ComputerForum.com ComputerForum.com  

Go Back   Computer Forum > Computer Software > Computer Security

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
Old 08-28-2012, 03:04 PM   #1
Gigabyte Member
 
Join Date: Apr 2010
Posts: 1,104
Default A question about the Combofix report.

Hi all,

Can someone tell me in Combofix report. one section it said locked registry Keys. is combofix locked those keys or is combofix found these keys are locked by other program or virus maybe.?

Thank you.
paulcheung is offline   Reply With Quote
Sponsored Links
Old 08-28-2012, 06:38 PM   #2
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: somewhere out there
Age: 44
Posts: 29,971
Default

Most of the locked keys are nothing to worry about as they are usually from flash player. I would have to loon at the log to determine if anything needs to be done. Some locked keys come from malware.
johnb35 is offline   Reply With Quote
Old 08-28-2012, 10:30 PM   #3
Gigabyte Member
 
Join Date: Apr 2010
Posts: 1,104
Default

Thank you John,
Here is the latest one.

ComboFix 12-08-25.04 - Kencheung 08/28/2012 16:04:55.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3966.2852 [GMT -5:00]
Running from: c:\users\Fayannie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-28 )))))))))))))))))))))))))))))))
.
.
2012-08-28 21:10 . 2012-08-28 21:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-26 21:00 . 2012-08-26 23:37 -------- d-----w- c:\program files\Google
2012-08-24 14:56 . 2012-08-24 14:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-24 14:55 . 2012-08-24 14:54 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-24 14:55 . 2012-08-24 14:54 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-24 14:55 . 2012-08-24 14:54 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-24 14:54 . 2012-08-24 14:54 -------- d-----w- c:\program files (x86)\Java
2012-08-23 20:37 . 2012-08-23 20:37 -------- d-----w- c:\program files (x86)\VideoLAN
2012-08-23 20:29 . 1998-07-31 22:00 65024 ----a-w- c:\windows\Icg32.dll
2012-08-23 20:28 . 1997-08-26 17:06 315904 ----a-w- c:\windows\IsUninst.exe
2012-08-23 20:25 . 2012-08-23 20:25 -------- d-----w- C:\pciii
2012-08-23 20:25 . 2012-08-23 20:25 -------- d-----w- C:\payroll
2012-08-23 20:24 . 2012-08-27 15:07 -------- d-----w- c:\windows\AutoKMS
2012-08-23 20:22 . 2012-08-23 20:22 -------- d-----w- c:\program files (x86)\ImgBurn
2012-08-23 20:06 . 2012-08-23 20:06 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-08-23 20:06 . 2012-08-23 20:06 -------- d-----w- c:\windows\PCHEALTH
2012-08-23 20:06 . 2012-08-23 20:06 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-08-23 20:06 . 2012-08-23 20:06 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-08-23 20:04 . 2012-08-23 20:04 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-08-23 20:04 . 2012-08-23 20:04 -------- d-----w- c:\program files\Microsoft Office
2012-08-23 20:02 . 2012-08-23 20:02 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-08-23 20:01 . 2012-08-23 20:15 -------- d-----w- c:\programdata\Microsoft Help
2012-08-23 20:00 . 2012-08-23 20:00 -------- d-----r- C:\MSOCache
2012-08-23 19:39 . 2012-08-23 19:45 -------- d-----w- c:\programdata\Nero
2012-08-23 19:38 . 2012-08-23 19:39 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-08-23 19:38 . 2012-08-23 19:45 -------- d-----w- c:\program files (x86)\Nero
2012-08-23 19:37 . 2012-08-23 16:46 -------- d-----w- c:\windows\Panther
2012-08-23 19:32 . 2012-08-23 19:58 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-08-23 19:32 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-08-23 19:32 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-08-23 19:31 . 2008-10-15 11:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-08-23 19:31 . 2007-07-19 23:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2012-08-23 19:30 . 2007-05-16 21:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2012-08-23 19:28 . 2012-08-23 19:28 -------- d-----w- c:\program files\Common Files\Intuit
2012-08-23 19:24 . 2009-06-22 14:14 4194304 ----a-w- c:\windows\SysWow64\cdintf400.dll
2012-08-23 19:23 . 2012-08-23 20:29 -------- d-----w- c:\program files (x86)\Intuit
2012-08-23 19:23 . 2012-08-23 19:34 -------- d-----w- c:\programdata\Intuit
2012-08-23 19:23 . 2012-08-23 19:23 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-08-23 19:23 . 2012-08-23 19:23 -------- d-----w- c:\programdata\Nuance
2012-08-23 19:22 . 2012-08-23 19:22 -------- d-----w- c:\programdata\SQL Anywhere 11
2012-08-23 19:22 . 2012-08-23 19:22 -------- d-----w- c:\programdata\COMMON FILES
2012-08-23 19:22 . 2012-08-26 17:29 -------- d-----w- c:\windows\SysWow64\Macromed
2012-08-23 19:22 . 2012-08-23 19:22 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-08-23 19:21 . 2012-08-23 20:29 -------- d-----w- c:\windows\Intuit
2012-08-23 19:19 . 2012-08-23 19:19 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-08-23 19:14 . 2012-08-23 19:16 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-08-23 19:08 . 2012-08-24 05:02 -------- d-----w- C:\lotus
2012-08-23 19:07 . 2009-02-24 23:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2012-08-23 19:07 . 2009-02-24 23:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-08-23 19:07 . 2012-08-23 19:08 -------- d-----w- c:\program files (x86)\MagicDisc
2012-08-23 19:07 . 2012-08-23 19:07 -------- d-----w- c:\program files (x86)\MagicISO
2012-08-23 17:28 . 2012-08-20 06:53 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C391E945-9208-43E0-8939-93F65DEF8FC5}\mpengine.dll
2012-08-23 17:25 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-23 17:25 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-23 17:25 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 17:25 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-23 17:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-23 17:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-08-23 17:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-08-23 17:23 . 2012-08-03 09:27 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-23 17:21 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-08-23 17:20 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-08-23 17:20 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 17:20 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-23 17:20 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-23 17:14 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-08-23 17:14 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-08-23 17:09 . 2012-08-27 15:09 -------- d-----w- c:\users\Kencheung
2012-08-23 16:57 . 2012-08-23 16:57 -------- d-----w- c:\programdata\ATI
2012-08-23 16:56 . 2012-08-23 16:56 0 ----a-w- c:\windows\ativpsrm.bin
2012-08-23 16:53 . 2012-08-23 16:55 -------- d-----w- c:\program files\ATI Technologies
2012-08-23 16:53 . 2012-08-23 16:53 -------- d-----w- c:\program files\ATI
2012-08-23 16:51 . 2012-08-23 16:51 -------- d-----w- c:\program files (x86)\InstallShield Installation Information
2012-08-23 16:51 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-08-23 16:51 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-08-23 16:51 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-08-23 16:51 . 2012-08-23 16:51 -------- d-----w- c:\windows\tiinst
2012-08-23 16:50 . 2012-08-28 14:25 -------- d-sh--w- c:\windows\Installer
2012-08-23 16:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-23 16:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-23 16:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-08-23 16:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-08-23 16:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-08-23 16:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-08-23 16:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-08-23 16:47 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-23 16:47 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-08-23 16:46 . 2012-08-27 15:07 -------- d-----w- c:\users\Fayannie
2012-08-23 16:46 . 2012-08-23 16:46 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-05-31 17:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-27_19.11.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-27 19:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-28 21:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-27 19:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-28 21:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-27 19:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-07-14 04:54 . 2012-08-28 21:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2010-11-21 03:09 . 2012-08-28 15:48 22650 c:\windows\system32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-28 15:48 36512 c:\windows\system32\wdi\BootPerformanceDiagnostics _SystemData.bin
+ 2012-08-23 18:43 . 2012-08-28 20:57 16384 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-23 18:43 . 2012-08-27 15:12 16384 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-23 18:43 . 2012-08-27 15:12 32768 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-08-23 18:43 . 2012-08-28 20:57 32768 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-28 20:57 16384 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-07-14 04:54 . 2012-08-27 15:12 16384 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2012-08-23 19:06 . 2012-08-28 15:36 3794 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2181937301-3688011938-356138974-1003_UserData.bin
+ 2012-08-23 16:58 . 2012-08-28 15:48 5540 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2181937301-3688011938-356138974-1000_UserData.bin
- 2012-08-27 19:08 . 2012-08-27 19:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2012-08-28 21:11 . 2012-08-28 21:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2012-08-28 21:11 . 2012-08-28 21:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2012-08-27 19:08 . 2012-08-27 19:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2012-08-28 14:25 . 2012-08-28 14:25 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 2_202_235_ActiveX.exe
+ 2012-08-28 14:25 . 2012-08-28 14:25 424096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 2_202_235_ActiveX.dll
+ 2012-08-28 14:25 . 2012-08-28 14:25 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
+ 2012-08-28 14:25 . 2012-08-28 14:25 419488 c:\windows\SysWOW64\FlashPlayerApp.exe
- 2009-07-14 02:36 . 2012-08-27 18:21 659818 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-28 15:51 659818 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-27 18:21 120714 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-28 15:51 120714 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:46 . 2012-08-28 15:46 131232 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\SoftwareProtectionPlatform\Cache \cache.dat
- 2009-07-14 04:46 . 2012-08-23 22:02 131232 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\SoftwareProtectionPlatform\Cache \cache.dat
+ 2009-07-14 05:01 . 2012-08-28 21:10 398020 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-27 19:07 398020 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
- 2012-08-23 19:33 . 2012-08-26 22:42 795764 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-2181937301-3688011938-356138974-1003-12288.dat
+ 2012-08-23 19:33 . 2012-08-28 15:33 795764 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-2181937301-3688011938-356138974-1003-12288.dat
- 2009-07-14 04:45 . 2012-08-23 20:20 7087352 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\SoftwareProtectionPlatform\token s.dat
+ 2009-07-14 04:45 . 2012-08-28 15:34 7087352 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\SoftwareProtectionPlatform\token s.dat
+ 2012-08-25 00:35 . 2012-08-28 21:10 1632268 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-2181937301-3688011938-356138974-1000-8192.dat
+ 2011-04-16 13:44 . 2011-04-16 13:44 2770944 c:\windows\Installer\2e96b0.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\users\Kencheung\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-8-23 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPl ayerUpdateService.exe [2012-08-28 257696]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\ synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsus bhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2012-08-21 71600]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-02-18 462632]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-08-28 14:25]
.
2012-08-28 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-08-23 20:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 65.183.0.76 65.183.0.86
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPl ugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPl ugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPl ugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPl ugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
.
************************************************** ************************
.
Completion time: 2012-08-28 16:17:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-28 21:17
ComboFix2.txt 2012-08-28 15:39
ComboFix3.txt 2012-08-27 19:15
.
Pre-Run: 25,379,110,912 bytes free
Post-Run: 25,292,861,440 bytes free
.
- - End Of File - - DBDB0854C14F3A0AB405EC921DFEA13D
paulcheung is offline   Reply With Quote
Old 08-28-2012, 10:32 PM   #4
Gigabyte Member
 
Join Date: Apr 2010
Posts: 1,104
Default

This is one from yesterday

ComboFix 12-08-25.04 - Kencheung 08/27/2012 14:01:49.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3966.2852 [GMT -5:00]
Running from: c:\users\Fayannie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))
.
.
2012-08-26 21:00 . 2012-08-26 23:37 -------- d-----w- c:\program files\Google
2012-08-26 20:58 . 2012-08-27 15:09 -------- d-----w- c:\program files (x86)\Google
2012-08-24 14:56 . 2012-08-24 14:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-24 14:55 . 2012-08-24 14:54 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-24 14:55 . 2012-08-24 14:54 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-24 14:55 . 2012-08-24 14:54 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-24 14:54 . 2012-08-24 14:54 -------- d-----w- c:\program files (x86)\Java
2012-08-23 20:37 . 2012-08-23 20:37 -------- d-----w- c:\program files (x86)\VideoLAN
2012-08-23 20:29 . 1998-07-31 22:00 65024 ----a-w- c:\windows\Icg32.dll
2012-08-23 20:28 . 1997-08-26 17:06 315904 ----a-w- c:\windows\IsUninst.exe
2012-08-23 20:25 . 2012-08-23 20:25 -------- d-----w- C:\pciii
2012-08-23 20:25 . 2012-08-23 20:25 -------- d-----w- C:\payroll
2012-08-23 20:24 . 2012-08-27 15:07 -------- d-----w- c:\windows\AutoKMS
2012-08-23 20:22 . 2012-08-23 20:22 -------- d-----w- c:\program files (x86)\ImgBurn
2012-08-23 20:06 . 2012-08-23 20:06 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-08-23 20:06 . 2012-08-23 20:06 -------- d-----w- c:\windows\PCHEALTH
2012-08-23 20:06 . 2012-08-23 20:06 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-08-23 20:06 . 2012-08-23 20:06 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-08-23 20:04 . 2012-08-23 20:04 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-08-23 20:04 . 2012-08-23 20:04 -------- d-----w- c:\program files\Microsoft Office
2012-08-23 20:02 . 2012-08-23 20:02 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-08-23 20:01 . 2012-08-23 20:15 -------- d-----w- c:\programdata\Microsoft Help
2012-08-23 20:00 . 2012-08-23 20:00 -------- d-----r- C:\MSOCache
2012-08-23 19:39 . 2012-08-23 19:45 -------- d-----w- c:\programdata\Nero
2012-08-23 19:38 . 2012-08-23 19:39 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-08-23 19:38 . 2012-08-23 19:45 -------- d-----w- c:\program files (x86)\Nero
2012-08-23 19:37 . 2012-08-23 16:46 -------- d-----w- c:\windows\Panther
2012-08-23 19:32 . 2012-08-23 19:58 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-08-23 19:32 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-08-23 19:32 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-08-23 19:31 . 2008-10-15 11:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-08-23 19:31 . 2007-07-19 23:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2012-08-23 19:30 . 2007-05-16 21:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2012-08-23 19:28 . 2012-08-23 19:28 -------- d-----w- c:\program files\Common Files\Intuit
2012-08-23 19:24 . 2009-06-22 14:14 4194304 ----a-w- c:\windows\SysWow64\cdintf400.dll
2012-08-23 19:23 . 2012-08-23 20:29 -------- d-----w- c:\program files (x86)\Intuit
2012-08-23 19:23 . 2012-08-23 19:34 -------- d-----w- c:\programdata\Intuit
2012-08-23 19:23 . 2012-08-23 19:23 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-08-23 19:23 . 2012-08-23 19:23 -------- d-----w- c:\programdata\Nuance
2012-08-23 19:22 . 2012-08-23 19:22 -------- d-----w- c:\programdata\SQL Anywhere 11
2012-08-23 19:22 . 2012-08-23 19:22 -------- d-----w- c:\programdata\COMMON FILES
2012-08-23 19:22 . 2012-08-26 17:29 -------- d-----w- c:\windows\SysWow64\Macromed
2012-08-23 19:22 . 2012-08-23 19:22 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-08-23 19:21 . 2012-08-23 20:29 -------- d-----w- c:\windows\Intuit
2012-08-23 19:19 . 2012-08-23 19:19 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-08-23 19:14 . 2012-08-23 19:16 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-08-23 19:08 . 2012-08-24 05:02 -------- d-----w- C:\lotus
2012-08-23 19:07 . 2009-02-24 23:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2012-08-23 19:07 . 2009-02-24 23:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-08-23 19:07 . 2012-08-23 19:08 -------- d-----w- c:\program files (x86)\MagicDisc
2012-08-23 19:07 . 2012-08-23 19:07 -------- d-----w- c:\program files (x86)\MagicISO
2012-08-23 17:28 . 2012-08-20 06:53 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C391E945-9208-43E0-8939-93F65DEF8FC5}\mpengine.dll
2012-08-23 17:25 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-23 17:25 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-23 17:25 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 17:25 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-23 17:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-23 17:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-08-23 17:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-08-23 17:23 . 2012-08-03 09:27 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-23 17:21 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-08-23 17:20 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-08-23 17:20 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 17:20 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-23 17:20 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-23 17:14 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-08-23 17:14 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-08-23 17:09 . 2012-08-27 15:09 -------- d-----w- c:\users\Kencheung
2012-08-23 16:57 . 2012-08-23 16:57 -------- d-----w- c:\programdata\ATI
2012-08-23 16:56 . 2012-08-23 16:56 0 ----a-w- c:\windows\ativpsrm.bin
2012-08-23 16:53 . 2012-08-23 16:55 -------- d-----w- c:\program files\ATI Technologies
2012-08-23 16:53 . 2012-08-23 16:53 -------- d-----w- c:\program files\ATI
2012-08-23 16:51 . 2012-08-23 16:51 -------- d-----w- c:\program files (x86)\InstallShield Installation Information
2012-08-23 16:51 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-08-23 16:51 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-08-23 16:51 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-08-23 16:51 . 2012-08-23 16:51 -------- d-----w- c:\windows\tiinst
2012-08-23 16:50 . 2012-08-27 15:09 -------- d-sh--w- c:\windows\Installer
2012-08-23 16:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-23 16:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-23 16:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-08-23 16:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-08-23 16:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-08-23 16:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-08-23 16:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-08-23 16:47 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-23 16:47 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-08-23 16:46 . 2012-08-27 15:07 -------- d-----w- c:\users\Fayannie
2012-08-23 16:46 . 2012-08-23 16:46 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-05-31 17:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\users\Kencheung\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-8-23 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\ synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsus bhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2012-08-21 71600]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-02-18 462632]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-27 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-08-23 20:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 65.183.0.76 65.183.0.86
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUt il10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10 c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPl ugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPl ugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPl ugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPl ugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
.
************************************************** ************************
.
Completion time: 2012-08-27 14:15:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-27 19:15
.
Pre-Run: 24,591,638,528 bytes free
Post-Run: 25,557,856,256 bytes free
.
- - End Of File - - 4B617EB7762F3A607ED847BE3BBFC46A
paulcheung is offline   Reply With Quote
Old 08-28-2012, 10:51 PM   #5
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: somewhere out there
Age: 44
Posts: 29,971
Default

Everything is fine except for 2 of them.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Code:
Reglock::

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!




ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.
johnb35 is offline   Reply With Quote
Old 08-28-2012, 11:36 PM   #6
Gigabyte Member
 
Join Date: Apr 2010
Posts: 1,104
Default

ComboFix 12-08-25.04 - Kencheung 08/28/2012 17:14:16.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3966.2932 [GMT -5:00]
Running from: c:\users\Kencheung\Desktop\ComboFix.exe
Command switches used :: c:\users\Kencheung\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-28 )))))))))))))))))))))))))))))))
.
.
2012-08-28 22:19 . 2012-08-28 22:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-28 14:25 . 2012-08-28 14:25 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-28 14:25 . 2012-08-28 14:25 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-26 21:00 . 2012-08-26 23:37 -------- d-----w- c:\program files\Google
2012-08-24 14:56 . 2012-08-24 14:56 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-24 14:55 . 2012-08-24 14:54 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-24 14:55 . 2012-08-24 14:54 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-24 14:55 . 2012-08-24 14:54 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-24 14:54 . 2012-08-24 14:54 -------- d-----w- c:\program files (x86)\Java
2012-08-23 20:37 . 2012-08-23 20:37 -------- d-----w- c:\program files (x86)\VideoLAN
2012-08-23 20:29 . 1998-07-31 22:00 65024 ----a-w- c:\windows\Icg32.dll
2012-08-23 20:28 . 1997-08-26 17:06 315904 ----a-w- c:\windows\IsUninst.exe
2012-08-23 20:25 . 2012-08-23 20:25 -------- d-----w- C:\pciii
2012-08-23 20:25 . 2012-08-23 20:25 -------- d-----w- C:\payroll
2012-08-23 20:24 . 2012-08-27 15:07 -------- d-----w- c:\windows\AutoKMS
2012-08-23 20:22 . 2012-08-23 20:22 -------- d-----w- c:\program files (x86)\ImgBurn
2012-08-23 20:06 . 2012-08-23 20:06 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-08-23 20:06 . 2012-08-23 20:06 -------- d-----w- c:\windows\PCHEALTH
2012-08-23 20:06 . 2012-08-23 20:06 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-08-23 20:06 . 2012-08-23 20:06 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-08-23 20:04 . 2012-08-23 20:04 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-08-23 20:04 . 2012-08-23 20:04 -------- d-----w- c:\program files\Microsoft Office
2012-08-23 20:02 . 2012-08-23 20:02 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-08-23 20:01 . 2012-08-23 20:15 -------- d-----w- c:\programdata\Microsoft Help
2012-08-23 20:00 . 2012-08-23 20:00 -------- d-----r- C:\MSOCache
2012-08-23 19:39 . 2012-08-23 19:45 -------- d-----w- c:\programdata\Nero
2012-08-23 19:38 . 2012-08-23 19:39 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-08-23 19:38 . 2012-08-23 19:45 -------- d-----w- c:\program files (x86)\Nero
2012-08-23 19:37 . 2012-08-23 16:46 -------- d-----w- c:\windows\Panther
2012-08-23 19:32 . 2012-08-23 19:58 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-08-23 19:32 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-08-23 19:32 . 2009-09-04 22:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-08-23 19:31 . 2008-10-15 11:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-08-23 19:31 . 2007-07-19 23:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2012-08-23 19:30 . 2007-05-16 21:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2012-08-23 19:28 . 2012-08-23 19:28 -------- d-----w- c:\program files\Common Files\Intuit
2012-08-23 19:24 . 2009-06-22 14:14 4194304 ----a-w- c:\windows\SysWow64\cdintf400.dll
2012-08-23 19:23 . 2012-08-23 20:29 -------- d-----w- c:\program files (x86)\Intuit
2012-08-23 19:23 . 2012-08-23 19:34 -------- d-----w- c:\programdata\Intuit
2012-08-23 19:23 . 2012-08-23 19:23 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-08-23 19:23 . 2012-08-23 19:23 -------- d-----w- c:\programdata\Nuance
2012-08-23 19:22 . 2012-08-23 19:22 -------- d-----w- c:\programdata\SQL Anywhere 11
2012-08-23 19:22 . 2012-08-23 19:22 -------- d-----w- c:\programdata\COMMON FILES
2012-08-23 19:22 . 2012-08-26 17:29 -------- d-----w- c:\windows\SysWow64\Macromed
2012-08-23 19:22 . 2012-08-23 19:22 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-08-23 19:21 . 2012-08-23 20:29 -------- d-----w- c:\windows\Intuit
2012-08-23 19:19 . 2012-08-23 19:19 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-08-23 19:14 . 2012-08-23 19:16 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-08-23 19:08 . 2012-08-24 05:02 -------- d-----w- C:\lotus
2012-08-23 19:07 . 2009-02-24 23:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2012-08-23 19:07 . 2009-02-24 23:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-08-23 19:07 . 2012-08-23 19:08 -------- d-----w- c:\program files (x86)\MagicDisc
2012-08-23 19:07 . 2012-08-23 19:07 -------- d-----w- c:\program files (x86)\MagicISO
2012-08-23 17:28 . 2012-08-20 06:53 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C391E945-9208-43E0-8939-93F65DEF8FC5}\mpengine.dll
2012-08-23 17:25 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-08-23 17:25 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-08-23 17:25 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 17:25 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-08-23 17:25 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-23 17:25 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-08-23 17:25 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-08-23 17:23 . 2012-08-03 09:27 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-08-23 17:21 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-08-23 17:20 . 2011-02-12 11:34 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-08-23 17:20 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 17:20 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-23 17:20 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-23 17:14 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-08-23 17:14 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-08-23 17:09 . 2012-08-27 15:09 -------- d-----w- c:\users\Kencheung
2012-08-23 16:57 . 2012-08-23 16:57 -------- d-----w- c:\programdata\ATI
2012-08-23 16:56 . 2012-08-23 16:56 0 ----a-w- c:\windows\ativpsrm.bin
2012-08-23 16:53 . 2012-08-23 16:55 -------- d-----w- c:\program files\ATI Technologies
2012-08-23 16:53 . 2012-08-23 16:53 -------- d-----w- c:\program files\ATI
2012-08-23 16:51 . 2012-08-23 16:51 -------- d-----w- c:\program files (x86)\InstallShield Installation Information
2012-08-23 16:51 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-08-23 16:51 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-08-23 16:51 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-08-23 16:51 . 2012-08-23 16:51 -------- d-----w- c:\windows\tiinst
2012-08-23 16:50 . 2012-08-28 14:25 -------- d-sh--w- c:\windows\Installer
2012-08-23 16:47 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-23 16:47 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-23 16:47 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-08-23 16:47 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-08-23 16:47 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-08-23 16:47 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-08-23 16:47 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-08-23 16:47 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-23 16:47 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-08-23 16:46 . 2012-08-27 15:07 -------- d-----w- c:\users\Fayannie
2012-08-23 16:46 . 2012-08-23 16:46 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-05-31 17:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-27_19.11.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-27 19:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-28 22:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-27 19:09 32768 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-28 22:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-27 19:09 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-07-14 04:54 . 2012-08-28 22:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2010-11-21 03:09 . 2012-08-28 22:04 22864 c:\windows\system32\wdi\ShutdownPerformanceDiagnos tics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-28 22:04 36616 c:\windows\system32\wdi\BootPerformanceDiagnostics _SystemData.bin
+ 2012-08-23 18:43 . 2012-08-28 21:27 16384 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-23 18:43 . 2012-08-27 15:12 16384 c:\windows\system32\config\systemprofile\AppData\R oaming\Microsoft\Windows\Cookies\index.dat
- 2012-08-23 18:43 . 2012-08-27 15:12 32768 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-08-23 18:43 . 2012-08-28 21:27 32768 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-28 21:27 16384 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
- 2009-07-14 04:54 . 2012-08-27 15:12 16384 c:\windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\History\History.IE5\index.d at
+ 2012-08-23 19:06 . 2012-08-28 22:04 4022 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2181937301-3688011938-356138974-1003_UserData.bin
+ 2012-08-23 16:58 . 2012-08-28 21:25 5588 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2181937301-3688011938-356138974-1000_UserData.bin
- 2012-08-27 19:08 . 2012-08-27 19:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2012-08-28 22:20 . 2012-08-28 22:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat
+ 2012-08-28 22:20 . 2012-08-28 22:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
- 2012-08-27 19:08 . 2012-08-27 19:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat
+ 2012-08-28 14:25 . 2012-08-28 14:25 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 2_202_235_ActiveX.exe
+ 2012-08-28 14:25 . 2012-08-28 14:25 424096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_ 2_202_235_ActiveX.dll
+ 2012-08-28 14:25 . 2012-08-28 14:25 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
- 2009-07-14 02:36 . 2012-08-27 18:21 659818 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-28 22:07 659818 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-27 18:21 120714 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-28 22:07 120714 c:\windows\system32\perfc009.dat
- 2009-07-14 04:46 . 2012-08-23 22:02 131232 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\SoftwareProtectionPlatform\Cache \cache.dat
+ 2009-07-14 04:46 . 2012-08-28 15:46 131232 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\SoftwareProtectionPlatform\Cache \cache.dat
+ 2009-07-14 05:01 . 2012-08-28 22:20 398020 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-27 19:07 398020 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-System.dat
- 2012-08-23 19:33 . 2012-08-26 22:42 795764 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-2181937301-3688011938-356138974-1003-12288.dat
+ 2012-08-23 19:33 . 2012-08-28 15:33 795764 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-2181937301-3688011938-356138974-1003-12288.dat
- 2009-07-14 04:45 . 2012-08-23 20:20 7087352 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\SoftwareProtectionPlatform\token s.dat
+ 2009-07-14 04:45 . 2012-08-28 15:34 7087352 c:\windows\ServiceProfiles\NetworkService\AppData\ Roaming\Microsoft\SoftwareProtectionPlatform\token s.dat
+ 2012-08-23 21:46 . 2012-08-28 22:20 1065316 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-2181937301-3688011938-356138974-1003-8192.dat
+ 2012-08-25 00:35 . 2012-08-28 22:02 1632268 c:\windows\ServiceProfiles\LocalService\AppData\Lo cal\FontCache-S-1-5-21-2181937301-3688011938-356138974-1000-8192.dat
+ 2011-04-16 13:44 . 2011-04-16 13:44 2770944 c:\windows\Installer\2e96b0.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
c:\users\Kencheung\AppData\Roaming\Microsoft\Windo ws\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-8-23 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPl ayerUpdateService.exe [2012-08-28 257696]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-12-28 31124344]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\ synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsus bhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\as wMonFlt.sys [2012-08-21 71600]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-02-18 462632]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-08-28 14:25]
.
2012-08-28 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-08-23 20:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\00 avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 65.183.0.76 65.183.0.86
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPl ugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPl ugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPl ugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPl ugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
.
************************************************** ************************
.
Completion time: 2012-08-28 17:25:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-28 22:25
ComboFix2.txt 2012-08-28 21:17
ComboFix3.txt 2012-08-28 15:39
ComboFix4.txt 2012-08-27 19:15
.
Pre-Run: 25,371,455,488 bytes free
Post-Run: 25,019,043,840 bytes free
.
- - End Of File - - 5549451F5FF66341D35A22DCBC9897CE
paulcheung is offline   Reply With Quote
Old 08-29-2012, 01:18 AM   #7
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: somewhere out there
Age: 44
Posts: 29,971
Default

You are good to go now.
johnb35 is offline   Reply With Quote
Old 08-29-2012, 03:31 AM   #8
Gigabyte Member
 
Join Date: Apr 2010
Posts: 1,104
Default

Thank you John,
Do you have any idea which or what program cause that issue. my partner went to Facebook and I installed yahoo Messenger and went there. could these two place cause it or they have nothing to do with it?
Thank you again
paulcheung is offline   Reply With Quote
Old 08-29-2012, 03:46 AM   #9
Malware and Spam Assassin

 
johnb35's Avatar
 
Join Date: Sep 2005
Location: somewhere out there
Age: 44
Posts: 29,971
Default

Nothing to do with it. Those 2 entries usually appear when you have had a decent infection.
johnb35 is offline   Reply With Quote
Old 08-29-2012, 04:58 AM   #10
Gigabyte Member
 
Join Date: Apr 2010
Posts: 1,104
Default

Ok Thank you.
paulcheung is offline   Reply With Quote

Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Gateway nv53a Freezes acoers Laptops, Tablets and Smartphones 66 09-19-2012 03:43 AM
Something's Slowing My PC Down dominicb Computer Security 6 06-25-2012 07:06 AM
mbam & hijackthis logs zombine210 Computer Security 24 06-11-2012 06:29 AM
Is it time for a new laptop? Jkoepke Laptops, Tablets and Smartphones 10 05-19-2012 07:44 PM
Cleaning Up a Computer IknowLITTLE Computer Security 8 12-05-2011 09:54 PM


All times are GMT +1. The time now is 04:46 AM.


Powered by: vBulletin Version 3.8.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright © 2002-2014 Computer Forum