My Pastes
Public Pastes
Layout Width
Share Pastebin
Guest
Public paste!

Untitled

By: a guest | Mar 21st, 2010 | Syntax: None | Size: 33.31 KB | Hits: 231 | Expires: Never
Download | Raw | Embed | Report abuse
Copy text to clipboard
  1. ComboFix 10-03-19.08 - George Mumford 03/21/2010   8:31.2.2 - x86
  2. Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.3326.2950 [GMT 0:00]
  3. Running from: c:\documents and settings\George Mumford\Desktop\ComboFix.exe
  4. Command switches used :: c:\documents and settings\George Mumford\Desktop\CFScript.txt
  5. AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
  6.  
  7. FILE ::
  8. "c:\documents and settings\George Mumford\Application Data\nvdisp.exe"
  9. "c:\documents and settings\George Mumford\Application Data\sys\New.exe"
  10. .
  11.  
  12. (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
  13. .
  14.  
  15. c:\documents and settings\George Mumford\Application Data\nvdisp.exe
  16. c:\documents and settings\George Mumford\Application Data\SQLite3.dll
  17. c:\documents and settings\George Mumford\Application Data\sys\New.exe
  18.  
  19. .
  20. (((((((((((((((((((((((((   Files Created from 2010-02-21 to 2010-03-21  )))))))))))))))))))))))))))))))
  21. .
  22.  
  23. 2010-03-20 10:03 . 2010-03-20 10:03     --------        d-----w-        c:\program files\Microsoft SQL Server
  24. 2010-03-20 10:03 . 2010-03-20 10:03     --------        d-----w-        c:\program files\Microsoft Silverlight
  25. 2010-03-20 10:03 . 2010-03-20 10:03     --------        d-----w-        c:\program files\Microsoft Synchronization Services
  26. 2010-03-20 10:03 . 2010-03-20 10:03     --------        d-----w-        c:\program files\Microsoft SQL Server Compact Edition
  27. 2010-03-20 10:02 . 2010-03-20 10:02     193824  ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
  28. 2010-03-20 10:02 . 2010-03-20 10:02     416     ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
  29. 2010-03-20 10:00 . 2010-03-20 10:03     --------        d-----w-        c:\program files\Microsoft Visual Studio 9.0
  30. 2010-03-20 10:00 . 2010-03-20 10:00     --------        d-----w-        c:\program files\Microsoft SDKs
  31. 2010-03-18 22:23 . 2010-03-18 22:23     --------        d-----w-        C:\Users
  32. 2010-03-18 16:29 . 2010-03-21 08:21     886272  ----a-w-        c:\documents and settings\George Mumford\Application Data\System.Data.SQLite.DLL
  33. 2010-03-17 21:24 . 2010-03-17 21:24     --------        d-----w-        c:\documents and settings\George Mumford\Application Data\teamspeak2
  34. 2010-03-17 21:24 . 2010-03-17 21:24     --------        d-----w-        c:\program files\Teamspeak2_RC2
  35. 2010-03-17 21:20 . 2010-03-20 21:16     --------        d-----w-        c:\documents and settings\George Mumford\Application Data\TS3Client
  36. 2010-03-17 21:20 . 2010-03-17 21:20     --------        d-----w-        c:\program files\TeamSpeak 3 Client
  37. 2010-03-16 20:43 . 2010-03-21 08:35     --------        d-----w-        c:\documents and settings\George Mumford\Application Data\sys
  38. 2010-03-14 11:10 . 2010-03-14 11:10     --------        d-----w-        c:\documents and settings\George Mumford\Application Data\Youtube Downloader HD
  39. 2010-03-14 11:10 . 2010-03-14 11:10     --------        d-----w-        c:\program files\Youtube Downloader HD
  40. 2010-03-14 11:04 . 2010-03-14 11:05     --------        d-----w-        c:\program files\YouTube Downloader
  41. 2010-03-14 08:13 . 2010-03-14 08:13     --------        d-----w-        c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
  42. 2010-03-14 08:11 . 2010-03-14 08:11     --------        d-sh--w-        c:\documents and settings\Default User\IETldCache
  43. 2010-03-14 00:45 . 2010-03-14 00:45     --------        d-sh--w-        c:\documents and settings\LocalService\IETldCache
  44. 2010-03-13 18:18 . 2010-03-13 18:18     --------        d-----w-        c:\program files\Paint.NET
  45. 2010-03-13 18:18 . 2010-03-13 18:29     --------        d-----w-        c:\documents and settings\George Mumford\Local Settings\Application Data\Paint.NET
  46. 2010-03-13 16:22 . 2010-03-13 16:22     --------        d-sh--w-        c:\documents and settings\George Mumford\PrivacIE
  47. 2010-03-13 14:56 . 2010-03-13 14:56     --------        d-sh--w-        c:\documents and settings\George Mumford\IECompatCache
  48. 2010-03-13 14:53 . 2010-03-13 14:53     --------        d-sh--w-        c:\documents and settings\NetworkService\IETldCache
  49. 2010-03-13 14:52 . 2010-03-13 14:52     --------        d-sh--w-        c:\documents and settings\George Mumford\IETldCache
  50. 2010-03-13 14:50 . 2010-03-14 14:39     --------        d-----w-        c:\windows\ie8updates
  51. 2010-03-13 14:48 . 2010-03-13 14:50     --------        dc-h--w-        c:\windows\ie8
  52. 2010-03-13 10:36 . 2010-03-13 10:36     --------        d-----w-        c:\documents and settings\George Mumford\Local Settings\Application Data\Xenocode
  53. 2010-03-13 10:29 . 2010-03-13 10:29     --------        d-----w-        c:\documents and settings\All Users\Application Data\RoboForm
  54. 2010-03-13 10:29 . 2010-03-13 10:29     --------        d-----w-        c:\program files\Siber Systems
  55. 2010-03-13 10:16 . 2008-11-10 11:41     32656   ----a-w-        c:\windows\system32\msonpmon.dll
  56. 2010-03-13 10:16 . 2006-10-26 19:56     33104   ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
  57. 2010-03-13 10:16 . 2010-03-14 08:14     --------        d-----w-        c:\program files\Microsoft Works
  58. 2010-03-13 10:15 . 2010-03-13 10:15     --------        d-----w-        c:\program files\Microsoft.NET
  59. 2010-03-13 10:13 . 2010-03-13 10:13     --------        d-----w-        c:\program files\Microsoft Visual Studio 8
  60. 2010-03-13 10:13 . 2010-03-13 10:13     --------        d-----w-        c:\windows\SHELLNEW
  61. 2010-03-13 10:12 . 2010-03-13 10:12     --------        d-----r-        C:\MSOCache
  62. 2010-03-13 07:26 . 2010-03-13 07:26     479232  ----a-w-        c:\documents and settings\George Mumford\Application Data\Gatherbuddy.exe
  63. 2010-03-12 23:58 . 2010-03-12 23:58     --------        d-----w-        c:\documents and settings\George Mumford\Application Data\Apple Computer
  64. 2010-03-12 20:07 . 2010-03-12 20:07     --------        d-----w-        C:\RTW
  65. 2010-03-11 16:56 . 2010-03-11 16:56     --------        d-----w-        c:\program files\Common Files\Blizzard Entertainment
  66. 2010-03-10 17:41 . 2010-03-10 18:08     --------        d-----w-        c:\documents and settings\George Mumford\Application Data\Bioshock
  67. 2010-03-08 22:56 . 2009-12-11 08:38     69120   -c----w-        c:\windows\system32\dllcache\iecompat.dll
  68. 2010-03-08 22:56 . 2009-12-21 19:14     12800   -c----w-        c:\windows\system32\dllcache\xpshims.dll
  69. 2010-03-08 22:56 . 2009-12-21 19:14     594432  -c----w-        c:\windows\system32\dllcache\msfeeds.dll
  70. 2010-03-08 22:56 . 2009-12-21 19:14     55296   -c----w-        c:\windows\system32\dllcache\msfeedsbs.dll
  71. 2010-03-08 22:56 . 2009-12-21 19:14     246272  -c----w-        c:\windows\system32\dllcache\ieproxy.dll
  72. 2010-03-08 22:56 . 2009-12-21 19:14     1985536 -c----w-        c:\windows\system32\dllcache\iertutil.dll
  73. 2010-03-08 22:56 . 2009-12-21 19:14     11070464        -c----w-        c:\windows\system32\dllcache\ieframe.dll
  74. 2010-03-08 19:53 . 2010-03-08 19:53     --------        d--h--w-        c:\windows\PIF
  75. 2010-03-06 16:50 . 2010-03-06 16:50     --------        d-----w-        C:\Hotspot Shield
  76. 2010-03-06 16:50 . 2010-03-06 16:50     --------        d-----w-        c:\program files\Hotspot Shield
  77. 2010-03-06 14:07 . 2010-03-13 06:22     --------        d-----w-        c:\documents and settings\George Mumford\Local Settings\Application Data\PunkBuster
  78. 2010-03-06 14:06 . 2010-03-06 14:06     --------        d--h--r-        c:\documents and settings\George Mumford\Application Data\SecuROM
  79. 2010-03-06 13:43 . 2010-03-20 22:51     139128  ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
  80. 2010-03-06 13:43 . 2010-03-06 13:43     138056  ----a-w-        c:\documents and settings\George Mumford\Application Data\PnkBstrK.sys
  81. 2010-03-06 13:43 . 2010-03-20 22:57     215128  ----a-w-        c:\windows\system32\PnkBstrB.exe
  82. 2010-03-06 13:43 . 2010-03-06 13:43     75064   ----a-w-        c:\windows\system32\PnkBstrA.exe
  83. 2010-03-06 13:43 . 2010-03-06 13:43     2434856 ----a-w-        c:\windows\system32\pbsvc_bc2.exe
  84. 2010-03-06 13:43 . 2010-03-06 13:43     --------        d-----w-        c:\windows\system32\LogFiles
  85. 2010-03-06 10:06 . 2010-03-06 10:06     --------        d-----w-        c:\program files\SystemRequirementsLab
  86. 2010-03-06 10:06 . 2010-03-06 10:06     85504   ----a-w-        c:\documents and settings\George Mumford\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
  87. 2010-03-06 10:06 . 2010-03-06 10:06     --------        d-----w-        c:\documents and settings\George Mumford\Application Data\SystemRequirementsLab
  88. 2010-03-05 23:38 . 2010-03-06 17:59     74240   ----a-w-        c:\documents and settings\George Mumford\Application Data\Warlord FPS VIP.exe
  89. 2010-03-05 20:57 . 2010-03-09 11:08     19024   ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys
  90. 2010-03-05 20:57 . 2010-03-09 11:12     162640  ----a-w-        c:\windows\system32\drivers\aswSP.sys
  91. 2010-03-05 20:57 . 2010-03-09 11:09     23376   ----a-w-        c:\windows\system32\drivers\aswRdr.sys
  92. 2010-03-05 20:57 . 2010-03-09 11:12     46672   ----a-w-        c:\windows\system32\drivers\aswTdi.sys
  93. 2010-03-05 20:57 . 2010-03-09 11:08     100432  ----a-w-        c:\windows\system32\drivers\aswmon2.sys
  94. 2010-03-05 20:57 . 2010-03-09 11:08     94800   ----a-w-        c:\windows\system32\drivers\aswmon.sys
  95. 2010-03-05 20:57 . 2010-03-09 11:08     28880   ----a-w-        c:\windows\system32\drivers\aavmker4.sys
  96. 2010-03-05 20:57 . 2010-03-09 11:24     153184  ----a-w-        c:\windows\system32\aswBoot.exe
  97. 2010-03-05 20:57 . 2010-02-11 18:53     38848   ----a-w-        c:\windows\system32\avastSS.scr
  98. 2010-03-05 20:57 . 2010-03-05 20:57     --------        d-----w-        c:\program files\Alwil Software
  99. 2010-03-05 20:57 . 2010-03-05 20:57     --------        d-----w-        c:\documents and settings\All Users\Application Data\Alwil Software
  100. 2010-03-05 20:38 . 2010-03-05 20:57     --------        d-----w-        c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
  101. 2010-03-05 20:38 . 2010-03-05 20:40     --------        d-----w-        c:\program files\Spybot - Search & Destroy
  102. 2010-03-05 20:32 . 2010-03-05 20:32     388096  ----a-r-        c:\documents and settings\George Mumford\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
  103. 2010-03-05 20:32 . 2010-03-05 20:32     --------        d-----w-        c:\program files\TrendMicro
  104. 2010-03-05 00:11 . 2010-03-05 00:11     41872   ----a-w-        c:\windows\system32\xfcodec.dll
  105. 2010-03-04 22:11 . 2010-03-04 22:11     --------        d-----w-        c:\documents and settings\George Mumford\Local Settings\Application Data\Identities
  106. 2010-03-04 21:54 . 2010-03-04 21:54     --------        d-----w-        c:\windows\Sun
  107. 2010-03-04 18:48 . 2010-03-04 18:48     --------        d-----w-        c:\documents and settings\All Users\Application Data\Blizzard
  108. 2010-03-03 22:15 . 2010-03-03 22:15     --------        d-----w-        c:\documents and settings\George Mumford\Application Data\Toolbar4
  109. 2010-03-03 22:15 . 2010-03-20 17:06     --------        d-----w-        c:\program files\HypreCam Toolbar
  110. 2010-03-03 22:15 . 2010-03-03 22:15     --------        d-----w-        c:\program files\HyCam2
  111. 2010-03-03 19:23 . 2010-03-03 19:23     --------        d-----w-        c:\documents and settings\George Mumford\Application Data\Logitech
  112. 2010-03-03 19:09 . 2010-03-03 19:09     --------        d-----w-        c:\documents and settings\All Users\Application Data\Messenger Plus!
  113. 2010-03-03 19:09 . 2010-03-03 19:09     --------        d-----w-        c:\program files\Messenger Plus! Live
  114. 2010-03-02 23:47 . 2010-03-02 23:47     1923768 ----a-w-        c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
  115. 2010-02-28 20:00 . 2010-02-28 20:00     --------        d-----w-        c:\program files\S.A.D
  116. 2010-02-28 10:42 . 2010-03-06 11:30     --------        d-----w-        c:\documents and settings\George Mumford\Local Settings\Application Data\Adobe
  117. 2010-02-28 10:42 . 2010-02-28 10:42     --------        d-----w-        c:\program files\Common Files\Adobe
  118. 2010-02-28 10:18 . 2010-03-20 10:54     1733352 ----a-w-        c:\documents and settings\All Users\Application Data\Nexon\Common\nmconew.dll
  119. 2010-02-28 10:10 . 2010-03-20 10:54     1823456 ----a-w-        c:\documents and settings\All Users\Application Data\Nexon\Common\NMService.exe
  120. 2010-02-28 10:10 . 2010-02-28 10:17     --------        d-----w-        C:\Nexon
  121. 2010-02-28 10:10 . 2010-03-20 10:51     475888  ----a-w-        c:\documents and settings\All Users\Application Data\Nexon\NGM\NGMResource.dll
  122. 2010-02-28 10:10 . 2010-03-20 10:51     783080  ----a-w-        c:\documents and settings\All Users\Application Data\Nexon\NGM\NGMDll.dll
  123. 2010-02-28 10:10 . 2010-02-28 10:11     307944  ----a-w-        c:\documents and settings\All Users\Application Data\Nexon\Common\nmcogame.dll
  124. 2010-02-28 10:10 . 2010-02-28 10:11     176864  ----a-w-        c:\documents and settings\All Users\Application Data\Nexon\NGM\NGM.exe
  125. 2010-02-28 10:10 . 2010-02-28 10:11     131808  ----a-w-        c:\documents and settings\All Users\Application Data\Nexon\NGM\nxgame.dll
  126. 2010-02-28 10:10 . 2010-02-28 10:11     103136  ----a-w-        c:\documents and settings\All Users\Application Data\Nexon\NGM\npNxGame.dll
  127. 2010-02-28 10:09 . 2010-02-28 10:13     --------        d-----w-        c:\documents and settings\All Users\Application Data\Nexon
  128. 2010-02-28 08:15 . 2010-02-28 08:15     --------        d-----w-        c:\program files\Microsoft CAPICOM 2.1.0.2
  129. 2010-02-27 21:04 . 2010-03-19 23:22     --------        d-----w-        c:\documents and settings\George Mumford\Local Settings\Application Data\Hyperz
  130. 2010-02-27 14:49 . 2001-08-17 22:36     8704    -c--a-w-        c:\windows\system32\dllcache\kbdjpn.dll
  131. 2010-02-27 14:49 . 2001-08-17 22:36     8704    ----a-w-        c:\windows\system32\kbdjpn.dll
  132. 2010-02-27 14:49 . 2001-08-17 22:36     8192    -c--a-w-        c:\windows\system32\dllcache\kbdkor.dll
  133. 2010-02-27 14:49 . 2001-08-17 22:36     8192    ----a-w-        c:\windows\system32\kbdkor.dll
  134. 2010-02-27 14:49 . 2001-08-17 14:55     6144    -c--a-w-        c:\windows\system32\dllcache\kbd106.dll
  135. 2010-02-27 14:49 . 2001-08-17 14:55     6144    -c--a-w-        c:\windows\system32\dllcache\kbd101c.dll
  136. 2010-02-27 14:49 . 2001-08-17 14:55     6144    ----a-w-        c:\windows\system32\kbd106.dll
  137. 2010-02-27 14:49 . 2001-08-17 14:55     6144    ----a-w-        c:\windows\system32\kbd101c.dll
  138. 2010-02-27 14:49 . 2001-08-17 14:55     5632    -c--a-w-        c:\windows\system32\dllcache\kbd103.dll
  139. 2010-02-27 14:49 . 2001-08-17 14:55     5632    ----a-w-        c:\windows\system32\kbd103.dll
  140. 2010-02-27 14:49 . 2001-08-17 14:55     6144    -c--a-w-        c:\windows\system32\dllcache\kbd101b.dll
  141. 2010-02-27 14:49 . 2001-08-17 14:55     6144    ----a-w-        c:\windows\system32\kbd101b.dll
  142. 2010-02-27 13:03 . 2010-02-27 13:03     33792   ----a-w-        c:\documents and settings\George Mumford\Application Data\Urban Labs.exe
  143. 2010-02-27 11:38 . 2010-02-27 11:38     --------        d-----w-        c:\documents and settings\George Mumford\Local Settings\Application Data\GlobalSCAPE
  144. 2010-02-27 11:38 . 2010-02-27 11:38     --------        d-----w-        c:\documents and settings\All Users\Application Data\GlobalSCAPE
  145. 2010-02-27 11:28 . 2010-02-27 11:28     --------        d-----w-        c:\documents and settings\All Users\Application Data\ESET
  146. 2010-02-27 11:27 . 2010-02-27 11:27     --------        d-----w-        c:\documents and settings\George Mumford\Application Data\GlobalSCAPE
  147. 2010-02-27 11:27 . 2010-02-27 11:27     --------        d-----w-        c:\program files\GlobalSCAPE
  148.  
  149. .
  150. ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
  151. .
  152. 2010-03-21 08:24 . 2010-03-05 08:13     --------        d-----w-        c:\documents and settings\George Mumford\Application Data\LimeWire
  153. 2010-03-20 10:03 . 2010-02-16 19:00     --------        d-----w-        c:\documents and settings\All Users\Application Data\Microsoft Help
  154. 2010-03-19 23:41 . 2010-02-16 16:49     --------        d-----w-        c:\documents and settings\George Mumford\Application Data\vlc
  155. 2010-03-14 08:55 . 2010-02-16 18:51     69624   ----a-w-        c:\documents and settings\George Mumford\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
  156. 2010-03-13 07:26 . 2010-03-13 07:26     0       ----a-w-        c:\documents and settings\George Mumford\Application Data\config.bin
  157. 2010-03-06 13:31 . 2010-03-06 13:31     --------        d-----w-        c:\program files\Electronic Arts
  158. 2010-03-03 07:36 . 2010-02-16 16:42     --------        d-----w-        c:\documents and settings\All Users\Application Data\NOS
  159. 2010-02-27 11:27 . 2010-02-07 17:46     --------        d--h--w-        c:\program files\InstallShield Installation Information
  160. 2010-02-23 03:46 . 2010-02-07 17:28     87747   ----a-w-        c:\windows\pchealth\helpctr\OfflineCache\index.dat
  161. 2010-02-19 17:30 . 2010-02-19 17:30     --------        d-----w-        c:\program files\Realtek
  162. 2010-02-19 17:24 . 2010-02-16 18:42     --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
  163. 2010-02-16 19:04 . 2010-02-16 19:00     --------        d-----w-        c:\program files\Microsoft Platform SDK
  164. 2010-02-16 19:00 . 2010-02-16 19:00     --------        d-----w-        c:\program files\Microsoft Visual Studio .NET 2003
  165. 2010-02-16 18:42 . 2010-02-16 18:42     --------        d-----w-        c:\program files\AGEIA Technologies
  166. 2010-02-16 18:42 . 2010-02-16 18:42     --------        d-----w-        c:\documents and settings\All Users\Application Data\NVIDIA Corporation
  167. 2010-02-16 18:42 . 2010-02-16 18:42     --------        d-----w-        c:\program files\NVIDIA Corporation
  168. 2010-02-16 16:49 . 2010-02-16 16:49     --------        d-----w-        c:\program files\VideoLAN
  169. 2010-02-16 16:42 . 2010-02-16 16:42     1955472 ----a-w-        c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
  170. 2010-02-07 18:10 . 2010-02-07 18:10     552     ----a-w-        c:\windows\system32\d3d8caps.dat
  171. 2010-02-07 17:46 . 2010-02-07 17:46     20747   ----a-w-        c:\windows\system32\drivers\AegisP.sys
  172. 2010-02-07 17:46 . 2010-02-07 17:46     --------        d-----w-        c:\documents and settings\George Mumford\Application Data\InstallShield
  173. 2010-02-07 17:38 . 2010-02-07 17:38     --------        d-----w-        c:\program files\RGB
  174. 2010-02-07 17:37 . 2010-02-07 17:37     --------        d-----w-        c:\documents and settings\All Users\Application Data\DIGStream
  175. 2010-02-07 17:37 . 2010-02-07 17:37     --------        d-----w-        c:\program files\ESPNMotion
  176. 2010-02-07 17:37 . 2010-02-07 17:37     --------        d-----w-        c:\program files\DIGStream
  177. 2010-02-07 17:37 . 2010-02-07 17:37     137     ----a-w-        c:\documents and settings\George Mumford\Local Settings\Application Data\fusioncache.dat
  178. 2010-02-07 17:37 . 2010-02-07 17:37     --------        d-----w-        c:\program files\GemMaster
  179. 2010-02-07 17:37 . 2010-02-07 17:37     --------        d-----w-        c:\program files\EnglishOtto
  180. 2010-02-07 17:29 . 2010-02-07 17:29     --------        d-----w-        c:\program files\microsoft frontpage
  181. 2010-02-07 17:26 . 2010-02-07 17:26     21640   ----a-w-        c:\windows\system32\emptyregdb.dat
  182. 2010-02-07 17:25 . 2010-02-07 17:25     --------        d-----w-        c:\program files\Windows Plus
  183. 2010-02-07 10:42 . 2010-02-07 10:42     --------        d-----w-        c:\program files\Alcohol Soft
  184. 2010-02-07 10:40 . 2010-02-07 10:40     691696  ----a-w-        c:\windows\system32\drivers\sptd.sys
  185. 2010-02-07 10:36 . 2010-02-07 10:36     --------        d-----w-        c:\program files\MSBuild
  186. 2010-02-07 10:36 . 2010-02-07 10:36     --------        d-----w-        c:\program files\Reference Assemblies
  187. 2010-02-07 10:35 . 2010-02-07 10:35     --------        d-----w-        c:\program files\MSXML 6.0
  188. 2010-01-12 06:17 . 2010-01-12 06:17     278120  ----a-w-        c:\windows\system32\nvmccs.dll
  189. 2010-01-12 06:17 . 2010-01-12 06:17     154216  ----a-w-        c:\windows\system32\nvsvc32.exe
  190. 2010-01-12 06:17 . 2010-01-12 06:17     145000  ----a-w-        c:\windows\system32\nvcolor.exe
  191. 2010-01-12 06:17 . 2010-01-12 06:17     13666408        ----a-w-        c:\windows\system32\nvcpl.dll
  192. 2010-01-12 06:17 . 2010-01-12 06:17     110696  ----a-w-        c:\windows\system32\nvmctray.dll
  193. 2010-01-12 06:17 . 2010-01-12 06:17     81920   ----a-w-        c:\windows\system32\nvwddi.dll
  194. 2010-01-12 04:03 . 2010-02-16 18:42     61440   ----a-w-        c:\windows\system32\OpenCL.dll
  195. 2010-01-12 04:03 . 2010-02-16 18:42     4104192 ----a-w-        c:\windows\system32\nvcuda.dll
  196. 2010-01-12 04:03 . 2010-02-16 18:42     4077672 ----a-w-        c:\windows\system32\nvcuvenc.dll
  197. 2010-01-12 04:03 . 2010-02-16 18:42     2259560 ----a-w-        c:\windows\system32\nvcuvid.dll
  198. 2010-01-12 04:03 . 2010-02-16 18:42     14458880        ----a-w-        c:\windows\system32\nvoglnt.dll
  199. 2010-01-12 04:03 . 2010-02-16 18:42     10276768        ----a-w-        c:\windows\system32\drivers\nv4_mini.sys
  200. 2010-01-12 04:03 . 2010-02-16 18:42     6359168 ----a-w-        c:\windows\system32\nv4_disp.dll
  201. 2010-01-12 04:03 . 2010-02-16 18:42     2283526 ----a-w-        c:\windows\system32\nvdata.bin
  202. 2010-01-12 04:03 . 2010-02-16 18:42     182888  ----a-w-        c:\windows\system32\nvcodins.dll
  203. 2010-01-12 04:03 . 2010-02-16 18:42     182888  ----a-w-        c:\windows\system32\nvcod.dll
  204. 2010-01-12 04:03 . 2010-02-16 18:42     11632640        ----a-w-        c:\windows\system32\nvcompiler.dll
  205. 2010-01-12 04:03 . 2010-02-16 18:42     1081344 ----a-w-        c:\windows\system32\nvapi.dll
  206. 2010-01-08 23:42 . 2010-01-08 23:42     37376   ----a-w-        c:\windows\system32\drivers\HssDrv.sys
  207. 2010-01-08 23:42 . 2010-01-08 23:42     32768   ----a-w-        c:\windows\system32\drivers\taphss.sys
  208. 2009-12-31 16:14 . 2004-08-10 11:00     352640  ----a-w-        c:\windows\system32\drivers\srv.sys
  209. 2009-12-21 19:14 . 2004-08-10 11:00     916480  ------w-        c:\windows\system32\wininet.dll
  210. .
  211.  
  212. (((((((((((((((((((((((((((((   SnapShot@2010-03-20_17.07.13   )))))))))))))))))))))))))))))))))))))))))
  213. .
  214. + 2010-03-21 08:29 . 2010-03-21 08:29   16384              c:\windows\Temp\Perflib_Perfdata_588.dat
  215. .
  216. (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
  217. .
  218. .
  219. *Note* empty entries & legit default entries are not shown
  220. REGEDIT4
  221.  
  222. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
  223. 2010-03-06 16:50        220208  ----a-w-        c:\program files\Hotspot Shield\hssie\HssIE.dll
  224.  
  225. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  226. "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]
  227. "RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-03-13 160328]
  228. "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]
  229. "Google Update"="c:\documents and settings\George Mumford\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-16 135664]
  230. "NexonPlug"="c:\nexon\NexonPlug\NexonPlug.exe" [2010-03-17 2015952]
  231. "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-13 319792]
  232.  
  233. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  234. "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
  235. "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
  236. "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
  237. "RTHDCPL"="RTHDCPL.EXE" [2009-11-18 18789408]
  238. "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
  239. "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-02-15 417792]
  240. "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
  241. "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
  242. "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
  243. "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
  244.  
  245. c:\documents and settings\George Mumford\Start Menu\Programs\Startup\
  246. LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]
  247.  
  248. [HKLM\~\startupfolder\C:^Documents and Settings^George Mumford^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
  249. path=c:\documents and settings\George Mumford\Start Menu\Programs\Startup\LimeWire On Startup.lnk
  250. backup=c:\windows\pss\LimeWire On Startup.lnkStartup
  251.  
  252. [HKLM\~\startupfolder\C:^Documents and Settings^George Mumford^Start Menu^Programs^Startup^Logitech . Product Registration.lnk]
  253. path=c:\documents and settings\George Mumford\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
  254. backup=c:\windows\pss\Logitech . Product Registration.lnkStartup
  255.  
  256. [HKLM\~\startupfolder\C:^Documents and Settings^George Mumford^Start Menu^Programs^Startup^Xfire.lnk]
  257. path=c:\documents and settings\George Mumford\Start Menu\Programs\Startup\Xfire.lnk
  258. backup=c:\windows\pss\Xfire.lnkStartup
  259.  
  260. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
  261. 2009-12-11 15:57        948672  ----a-r-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
  262.  
  263. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
  264. 2009-12-30 23:25        1208832 ----a-w-        c:\program files\FileZilla Server\FileZilla Server Interface.exe
  265.  
  266. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
  267. 2010-02-16 18:51        135664  ----atw-        c:\documents and settings\George Mumford\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
  268.  
  269. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
  270. 2009-07-16 15:35        5458704 ----a-w-        c:\program files\Logitech\Logitech Vid\Vid.exe
  271.  
  272. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
  273. 2009-07-27 00:44        3883856 ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
  274.  
  275. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexonPlug]
  276. 2010-03-17 07:39        2015952 ----a-w-        c:\nexon\NexonPlug\NexonPlug.exe
  277.  
  278. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
  279. 2009-03-05 16:07        2260480 --sha-r-        c:\program files\Spybot - Search & Destroy\TeaTimer.exe
  280.  
  281. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
  282. 2010-03-20 00:41        1217872 ----a-w-        c:\program files\Steam\Steam.exe
  283.  
  284. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
  285. 2010-03-13 09:23        319792  ----a-w-        c:\program files\uTorrent\uTorrent.exe
  286.  
  287. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  288. "%windir%\\system32\\sessmgr.exe"=
  289. "c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
  290. "c:\\Program Files\\Steam\\Steam.exe"=
  291. "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
  292. "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  293. "c:\\Program Files\\Xfire\\Xfire.exe"=
  294. "c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
  295. "c:\\Program Files\\uTorrent\\uTorrent.exe"=
  296. "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
  297. "c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\NGM\\NGM.exe"=
  298. "c:\\Documents and Settings\\All Users\\Application Data\\Nexon\\Common\\NMService.exe"=
  299. "c:\\Nexon\\NexonPlug\\NMService.exe"=
  300. "c:\\Program Files\\LimeWire\\LimeWire.exe"=
  301. "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
  302. "c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
  303. "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
  304. "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
  305. "c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
  306. "c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
  307. "c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
  308. "c:\\Program Files\\Steam\\steamapps\\common\\operation flashpoint dragon rising\\OFDR.exe"=
  309. "c:\\Program Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
  310. "c:\\RTW\\APB_Beta-EU\\Binaries\\USER-APBGame_USE_ME.exe"=
  311. "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
  312. "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
  313. "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
  314. "c:\\Program Files\\Steam\\steamapps\\common\\just cause 2 demo\\JustCause2.exe"=
  315. "c:\\Documents and Settings\\George Mumford\\Desktop\\Hacks\\AARC\\ARC.exe"=
  316. "c:\\Documents and Settings\\George Mumford\\Desktop\\Hacks\\CyberGate v1.03.0 - Public version\\CyberGate v1.03.0.exe"=
  317.  
  318. R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/5/2010 8:57 PM 162640]
  319. R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [2/24/2010 5:07 PM 33824]
  320. R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/5/2010 8:57 PM 19024]
  321. R2 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2/28/2010 8:00 PM 2211328]
  322. R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [1/8/2010 11:42 PM 285744]
  323. S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/7/2010 10:40 AM 691696]
  324. S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/19/2010 5:30 PM 1684736]
  325.  
  326. [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{OPKFG6N4-26JQ-NLSD-P525-6V14U6L2MH37}]
  327. 2006-03-17 05:24        1069193 ------w-        c:\program files\Microsoft\Windows Update.exe
  328. .
  329. Contents of the 'Scheduled Tasks' folder
  330.  
  331. 2010-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job
  332. - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
  333.  
  334. 2010-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1801674531-839522115-1003Core.job
  335. - c:\documents and settings\George Mumford\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 18:51]
  336.  
  337. 2010-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-823518204-1801674531-839522115-1003UA.job
  338. - c:\documents and settings\George Mumford\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-16 18:51]
  339.  
  340. 2010-03-21 c:\windows\Tasks\User_Feed_Synchronization-{BE9E362D-2BAC-4ACE-B3CA-ED65CE24824D}.job
  341. - c:\windows\system32\msfeedssync.exe [2009-03-08 04:31]
  342. .
  343. .
  344. ------- Supplementary Scan -------
  345. .
  346. uStart Page = hxxp://start.nexon.com
  347. IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
  348. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
  349. IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
  350. IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
  351. IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
  352. FF - ProfilePath - c:\documents and settings\George Mumford\Application Data\Mozilla\Firefox\Profiles\ug4rddx2.default\
  353. FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
  354. FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
  355. FF - plugin: c:\documents and settings\All Users\Application Data\Nexon\NGM\npNxGame.dll
  356. FF - plugin: c:\documents and settings\George Mumford\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
  357. FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
  358. FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
  359.  
  360. ---- FIREFOX POLICIES ----
  361. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
  362. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
  363. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
  364. c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
  365. c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
  366. c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
  367. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
  368. c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
  369. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
  370. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
  371. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
  372. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
  373. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
  374. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
  375. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
  376. c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
  377. c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
  378. c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
  379. c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
  380. c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
  381. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
  382. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
  383. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
  384. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
  385. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
  386. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
  387. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
  388. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
  389. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
  390. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
  391. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
  392. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
  393. .
  394. - - - - ORPHANS REMOVED - - - -
  395.  
  396. BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
  397. HKCU-Run-Nvidia Driver - c:\documents and settings\George Mumford\Application Data\nvdisp.exe
  398. HKLM-Run-Nvidia driver - c:\documents and settings\George Mumford\Application Data\nvdisp.exe
  399.  
  400.  
  401.  
  402. **************************************************************************
  403. scanning hidden processes ...  
  404.  
  405. scanning hidden autostart entries ...
  406.  
  407. scanning hidden files ...  
  408.  
  409. scan completed successfully
  410. hidden files:
  411.  
  412. **************************************************************************
  413. .
  414. --------------------- LOCKED REGISTRY KEYS ---------------------
  415.  
  416. [HKEY_USERS\S-1-5-21-823518204-1801674531-839522115-1003\Software\SecuROM\License information*]
  417. "datasecu"=hex:5d,ad,85,86,34,19,ca,51,60,1d,27,23,da,c2,32,97,79,ec,da,0c,c4,
  418.    29,3b,be,de,6b,d6,5e,0a,94,ba,d3,97,65,98,18,3a,1a,ac,6a,32,7a,0c,e9,fa,9d,\
  419. "rkeysecu"=hex:17,43,a6,f3,1b,27,6b,96,a1,89,a6,03,41,34,47,7a
  420. .
  421. Completion time: 2010-03-21  08:38:09
  422. ComboFix-quarantined-files.txt  2010-03-21 08:38
  423. ComboFix2.txt  2010-03-20 17:08
  424.  
  425. Pre-Run: 216,193,077,248 bytes free
  426. Post-Run: 216,196,993,024 bytes free
  427.  
  428. - - End Of File - - E4E43C95D1BC6990750CB97AF4CC0726
create new paste | create new version of this paste RAW Paste Data