manager;Blackberry Device Manager;c:\program files\Common F
    iles\Research In Motion\USB Drivers\BbDevMgr.exe [x]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    .
    .
    --- Other Services/Drivers In Memory --.
    *NewlyCreated* - FSUSBEXDISK
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ
    SSDPSRV upnphost SCardSvr TBS fd
    respub AppIDSvc QWAVE wcncsvc SensrSvc
    HPZ12 REG_MULTI_SZ
    Pml Driver HPZ12 Net Driver HPZ12
    GPSvcGroup
    REG_MULTI_SZ
    GPSvc
    iissvcs REG_MULTI_SZ
    w3svc was
    apphost REG_MULTI_SZ
    apphostsvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - Local
    Service
    FontCache
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D
    85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 17:11
    451872 ----a-wc:\program files\Common Files\Li
    ghtScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D3

    45-D564-463c-AFF1-A69D9E530F96}]
    2013-04-10 20:33
    1642448 ----a-wc:\program files\Google\Chrome\A
    pplication\26.0.1410.64\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-04-18 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 20
    :27]
    .
    2013-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3251087407-5187487571599405275-1001Core.job
    - c:\users\Planeacion\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-1129 23:20]
    .
    2013-04-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3251087407-5187487571599405275-1001UA.job
    - c:\users\Planeacion\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-1129 23:20]
    .
    2013-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-10 15:57]
    .
    2013-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-02-10 15:57]
    .
    2013-04-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3251087407-518748757-15
    99405275-1001Core.job
    - c:\users\Planeacion\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-01 2
    0:34]
    .
    2013-04-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3251087407-518748757-15
    99405275-1001UA.job
    - c:\users\Planeacion\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-01 2
    0:34]
    .
    .
    ------- Supplementary Scan ------.
    uStart Page = hxxp://www.google.com.co/
    mStart Page = hxxp://www.bigseekpro.com/virtualwifirouter18/{497215B7-C483-48578CFE-6A590D6FC859}
    IE: &Enviar a OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Agregar al componente Anti-Banners - c:\program files\Kaspersky Lab\Kaspersk
    y Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm
    IE: Descargar con IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: Descargar con IDM todos los enlaces - c:\program files\Internet Download Ma
    nager\IEGetAll.htm
    IE: Descargar con Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
    IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9B2AF9CD-75E0-47AE-A98D-4281AA38AABA}: NameServer = 200.24.7.3,
    200.24.7.20
    FF - ProfilePath - c:\users\Planeacion\AppData\Roaming\Mozilla\Firefox\Profiles\
    momvsyul.default-1346251290608\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.com.co
    FF - ExtSQL: 2013-02-25 15:04; firefox@mega.co.nz; c:\users\Planeacion\AppData\R
    oaming\Mozilla\Firefox\Profiles\momvsyul.default-1346251290608\extensions\firefo
    x@mega.co.nz.xpi

    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/


    ?babsrc=TB_def&mntrId=d0e92ac50000000000000617c4b308c0&q=
    FF - user.js: extensions.BabylonToolbar.id - d0e92ac50000000000000617c4b308c0
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92D
    D98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15686
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.4.9
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.4.9
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.4.910:16
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar_i.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112842&tt=111212_kwno
    bl_5012_5
    FF - user.js: extensions.BabylonToolbar_i.babExt FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar.rvrt - false
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPDFReadSpool]
    "ImagePath"="c:\windows\Installer\MSI9BF6.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS --------------------.
    [HKEY_USERS\S-1-5-21-3251087407-518748757-1599405275-1001_Classes\CLSID\{014078e
    a-fabd-487d-87d8-d582fa1d8ac8}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:000000be
    "Therad"=dword:0000001b
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_USERS\S-1-5-21-3251087407-518748757-1599405275-1001_Classes\CLSID\{7B8E916
    4-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):bb,cb,41,7a,d4,2c,3b,fc,3f,41,10,a2,1a,78,82,46,a6,7d,75,dd,d3,
    aa,12,76,f7,bc,5a,59,e1,c8,50,a0,b7,0b,03,a9,52,69,81,af,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
    }]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602
    _180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
    }\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66

    }\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
    }\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
    9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
    9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
    9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-04-18 09:06:28
    ComboFix-quarantined-files.txt 2013-04-18 14:06
    ComboFix2.txt 2013-04-11 21:03
    .
    Pre-Run: 36,622,245,888 bytes libres
    Post-Run: 36,727,930,880 bytes libres
    .
    - - End Of File - - 0DDA137305E6C561776C78541441C2E3

    You might also like