API tools faq
paste
Advertisement
Ressy

Guineverre Combo log

Ressy
Feb 10th, 2011
136
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 29.08 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 11-02-09.05 - Chantal 02/10/2011 14:10:16.1.2 - x86
  2. Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.1046 [GMT -5:00]
  3. Running from: c:\documents and settings\Chantal\Desktop\kittyneedfood.exe.exe
  4. AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
  5. FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
  6.  
  7. WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
  8. .
  9.  
  10. ((((((((((((((((((((((((( Files Created from 2011-01-10 to 2011-02-10 )))))))))))))))))))))))))))))))
  11. .
  12.  
  13. 2011-02-04 16:33 . 2011-02-04 16:33 -------- d--h--r- c:\documents and settings\Chantal\Application Data\SecuROM
  14. 2011-02-04 15:55 . 2011-02-04 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Amazon
  15. 2011-02-03 17:19 . 2011-02-03 17:19 -------- d-----w- c:\program files\7-Zip
  16. 2011-01-21 14:44 . 2011-01-21 14:44 439296 -c----w- c:\windows\system32\dllcache\shimgvw.dll
  17.  
  18. .
  19. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  20. .
  21. 2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
  22. 2011-01-07 14:09 . 2004-08-04 10:00 290048 ----a-w- c:\windows\system32\atmfd.dll
  23. 2010-12-31 13:10 . 2004-08-04 10:00 1854976 ----a-w- c:\windows\system32\win32k.sys
  24. 2010-12-22 12:34 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
  25. 2010-12-20 23:59 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
  26. 2010-12-20 23:59 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
  27. 2010-12-20 23:59 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
  28. 2010-12-20 17:26 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
  29. 2010-12-20 12:55 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
  30. 2010-12-09 15:15 . 2004-08-04 10:00 718336 ----a-w- c:\windows\system32\ntdll.dll
  31. 2010-12-09 14:30 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
  32. 2010-12-09 13:42 . 2005-03-30 01:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
  33. 2010-12-09 13:07 . 2005-03-30 01:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
  34. 2010-11-29 22:38 . 2010-11-29 22:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
  35. 2010-11-29 22:38 . 2010-11-29 22:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
  36. 2010-11-18 18:12 . 2009-12-09 15:17 81920 ----a-w- c:\windows\system32\isign32.dll
  37. 2010-11-12 23:53 . 2010-05-14 23:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
  38. 2010-11-12 21:34 . 2010-05-14 23:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
  39. .
  40.  
  41. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  42. .
  43. .
  44. *Note* empty entries & legit default entries are not shown
  45. REGEDIT4
  46.  
  47. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  48. "NortonUtilities"="c:\program files\Norton Utilities 14\nu.exe" [2010-08-13 4093288]
  49. "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2010-04-16 818288]
  50. ve
  51. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  52. "RTHDCPL"="RTHDCPL.EXE" [2007-04-26 16132608]
  53. "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
  54. "AmazonGSDownloaderTray"="c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
  55.  
  56. [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
  57. "LegacyDrive"= 6db2e18c583e9a8e0b36bf3703b54fa0c6b6abb06c853f345e7364315ece8578c811817c17575161aa16eb55c8096623e36e5e0519729aba00eaecd9a3435965c8bc7aa175d22226b2fc4132db8f99094369274fe56ab533c84f9b03156e685d02f71c94a47a985505a9528b775f4d7f28e24944f665365284d2ef718dc625d978dc99972d2e8f3228197f8fcb410d12f9d53b06e014de3f16d2114efde8b36214eeff9c4ae39aa001b489eb16d73cc108decb675d4c7f9341a7942171cf3d07578de98b766fc5b309d482fee7435851aa014b3410e2ad3ea15fe4ce93e96dfcea7d21d0e379ecb7b193ae8b20ccb69da64087dd0ae949a6c8a86588bf2cdf4a2a15e52fd159a87980e76a2cb98bd814a6129b0951ae2a72179be2085a0358dc7720ee9cf8a0a4120a4d31ed31ed52c43a6763ed5871282c1a15c5fded09e2fd2ccc52bfefab7f168a360d2b57f0baccb64a890751d31ff8a5a96ddfbd338f754112f481b054c0a6eaeb6e7ff15ebaedf0bfbeb07ddd5b351bbadaaf0340d369df242f4e5b685a29fb3913b95543e4b45e7c7f4f8662f8a38c8432559644977681db0da8769e2583be7f9537d7d6e872c7627484b08a8dc0a5e9f826bc0aa2406470924af9da1d9596c4592d2bed31d3bacfa885a4577d027b2751f49548dcc8f9bbeaa87b0da4aa292c1147e679dd0e551e5899f9a2c1c19abac50eea634371682d523685da853405276d47a9ea60000b5d799ac9bae030e508c24c2e6c34c6055663af24ae870423f230e141bda54410a334146f5dc662b926b6ee3c64e4eded8b0509593f3daadfb8ef741d6bd310a8e74a3000fdefcdc3236fb3201a9a408fcfba69bf7f23aefdd01f0b2ec3fb9c4d2f9d48d535f05dabb5a5d9a4c2d67f4854ea2ad63db862875fef2d171bb527820c8ed50bf6803783f9749cc80be0ba8ca4a3fe58bb3021d0f2effc380ee09d37a9829ac5db2bf3a5def6586128e17f7494e8c3def72131895ef2e8219882c625f56d413f4cbc92d1431419d0ca2dfdd5e9861371bc5801c1bbc8a3433f60ade842c0926b6791a5e03abb7e90b8d8a004e312e85860ae46e8f26fdae50b3691de0ea90a3ec6339274fd4b53514afac8b12a97745d52d5d430440092792184fba1beafb30ef9b8a8464eff4458a596e7776e0194e9f03aea1fdef857262c9a31883e20de24c7acfeb965fbddf65c4a961c3cf9d7afc3e2e471ffe9df90b3d4461ffc5dbdc334860eaf172d6ed224e0014e46f2a12db4cfdb4f168c3ba7e9c3caa7249dd4f91c30ef70a50cf8383e7a10e067df82e875845f286eadf09603909ec50afe07ac2f4652a9e657bfc5a324823a4e4dd132f1fb3cd2b40b3d770c7010402fd2c4cccb7b9245f7746f9d6aebdd17ebd8060a08e00bf9e10b7a9a672a50be41fee8fcbc36839bca8d464346f997ca8026ca4af522fd775e5a402fedc5f953d35f87d605d92613408f13644abaf0f07be769c47da718255089a62591453475fb3af97add2e1b2ca3afe524f93114bdf81316ff9d2900fac0bf80f4a4db12c7cdc3778411bf635cf22076c12b816ec8894d9bd2fc81936beeb42672d354957a0232fe71c3411b7fa99a2c3122c432d74ca4335e2a0a0ec93357356568db833417bc50b808b73baa5d6f26eebe0581c7b3e8cc4851ef570b19a54d241de3f05864a5268b90163578beedcba5aefc41952406203f8ed2e5bfe67d014cda14cb246a2b62bb605307b7ed6aca91374a318b04f24e382c28db3e4e62895bc3e796a6d0329e182097b34a7128af808ddac9e77ce4671bf86833ec21557162728c90fef442ff43b1a541756cc244d4a18fa6efdd65c3fad1899602779f87dd1e41112bb53c222d46fdc5dac146fe30fb25f5c9f62757ae63c9fa6f652fc0749819bd8e52129cd129ea3ea6b567a51c9638117fb92a682cd89edba395403bc7ded7e0d9e15ddd7693f2625accd9377faf7bae403aafd7be1b38f283c68f2a65c4e380ad4e5f05791aab4c5f75b51f5392b171cb225e9420248cac38ffdb6462cec5df81fbdff16d0f955b9096c8d285eb6c4067fa5e50ca58efdbb44376ab5086a384e79d10650b1a190b1647eeb7d30de6317a14170de22c232df2ec54875898ec287e48b679ba47e1c2c5ba0eec6f82a88b916374bf1b4265698a4e7ac1f7e36250ba8ecc15a466be0f88873651fac3115956932d9e0454cb68fbb037e4845aaa7841fe6f546d77454a654305df683584a29b6abbbc507e25c9870069e6b523390bf2c5b67a9b5d56a53a62e26ddfbe2fa22a61fd55f7852a3d33372659ee13a7d7b24f9e3514fa69a688864ab77a8518329ab03442772dbfd94f120a4f25254e4b15e59ee7e5cf190fdcda642ad7954457fd9990f7cc63cfa5c2c4209492b373815fdb929ed93661cfaadd6418101f8356cbd00a2e39e3f444c03b69ad6cbf85a6d9ad5b8654303af13d342e4faf79ca7c63e625c1d22123049a5ceaf63b2371e42682324a3e9efae1e8918840ef510ea2318f84ea99df42e44d1acece2800f3176a221366aeffbdde1d6e82a0e23c0592dd15525f9ca871bf87063af95a4b6aa6d981f7b7bec1a1d1baf79bca580eb88723e9bef78eb374d43d1a274780bb4c011ada668746572bcdfcdde207705d0fbcdbbb521c7fc68d93e56e459e6a314bdef9d79b6a1a5f846a2c3909e2eeb687cb45bc99689539be39d740eb28e6bfa68f29ce37e6493bc0159fd272d902dc006adde6545b84c481c1c8d4fa97c88701610b1e6210ccb260269577f01a0f4125fe1948ec5f1728f96d8d2c015beccb2a09abab73bfe19a8629fe74a21b94b3260c8ca8f2ea6eca6d0d844fcd693cf99309cf3354b8205cbf01e763dc5b0e94929d5bb16cb850459ca45035419b0298e586fac84ab497b966d2278aac18525afb8dc0b55d3fbccd2fbda817680ffe7570cb89d494dc1c0c5a828307129aba26ae205de0d4f260ac30d600220fbff95d2a4cfaa3bf925648e71bfccf232ea95338515c253d0d0ab7f2f194b953c2d9f6816d70c1b071f4cb13073a25c7e4f14da19f2aa5ccc01824b41a154c235ce65caae240c643d18be33462e5e6377e6a0ed78cb3201d869c156c534b10aa516e93a030c3f1a407de0775a1ca272766182255bfa6f3b660b72145a7439ac8945af7022b01022b1a3c759d9c6c05d09ddb9f881f96f24ddc7b2d1c2d920a5c2aa00b1313fa035aee98d90e726a89c924ef6b11c003b8cfdaf8fb4a02c5e9a3b4b44b312d1fc5d068694291c3bf44bafa437b0e566a964e22a259ff5f39f06eb87a83f2b8190a713bd06325234ba1a04c42a70ec1e4f6bb307cc4d49b4f4e7251c36fd41dc77095ecbd6e221e95dd2a44a5689df5b9f8cd07dfb062521ed0acb765d93761c2f1a04bd48aa803833f87adeefe824aa56cc03b19855a005083b146de020421106142966a6b1c5c54375fe3104c819596ef09795dc544d4679a320626a287fe9b6fdefdd3665aa7b2708e5aeff19ac060fe97a078ca36fa0d62a3525f9bb04c57482f790cb09f718b3f0c22d87b3067303adedc9112a0f17c129f3ed1faafc416dd011d5f483082a17228785ca695559f8e0ba5d6b284cde43c10ee72fec80d86b604705790ce4b5fec969bb36226539003d9b636e20804f9d3c6589573cdd1c269b7f008eb7241d59b83ee3ecd13187061160cd7a32a868c58cb9aa54f62a659f27e84641b6104ad29be992752c152f53a500cd1c590e6ae2aacf69c4ad23aed3f7dd29637fa6cd78325ff1feb74bc2a4538416c45aa1f11b297fc41072bcb73d4d1ef084c05bf92070c4188ed40353e56a756146fcbdcede0c645e3ac9d553858cf5c904f2db75e85eb999d5bf80bc0c28b32eba4fed1637fe00e4353467972bf61f24ad16756eab99849b6a42fbbff2ab7175530d187055cd90ce0cbc6ce3e0752b043335b2861898a4e1e07323318647b734649bf0e80be347342e2ccdeade059e4ce1ef54c23b7a1215b2c2c05d75e5656c88da0363a4b72d93dbcf02c1ecce51c2574fafb6a382c26ebf57de5dcd9e9923eb39bfeb36d611091d65eaf35a5fee299bb2f3629a9cf60d37260245e920376fc3fa4de22ee7221979c19921dcb4014f56b2e266e327d8799025c3fb333908e492bb9229f2fd78c53780cf53e8aa30d9bc152456b2dbc3e179f3a815804db7054f2a97c09812f99ef5c38efd918d8d31dc4b1f5f4c1ec6fdb24d3958edc797c93df7a981ce4c1fe803d6a23e9b81de74cc39bd29fd3969d4606c6f4ce06397add31eb0e69f8964c2985cb5749a142d662d46e3da9ce554e66059fdfa9a0eddd38946cef91cb0da9227c0fa75c795d2eaffc9a677b7daea68a256b87de87703cae8b4e25abaaeaa187612225b8dfb48b7a015bac13813a305a6a7ea57ad040cff4bda83fe36e582784c0086df5e56dfeda3d5b60658d1f3c9cc51e88223aecd64db7b8eae2c1801fe3208107a89af2523102f1f1bb72be7a91d427cf25a743fa5fff635c35ce46077c638c68fe306d29ccd0ab55d548c5beb88e6e9cd7cf473d76add5a646619129d89b55c973963ec0bb76b071d6dd9a9eceb9fbdb365fa54311de4069ef8d939159e7ff216f994c52d0d8a82bbaf8edb0723b2357e7e746bb929b4994a0e25ae75309ff687aa62ee38b309ac3c14a50cb6374e60fc8f594b40fc28bf70fa18870918ea898bd5e7e8ad3a263061cce0dbb1f9b63c617a99076a5695752c33aa65df9d26d98d3e0b0c992efdb7b228e5795464cae5a502d4b0314e74fa66296b364a785e7006fa274ed2830dfac29bcd154f2527672b6f02314163b3b21307153ecd89f94082514615d30153a7b18d2e12f4a99bb54ff4a78ec050bf66fbec33d636377aea22dc310f12768aac8f3514d040ed38a44a8332294b369be493a23e02bf40d1ada19507d6a74585551b9db13831a178bdb155b60bd90c8bcf9275944f3c5214b0171d445156b95897f9c78be0ea67a9d0546437deb3cabac6dd1e06c4f03fe3ba8e2e0584f3a35829172d60325b456ed614edba4ad592d9c39980d64eba2c8e49b440ce28321f9cbf19b7bb13ff7d89005bb85bbd58d5b3e218815554aff1a4ba28cee9d7dc911e0ed09df10d046b5260d5b55e81a738c05c2c211612573b1ae00e1a93c2e0954126f3f063d69213768eccae4ad7a4732ab074f54d9fd2eb019d683033d91ff2b30b6d9fdd7a982b8c5c7b6b92f7bfef296577897a664da1a5fb6b55a7243f717eef4b4aa1bfd26f3a66af292fffbac5a00329e02cfaac51e05aa1d4e10fa1eb6d5f687ae9ae0f35aba247b28bc1cd58e68b76400f99654c522eb204348de607dee2fe1da711cfb28f5851fe09f4eb0ac04051426e2c50ae30e5a3eb0aea51a1ba842e0365a69f6978c1280a3a35d340c17306acc9927227326cb982cebea2dd301cd581921d34878af6713c6f830100bb8878190e02e7638963fed137c623e313543b7b425448329796ed01968ae30dab83e40ab836188003b53a31bec80a0dca4c1f4a7daca13e0b2fc8a909f7a85854c1222b5e60b2622741eef016bc2aa1a7dacc672b397a928bb41a19d83b61dd706d01d2866ffe70a3c46fc4e2c864a76bcffa35f66146e22eb4e9d3debd7a4deeeb3fa16e056e70b09ffbb60d385c1c77a40c172b51cc9ca98eb2d64b900cd3192f996f526dc4cfae7668605d89ffa89efb2fa1bbdfc3f265063e6e059e9b87c8a80aea14220b41c6c1895aed1a4a1b9f89cb9b386bf2ffde814fa7ff764ceed299ff149047c4baad960bd3bae81b4867c4bfef39b02dc8b7aaa58029324d9f59e99f470051b85b3998aff3683b500ea7dc229c242d02cb77242da26769bdf30574540302a8c69f559c4b384a63889ac6c63cae128636f4639aa6e0ce4f7defb9b845b4e7f81acc423c2a3f493b545e195962bce2ee6285468192cb1538e69634ac5b4f5c277cd2d1a99fb22f805e131c6eb7ead99dbb3437b88f6debecb4ac78feb6f11ce1b56341d44d7f83805a69584f88418ea38b208e520ab4ada551242a906ea3b81720509f8abbfec5b9aebb84295440e33684bcbbfbab89f39aef7cf20d6239efab584c2f3d15719c809cd99e3295585c7bc1ee7af21d83a72e2bb67aa40cbf315135a763bd1ce4f52eca5965e61b5529c8db9ec214309e4bf1dbfa9c3280f85515642fb072a1f9ac753a92acb7111ecdb7a8422c45d48d205e607c8cbe26bda2083ea6f5f06e442eb92eb64206461808a29496355ab57bc05b04920671f7a51c865b5bf641747f34f21d9585c7e7e7bfbc67083848953984e4ce58bb980296772b1c449f200a77148d3ee9819cb0884e5f619db8b479c3510434d749cfc4658c543684e101afc89b5689a54a3f04aa7c484eaf8d38276d0538a50afadd0c5bf76d3e7186d22995fb81f48a53403d68c0a22d7ac837000351d45dcd5dd5dc1dce823039e4d2f6718260ddbd7df406416d5865726235ecc13b8c85085ad4cdae4d6e33d00c0983f6b6ffa0789f8fe62812f31796c228153c2b44f9b1288c5a4f7216aaa4747f35b8dac5c95bacf3872172146827e664457ca5f08478ca6cc6dffd9caf13ffa0889b5167640d6253695760d323b29f5bc1572cc5b0b5324a66bafdc551e9a4fa37fd3cbf66d8f45c29f794bab38f639ea9cadb0f181474452497375dd8f2ee1080041b7946c0b6f6e1c80b9d46772b3b8800f5e6992aaac53700fc0b2b844345cf332da6238993abcf155953ff4ed24c9f06aa1bf0b6508b9c9649f7b306734272abda6b22a1ca69512f1bfc554f594e458016ab91e23e6de25f117b88b1db6ac754a9cad90b11ed7609a9907333da54b6dbaee7235ecf3cb2a4c5d3051129043529e81f8e517c7548752f47371f525d0cadcd8c11cbbfe41050551f22f0de862816b098e97a23ea570ffab0e67c49eb5ab6586686054d46ccfd719756638c44c9ca1a68b77909bac52856c65ddfdf43865a4824556c77f64fe08517093557ee5781b15aebcb64a38e32c60cbea1ccc1a85f19719ab5b040e540073eb95826e85db7e55811b64f3f60be1cfa2853caa936d93b38c8967faaa935b27478d396c1f5536b8b179772ee84cd4d5fb3adb91925818522a3f938bba1b9be597ffc235957b29ac6f71fe4e6924b742a63392d0b711049b3539e337f67ccd9ba329e825b32f77de9a81abff3dbfbbb5aa123622065798a4c6811c592238d2e3c7c6f168cd346edde8b0ce85e23238b44960ced964ae3dbb6cc993f103f93651fbbb36c2956aee8baf00c48295250cc4c8ebe401febb5c1b698fdbf03c62bd736ce54102b374a3f3db48857139ee938677f8677897f2aa5935977dda0d451760bcafaf5acbd29cd1aee92abb40782511a74cd8b1dbaff1e020a8ed78f97c8b8a3f76804771e46c214b620d2d9a5bb2cc4eccf38ad14ba0469748f793f6941a5f391fbfd2f0062a7989cd58a425e87e0da481b1ba02fa75e724e7a01e98795adbde7541d6197e39f4eeb4b275e889296f1bd0f27b081734aec13735cb4d29d8b64e1c632ce1c486b2c6f499cbc16f266e40fba7b73db891dd66b091647caf1594f955df0e29f569f44c4a700bc2f77fe664c24d29cf218c925c5b7a3b52ebb3195b2549c9351c168caac2518fc251607137eaedff297c3c4213e8bcbbfe63dcedf51b1f1cb81d7355b476beae3398bb95cfd10004b12f166fa6eb559e9acfabd2984823008f1ac1275753ade0ef7d943709184cb9c847b7cec8cae94a5f2c8d3e223e8414abc3d0db9a6db1dfda090d7d25f61535cbdb2601af99ede5bf927fcfc894bd8882f71c123627ecc8e2f73dcb342e52a5a042522caf6341a99abb2f3a17f5af7573fc8b4ee105b63b11cf82950529134221b5149181eda8658e63a496d44dfb940e40794e83953cb55296e9413598202335e0ad891d1e54b869ec1146aba6a4892d7c4d4fd8c5d5cf5496cde071941a69c606b219972ea058fcda4e7d4036034188e4ab73b54fd7ee8b3c04c912a120cd3cbbe14a2cc95bd96f6880a1b11f2b710bec6fe04fadc84af93dad1562e0693937e126ff2a794b08e7f308924a0e2ef7cfa345764a87d836d8b3148815a2916d8ffb70587b70a635a7e697a9b0d6e7959c75f38df5cb0d29a4723597e64822c4c4bdd3c0dd877615669789586f4b3ffd68e5256fe33c05609bb10a5eb66526a847a9b13f17b75340a59f23706b83101963078015ca043828247c7c92a180d377e5fd3cdc158d71cecef9a7fe0a26c113e296c44ea4318b6e2746bbd15bcdfadd24ef5c9e69c71eb0676b97604c266b0e010802d547a1396e05095752e023421f0d23f23d634e27c1b5fe0157925ef5ebca1dc1aa5f24a176026b7536474a0d130747a3e7022ca9f2c95dc5cfdc691ba70fdfcaa53263b9aaf0019341f8c010d55b7b772135ec60e9900abfe885951e09a4ef2ada962dd1713d016e6a60ac6bb6f0e450a58a1ecafc73dd62f688d709887853f4e930d5aa5297fd5b027cad7386cc6a6f370905ef04f77a0d729918eee05be29610913601e320ac6f647b41ff08d2b57ff73485318300df2db43b01916baf1c1a7fa6e4005aac41d6539747b137c5688c29a5e8ebad7992bfff5aaa8aa97c22c354b3107cdf366042aea3c6454544f7b81591197b95f678f895d67a4acf95cfd5a5c040fff2b608e6b92991e2444e0de802ea00002964fff99f1fb75b1b06309d87695398a907ab3c036c6882f87da9a12f51fb853d421c7d7e440534437628e233f7f7c3ebfba5c8e81eed308da7f79f8c0af18890fe56d66c5badc9ec0b463e0c6f133168feb980f430e7f2ed9ae777105a73b209b5c9b42eff010b6dbb9ffb8304650b6f2b6ac327a270b5891973ba94e67e7ed8aac2b33f2b32e9d19e9ba8e6afba948cc1ba36f7c9076181496bc3ef8277bbf6e5256afdccbb0d2567f38a87f95848bc44f344a34127625e15da009e41d5d121196ee9787764140eb00a6c66c7a82beda4e11ebd4ff9ca1955d5ac525039c869075acc663895f3a7956129770c8370e24b8082c88458b8316d712ae08bd2182bb191890ac38f316dc06298d300937918ba0a688ec8c6b850afd19cd3e8da748cbe26a7ebfca3cbe60f999c9fa7ca618b73f7651837a6ab941f21de4a52c287eecb6e823b6460b3da3428f5861bf3536e9b0c7bdaeaa36f1245cd7e7b86cd7304f9920cc06c80aed485ac7456945802d3e9390033f6cf497bfb6abb9a799782a097f1992cc43a8d239eaa85a812867f48c5f5dc74b30f1f351638f21b8aac69766e5a8bc98df60f7cfe4a63d148cdf219ca76a7285bd2a0ad062d557ae7f7ed0b5e53dd71cd64c98c20bd0d17bb7e53e4b0c0656936343f7c5606695be80884efbe0c22521f91db8e77a39ca84cfc43dd746f692b86877f138e6b1d9d0504969e0062d0bd36a75c539ce9779f1e6e09c363cd9f2bf4009bbafa1422184925354e9e8a1d90254d0d593fde03bd8108effb00231753cc8cba17ba52f3036732e1d179c6050928f9eb17fdbe0d9fda01f415d03bdea088bb122abedaafa886fd13514ab61ae1e446933fb261f15eed304361369c670272ca7a34d8e292074815b0cddfdef07bc888035155f0dfbe4e8cb57e88ac2405ba00ac208d5b65daf2ecb6f19cb878af995ef431692634f1f46af53f9233f27e700866903604cc8fe72be9be08fe0cbf044d9506cf4db48dcaea73c9e75ff7dd0d03020ebe66bd78f79cb5ff57d92388843e7068caf39af81c06760e3bc33341aaa254de0fffdab688d1ed229cd2704471e1d98f40a440890771b5cf7e6fd75a4bf8a20279428940273fc5387dc1ecf7e4e2c5f977a35beeb4d350bd783374ca2ad796f27436cf9ae2bd07cc008a6c74c44950abb6f3106daf8df4efe112563217ae07d83e2cee3625b2f2ac81ac1a313406f332cf9e339d55f99b3841342238cb3e4f0f6845e785906ec80ac3c9154bdace8493034b5f5314675f92d6e7c7ddaf6d4478e4f86801aeab595191cfcba3e91a2bf8c5321db9f96d299f6fdbb1d0be86274bfef87c85dafedc54e6ac980d33a164e9218cc2ae75efbe8bacd523dc438e9d4f8d066f6bbb30125d9bb4621a9b53ea9530bf623578b076861d34c92e7d463a2409a3661cebd96e45eca1fa37946e7e279346bb5e5fd189e91fb0d591c80fe60d867ee4775dfce09afd10557bd942afe383db5fa025ad01b14f57c74dec6a112775cb3ef16459c21feccf79ede7eb3ba30fd0b11872a86775208f223b27ac7388c1a18c95cb26538479f0b55949d83d463539e5ef2b2d9a2c5dc48d68a62ad65e8e5ad010d9940dd6510e3db0c6e651db525cdfa2e13ec977f1a31a4297dc30f9c3a82071c4a756740f127c133ca89d3d51ec8b91438d7e71ba26fd581527026d97ae1359585fed495445ec7685c376068cca4c0359580200413fb3005128f293e1d704426cb14c2d9f7b06f3af6438d2f046e60fa42986991008b3e9d5d8262c7ec7e1a456c2ad4c7c39c7bb39de26d74a904c217917bcff8f069e8f818e2ea9156c051447bd9af9ec14089795ca1239b6956465085c1b572b4a88ad9022316496d21903f34a4216568e6fde4a0a2e475e26161a831b4e74b505bd4e77de39ea3ff7d88c1870a4c1eed213f704a3a284e9896ceba9b3fb5b40755e7954327c5f237fa7e5b985751f67a7cb2672653a1c08818f6a7860a54ca1b27e90ab55929af67767ac50fc62ca646b1fdd878e5b79fc8a8cb61cf051c12981b68c1be61024a3a127406a449b1599e180729fc14c082e59f309877950f6f8c7c7b1a36c29da800dd758a5fd2b36c6b113b1f874ff8fba5bfeb2cf357c23ecc35b2e15afa5685b3b21cfdae8e3736cf1c220c3190d3db5a67af4d6ae5f934c912533dfc7f9975000
  58.  
  59. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
  60. @="FSFilter Activity Monitor"
  61.  
  62. [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
  63. backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
  64. backupExtension=Common Startup
  65. HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iLike
  66. HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
  67. HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam
  68. HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
  69.  
  70. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
  71. 2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
  72.  
  73. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
  74. 2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
  75.  
  76. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
  77. 2010-03-12 17:08 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
  78.  
  79. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
  80. 2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
  81.  
  82. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
  83. 2009-12-11 20:38 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
  84.  
  85. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
  86. 2010-05-20 19:27 762736 ----a-w- c:\windows\vVX3000.exe
  87.  
  88. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  89. "EnableFirewall"= 0 (0x0)
  90.  
  91. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  92. "%windir%\\system32\\sessmgr.exe"=
  93. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  94. "c:\\Program Files\\AIM\\aim.exe"=
  95. "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
  96. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
  97. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
  98. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
  99. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
  100. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
  101. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
  102. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
  103. "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
  104. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
  105. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
  106. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
  107. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
  108. "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
  109. "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
  110. "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
  111. "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  112. "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
  113. "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
  114. "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
  115. "c:\\Program Files\\iTunes\\iTunes.exe"=
  116.  
  117. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  118. "57678:TCP"= 57678:TCP:Pando Media Booster
  119. "57678:UDP"= 57678:UDP:Pando Media Booster
  120.  
  121. R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SymEFA.sys [2/2/2010 6:48 PM 310320]
  122. R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0308000.029\BHDrvx86.sys [2/2/2010 6:48 PM 259632]
  123. R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0308000.029\cchpx86.sys [2/2/2010 6:48 PM 482432]
  124. R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20110209.001\IDSXpx86.sys [2/9/2011 7:13 PM 341944]
  125. R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2/2/2010 6:48 PM 117640]
  126. R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/9/2011 11:08 AM 102448]
  127. S3 Amazon Download Agent;Amazon Download Agent;c:\program files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2/4/2011 10:54 AM 401920]
  128.  
  129. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  130. HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
  131. HPService REG_MULTI_SZ HPSLPSVC
  132. hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
  133. .
  134. Contents of the 'Scheduled Tasks' folder
  135.  
  136. 2011-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
  137. - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
  138. .
  139. .
  140. ------- Supplementary Scan -------
  141. .
  142. uStart Page = hxxp://www.pogo.com/
  143. uInternet Settings,ProxyOverride = *.local
  144. FF - ProfilePath - c:\documents and settings\Chantal\Application Data\Mozilla\Firefox\Profiles\f5y07903.default\
  145. FF - prefs.js: browser.startup.homepage - hxxp://abcnews.go.com/
  146. FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
  147. FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
  148. FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
  149. FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
  150. FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
  151. FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
  152. FF - Ext: Amazon Wish List: amznUWL@amazon.com - %profile%\extensions\amznUWL@amazon.com
  153. FF - Ext: Dictionnaire français «Classique & Réforme 1990»: fr-classique-reforme1990@dictionaries.addons.mozilla.org - %profile%\extensions\fr-classique-reforme1990@dictionaries.addons.mozilla.org
  154. FF - Ext: Dictionnaire français «Classique»: fr-classique@dictionaries.addons.mozilla.org - %profile%\extensions\fr-classique@dictionaries.addons.mozilla.org
  155. FF - Ext: Dictionnaire français «Réforme 1990»: fr-reforme1990@dictionaries.addons.mozilla.org - %profile%\extensions\fr-reforme1990@dictionaries.addons.mozilla.org
  156. FF - Ext: glowygreen: glowygreen-ff3-30@glowplug.bitasylum.net - %profile%\extensions\glowygreen-ff3-30@glowplug.bitasylum.net
  157. FF - Ext: glowywine: glowywine-ff3-30@glowplug.bitasylum.net - %profile%\extensions\glowywine-ff3-30@glowplug.bitasylum.net
  158. FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
  159. FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
  160. FF - Ext: Norton Toolbar: {7BA52691-1876-45ce-9EE6-54BCB3B04BBC} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
  161. FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
  162. FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
  163. .
  164.  
  165. **************************************************************************
  166.  
  167. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  168. Rootkit scan 2011-02-10 14:14
  169. Windows 5.1.2600 Service Pack 3 NTFS
  170.  
  171. scanning hidden processes ...
  172.  
  173. scanning hidden autostart entries ...
  174.  
  175. scanning hidden files ...
  176.  
  177. scan completed successfully
  178. hidden files: 0
  179.  
  180. **************************************************************************
  181.  
  182. [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
  183. "ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
  184. .
  185. --------------------- LOCKED REGISTRY KEYS ---------------------
  186.  
  187. [HKEY_USERS\S-1-5-21-725345543-583907252-2146841749-1004\Software\SecuROM\License information*]
  188. "datasecu"=hex:2a,b5,5c,0c,32,d6,81,4d,33,76,72,ec,03,63,07,92,3e,7d,50,cd,31,
  189. 94,67,d8,0e,e8,a5,47,5a,cc,66,ec,ee,e7,44,64,25,1f,30,2b,22,7f,73,af,d5,88,\
  190. "rkeysecu"=hex:cc,a3,99,37,11,d3,4b,9b,b8,a7,b5,e6,76,cf,59,e5
  191.  
  192. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  193. @Denied: (A 2) (Everyone)
  194. @="FlashBroker"
  195. "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
  196.  
  197. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  198. "Enabled"=dword:00000001
  199.  
  200. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  201. @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
  202.  
  203. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  204. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  205.  
  206. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  207. @Denied: (A 2) (Everyone)
  208. @="IFlashBroker4"
  209.  
  210. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  211. @="{00020424-0000-0000-C000-000000000046}"
  212.  
  213. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  214. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  215. "Version"="1.0"
  216. .
  217. --------------------- DLLs Loaded Under Running Processes ---------------------
  218.  
  219. - - - - - - - > 'winlogon.exe'(984)
  220. c:\windows\system32\Ati2evxx.dll
  221.  
  222. - - - - - - - > 'explorer.exe'(2760)
  223. c:\windows\system32\WININET.dll
  224. c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
  225. c:\windows\system32\ieframe.dll
  226. c:\windows\system32\webcheck.dll
  227. c:\windows\system32\WPDShServiceObj.dll
  228. c:\windows\system32\PortableDeviceTypes.dll
  229. c:\windows\system32\PortableDeviceApi.dll
  230. c:\program files\Spybot - Search & Destroy\SDHelper.dll
  231. .
  232. Completion time: 2011-02-10 14:17:24
  233. ComboFix-quarantined-files.txt 2011-02-10 19:17
  234.  
  235. Pre-Run: 218,712,756,224 bytes free
  236. Post-Run: 219,083,501,568 bytes free
  237.  
  238. - - End Of File - - 7E0897F00D33805DF4C09B51273A61B9
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!