API tools faq
paste
Guest User

Untitled

a guest
Jul 12th, 2014
337
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 24.25 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 14-07-12.02 - Hobo 07/12/2014 18:23:42.10.4 - x64
  2. Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.5989 [GMT -6:00]
  3. Running from: c:\users\Hobo\Desktop\ComboFix.exe
  4. Command switches used :: c:\users\Hobo\Desktop\CFScript.txt
  5. SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  6. .
  7. .
  8. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  9. .
  10. .
  11. c:\users\Hobo\AppData\Roaming\TuneUp Software
  12. .
  13. .
  14. ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
  15. .
  16. .
  17. -------\Legacy_LJVMXT
  18. -------\Service_ljvmxt
  19. .
  20. .
  21. ((((((((((((((((((((((((( Files Created from 2014-06-13 to 2014-07-13 )))))))))))))))))))))))))))))))
  22. .
  23. .
  24. 2014-07-13 00:31 . 2014-07-13 00:31 -------- d-----w- c:\users\Public\AppData\Local\temp
  25. 2014-07-13 00:31 . 2014-07-13 00:31 -------- d-----w- c:\users\hedev\AppData\Local\temp
  26. 2014-07-13 00:31 . 2014-07-13 00:31 -------- d-----w- c:\users\Default\AppData\Local\temp
  27. 2014-07-12 08:32 . 2014-06-17 08:57 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{308D71E2-2594-419D-8A56-59C0CBE1A8A1}\mpengine.dll
  28. 2014-07-11 01:52 . 2014-07-11 20:21 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
  29. 2014-07-10 06:14 . 2014-05-30 08:08 340992 ----a-w- c:\windows\system32\schannel.dll
  30. 2014-07-10 06:13 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
  31. 2014-07-10 06:13 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
  32. 2014-07-10 06:13 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
  33. 2014-07-09 23:02 . 2014-07-09 23:02 -------- d-----w- c:\program files (x86)\ESET
  34. 2014-07-06 22:32 . 2014-07-06 22:32 -------- d-----w- c:\users\Hobo\AppData\Local\PassMark
  35. 2014-07-06 22:32 . 2014-07-06 22:32 -------- d-----w- c:\programdata\Passmark
  36. 2014-07-06 22:32 . 2014-07-06 22:32 -------- d-----w- c:\program files\PerformanceTest
  37. 2014-07-06 22:24 . 2014-07-06 22:26 -------- d-----w- C:\Fraps
  38. 2014-07-06 22:00 . 2014-07-06 22:00 -------- d-----w- c:\programdata\ATI
  39. 2014-07-06 22:00 . 2014-07-06 22:00 -------- d-----w- c:\program files (x86)\AMD AVT
  40. 2014-07-06 22:00 . 2014-07-06 22:00 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
  41. 2014-07-06 21:58 . 2013-09-24 14:53 94208 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
  42. 2014-07-06 21:58 . 2013-09-24 14:51 110080 ----a-w- c:\windows\system32\DelayAPO.dll
  43. 2014-07-06 21:57 . 2013-09-12 02:26 229888 ----a-w- c:\windows\system32\clinfo.exe
  44. 2014-07-06 21:57 . 2013-09-12 02:21 63488 ----a-w- c:\windows\system32\OpenCL.dll
  45. 2014-07-06 21:57 . 2013-09-12 02:21 57344 ----a-w- c:\windows\SysWow64\OpenCL.dll
  46. 2014-07-06 21:57 . 2013-09-12 02:26 129536 ----a-w- c:\windows\system32\coinst_13.20.dll
  47. 2014-07-06 21:57 . 2013-09-12 02:26 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
  48. 2014-07-06 21:57 . 2013-09-12 02:26 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
  49. 2014-07-06 21:57 . 2013-09-12 02:23 24008704 ----a-w- c:\windows\SysWow64\amdocl.dll
  50. 2014-07-06 21:57 . 2013-09-12 02:25 86528 ----a-w- c:\windows\system32\OVDecode64.dll
  51. 2014-07-06 21:57 . 2013-09-12 02:25 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
  52. 2014-07-06 21:57 . 2013-09-12 01:48 442368 ----a-w- c:\windows\system32\atidemgy.dll
  53. 2014-07-06 21:57 . 2013-09-12 02:25 28469248 ----a-w- c:\windows\system32\amdocl64.dll
  54. 2014-07-06 21:55 . 2014-07-06 21:55 -------- d-----w- c:\program files (x86)\ATI Technologies
  55. 2014-07-06 21:52 . 2014-07-06 21:59 -------- d-----w- c:\program files\ATI Technologies
  56. 2014-07-06 21:52 . 2014-07-06 21:52 -------- d-----w- c:\program files\ATI
  57. 2014-07-06 06:23 . 2014-07-06 06:33 -------- d-----w- c:\users\Hobo\AppData\Roaming\Bitcoin
  58. 2014-06-30 08:01 . 2014-06-30 08:01 -------- d-----w- c:\users\Hobo\AppData\Local\Adobe
  59. 2014-06-29 19:12 . 2014-06-29 19:12 -------- d-----w- c:\users\Hobo\AppData\Roaming\Comodo
  60. 2014-06-29 07:49 . 2014-07-08 17:40 -------- d-----w- C:\FRST
  61. 2014-06-29 07:10 . 2014-06-29 07:10 -------- d-----w- C:\OETemp
  62. 2014-06-29 06:33 . 2014-06-29 06:48 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
  63. 2014-06-29 06:07 . 2014-06-29 06:07 -------- d-----w- C:\TDSSKiller_Quarantine
  64. 2014-06-28 06:11 . 2014-06-29 06:33 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
  65. 2014-06-28 06:11 . 2014-06-29 06:33 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
  66. 2014-06-28 06:11 . 2014-05-12 13:35 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
  67. 2014-06-28 06:11 . 2014-05-12 13:35 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
  68. 2014-06-28 06:11 . 2014-06-28 06:11 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
  69. 2014-06-28 06:11 . 2014-06-28 06:11 -------- d-----w- c:\programdata\Malwarebytes
  70. 2014-06-28 06:05 . 2010-08-30 14:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
  71. 2014-06-28 06:04 . 2014-06-28 07:17 -------- d-----w- C:\AdwCleaner
  72. .
  73. .
  74. .
  75. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  76. .
  77. 2014-07-10 07:35 . 2011-12-26 07:47 96441528 ----a-w- c:\windows\system32\MRT.exe
  78. 2014-07-09 17:01 . 2012-06-13 04:34 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
  79. 2014-07-09 17:01 . 2011-09-14 02:30 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  80. 2014-05-29 13:32 . 2014-05-29 13:32 80384 ----a-w- c:\windows\system32\RazerCoinstaller.dll
  81. 2014-05-19 06:47 . 2014-05-19 06:47 39080 ----a-w- c:\windows\system32\drivers\rzendpt.sys
  82. 2014-05-19 06:47 . 2014-05-19 06:47 155816 ----a-w- c:\windows\system32\drivers\rzudd.sys
  83. 2014-05-08 09:32 . 2014-06-11 10:23 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
  84. 2014-05-08 09:32 . 2014-06-11 10:23 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
  85. 2014-04-25 02:34 . 2014-06-11 10:23 801280 ----a-w- c:\windows\system32\usp10.dll
  86. 2014-04-25 02:06 . 2014-06-11 10:23 626688 ----a-w- c:\windows\SysWow64\usp10.dll
  87. 2014-04-18 02:39 . 2014-04-18 02:39 274656 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
  88. 2014-04-18 02:13 . 2014-04-18 02:13 127488 ----a-w- c:\windows\system32\mantle64.dll
  89. 2014-04-18 02:13 . 2014-04-18 02:13 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
  90. 2014-04-18 02:12 . 2014-04-18 02:12 5442048 ----a-w- c:\windows\system32\amdmantle64.dll
  91. 2014-04-18 01:58 . 2014-04-18 01:58 4358656 ----a-w- c:\windows\SysWow64\amdmantle32.dll
  92. 2014-04-18 01:45 . 2014-04-18 01:45 91136 ----a-w- c:\windows\system32\mantleaxl64.dll
  93. 2014-04-18 01:45 . 2014-04-18 01:45 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
  94. 2014-04-18 01:33 . 2014-04-18 01:33 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
  95. 2014-04-18 01:33 . 2014-04-18 01:33 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
  96. .
  97. .
  98. (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
  99. .
  100. ---- Directory of c:\users\Default\AppData\Local\temp ----
  101. .
  102. .
  103. ---- Directory of c:\users\hedev\AppData\Local\temp ----
  104. .
  105. .
  106. ---- Directory of c:\users\Hobo\AppData\Roaming\Bitcoin ----
  107. .
  108. 2014-07-06 06:33 . 2014-07-06 06:33 772584 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\peers.dat
  109. 2014-07-06 06:33 . 2014-07-06 06:33 378932 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\blocks\index\000058.ldb
  110. 2014-07-06 06:33 . 2014-07-06 06:33 384578 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\blocks\index\000057.log
  111. 2014-07-06 06:32 . 2014-07-06 06:32 1254075 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\blocks\index\000056.ldb
  112. 2014-07-06 06:32 . 2014-07-06 06:32 2141439 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\blocks\index\000055.ldb
  113. 2014-07-06 06:30 . 2014-07-06 06:33 343730 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\chainstate\000006.log
  114. 2014-07-06 06:30 . 2014-07-06 06:33 110 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\chainstate\MANIFEST-000004
  115. 2014-07-06 06:30 . 2014-07-06 06:30 1868726 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\chainstate\000005.ldb
  116. 2014-07-06 06:30 . 2014-07-06 06:33 824 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\blocks\index\MANIFEST-000048
  117. 2014-07-06 06:26 . 2014-07-06 06:26 57 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\bitcoin.conf
  118. 2014-07-06 06:24 . 2014-07-06 06:24 376135 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\blocks\index\000005.ldb
  119. 2014-07-06 06:23 . 2014-07-06 06:33 90112 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\wallet.dat
  120. 2014-07-06 06:23 . 2014-07-06 06:33 2097152 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\blocks\rev00000.dat
  121. 2014-07-06 06:23 . 2014-07-06 06:33 16777216 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\blocks\blk00000.dat
  122. 2014-07-06 06:23 . 2014-07-06 06:30 16 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\chainstate\CURRENT
  123. 2014-07-06 06:23 . 2014-07-06 06:30 0 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\chainstate\LOCK
  124. 2014-07-06 06:23 . 2014-07-06 06:33 273 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\chainstate\LOG
  125. 2014-07-06 06:23 . 2014-07-06 06:27 49 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\chainstate\LOG.old
  126. 2014-07-06 06:23 . 2014-07-06 06:30 16 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\blocks\index\CURRENT
  127. 2014-07-06 06:23 . 2014-07-06 06:30 0 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\blocks\index\LOCK
  128. 2014-07-06 06:23 . 2014-07-06 06:33 1464 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\blocks\index\LOG
  129. 2014-07-06 06:23 . 2014-07-06 06:27 5707 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\blocks\index\LOG.old
  130. 2014-07-06 06:23 . 2014-07-06 06:23 0 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\db.log
  131. 2014-07-06 06:23 . 2014-07-06 06:23 0 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\.lock
  132. 2014-07-06 06:23 . 2014-07-06 06:33 6650820 ----a-w- c:\users\Hobo\AppData\Roaming\Bitcoin\debug.log
  133. .
  134. ---- Directory of c:\users\Public\AppData\Local\temp ----
  135. .
  136. .
  137. .
  138. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  139. .
  140. .
  141. *Note* empty entries & legit default entries are not shown
  142. REGEDIT4
  143. .
  144. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  145. "Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-06-24 55360]
  146. "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
  147. .
  148. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  149. "Razer Blackwidow Driver"="c:\program files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe" [2011-05-16 887712]
  150. "Razer Mamba Elite Driver"="c:\program files (x86)\Razer\Mamba\RazerMambaSysTray.exe" [2011-11-25 973720]
  151. "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-09-12 766208]
  152. .
  153. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  154. "ConsentPromptBehaviorAdmin"= 5 (0x5)
  155. "ConsentPromptBehaviorUser"= 3 (0x3)
  156. "EnableUIADesktopToggle"= 0 (0x0)
  157. .
  158. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
  159. "LoadAppInit_DLLs"=1 (0x1)
  160. .
  161. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
  162. "aux4"=wdmaud.drv
  163. .
  164. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
  165. R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
  166. R3 DIRECTIO;DIRECTIO;c:\program files\PerformanceTest\DirectIo64.sys;c:\program files\PerformanceTest\DirectIo64.sys [x]
  167. R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
  168. R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
  169. R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
  170. R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
  171. R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys;c:\windows\SYSNATIVE\drivers\pmxdrv.sys [x]
  172. R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
  173. R3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
  174. R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
  175. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
  176. R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
  177. R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
  178. R4 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
  179. R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
  180. S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
  181. S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
  182. S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
  183. S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
  184. S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
  185. S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [x]
  186. S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
  187. S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
  188. S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
  189. S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
  190. S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
  191. S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
  192. S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
  193. S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
  194. S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
  195. S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
  196. S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
  197. S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys;c:\windows\SYSNATIVE\DRIVERS\RzSynapse.sys [x]
  198. .
  199. .
  200. Contents of the 'Scheduled Tasks' folder
  201. .
  202. 2014-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
  203. - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 17:01]
  204. .
  205. .
  206. --------- X64 Entries -----------
  207. .
  208. .
  209. ------- Supplementary Scan -------
  210. .
  211. uLocal Page = c:\windows\system32\blank.htm
  212. uStart Page = hxxp://www.google.com/
  213. mLocal Page = c:\windows\SysWOW64\blank.htm
  214. uInternet Settings,ProxyOverride = local
  215. Trusted Zone: bleepingcomputer.com\www
  216. Trusted Zone: eset.com\www
  217. TCP: DhcpNameServer = 192.168.0.1 205.171.2.25
  218. FF - ProfilePath - c:\users\Hobo\AppData\Roaming\Mozilla\Firefox\Profiles\5n4qxvli.default\
  219. FF - prefs.js: browser.startup.homepage - hxxp://aps.blackboard.com
  220. FF - ExtSQL: !HIDDEN! 1970-05-29 12:30; {1C588501-281F-F986-6975-A4C9028F19EA}; -
  221. .
  222. - - - - ORPHANS REMOVED - - - -
  223. .
  224. AddRemove-{34681D92-5958-406A-A654-1B57E7A7B3DC} - c:\program files (x86)\InstallShield Installation Information\{34681D92-5958-406A-A654-1B57E7A7B3DC}\setup.exe
  225. .
  226. .
  227. .
  228. --------------------- LOCKED REGISTRY KEYS ---------------------
  229. .
  230. [HKEY_USERS\S-1-5-21-3494576438-3759727045-946588157-1000\Software\SecuROM\License information*]
  231. "datasecu"=hex:2c,d8,ec,ea,60,fb,02,e0,35,45,c2,93,0b,83,47,23,0c,49,72,11,cd,
  232. 39,b5,25,20,21,71,16,df,2e,04,c0,23,e1,f5,b8,86,86,dd,27,15,b0,65,8b,e4,d1,\
  233. "rkeysecu"=hex:3b,5c,e9,27,b0,78,64,84,6b,0e,8b,93,f4,9a,bb,cc
  234. .
  235. [HKEY_USERS\S-1-5-21-3494576438-3759727045-946588157-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\*]
  236. @Allowed: (B 1 4 5 6) (S-1-5-5-0-149943)
  237. .
  238. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  239. @Denied: (A 2) (Everyone)
  240. @="FlashBroker"
  241. "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
  242. .
  243. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
  244. "Enabled"=dword:00000001
  245. .
  246. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
  247. @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
  248. .
  249. [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
  250. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  251. .
  252. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  253. @Denied: (A 2) (Everyone)
  254. @="IFlashBroker5"
  255. .
  256. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
  257. @="{00020424-0000-0000-C000-000000000046}"
  258. .
  259. [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
  260. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  261. "Version"="1.0"
  262. .
  263. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  264. @Denied: (A 2) (Everyone)
  265. @="FlashBroker"
  266. "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
  267. .
  268. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
  269. "Enabled"=dword:00000001
  270. .
  271. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
  272. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
  273. .
  274. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
  275. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  276. .
  277. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  278. @Denied: (A 2) (Everyone)
  279. @="Shockwave Flash Object"
  280. .
  281. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  282. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
  283. "ThreadingModel"="Apartment"
  284. .
  285. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  286. @="0"
  287. .
  288. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  289. @="ShockwaveFlash.ShockwaveFlash.14"
  290. .
  291. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  292. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
  293. .
  294. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  295. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  296. .
  297. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  298. @="1.0"
  299. .
  300. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  301. @="ShockwaveFlash.ShockwaveFlash"
  302. .
  303. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  304. @Denied: (A 2) (Everyone)
  305. @="Macromedia Flash Factory Object"
  306. .
  307. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  308. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
  309. "ThreadingModel"="Apartment"
  310. .
  311. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  312. @="FlashFactory.FlashFactory.1"
  313. .
  314. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  315. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
  316. .
  317. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  318. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  319. .
  320. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  321. @="1.0"
  322. .
  323. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  324. @="FlashFactory.FlashFactory"
  325. .
  326. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  327. @Denied: (A 2) (Everyone)
  328. @="IFlashBroker5"
  329. .
  330. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
  331. @="{00020424-0000-0000-C000-000000000046}"
  332. .
  333. [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
  334. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  335. "Version"="1.0"
  336. .
  337. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  338. @Denied: (Full) (Everyone)
  339. .
  340. ------------------------ Other Running Processes ------------------------
  341. .
  342. c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
  343. c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
  344. c:\windows\SysWOW64\vmnat.exe
  345. c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
  346. c:\windows\SysWOW64\vmnetdhcp.exe
  347. c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
  348. c:\windows\syswow64\dllhost.exe
  349. c:\windows\syswow64\dllhost.exe
  350. c:\windows\syswow64\dllhost.exe
  351. c:\windows\syswow64\dllhost.exe
  352. c:\windows\syswow64\dllhost.exe
  353. c:\windows\syswow64\dllhost.exe
  354. c:\windows\syswow64\dllhost.exe
  355. c:\windows\syswow64\dllhost.exe
  356. c:\windows\syswow64\dllhost.exe
  357. c:\windows\syswow64\dllhost.exe
  358. c:\windows\syswow64\dllhost.exe
  359. c:\windows\syswow64\dllhost.exe
  360. c:\windows\syswow64\dllhost.exe
  361. c:\windows\syswow64\dllhost.exe
  362. c:\windows\syswow64\dllhost.exe
  363. c:\windows\syswow64\dllhost.exe
  364. c:\windows\syswow64\dllhost.exe
  365. c:\windows\syswow64\dllhost.exe
  366. c:\windows\syswow64\dllhost.exe
  367. c:\windows\syswow64\dllhost.exe
  368. c:\windows\syswow64\dllhost.exe
  369. c:\windows\syswow64\dllhost.exe
  370. c:\windows\syswow64\dllhost.exe
  371. c:\windows\syswow64\dllhost.exe
  372. c:\windows\syswow64\dllhost.exe
  373. c:\windows\syswow64\dllhost.exe
  374. c:\windows\syswow64\dllhost.exe
  375. c:\windows\syswow64\dllhost.exe
  376. c:\windows\syswow64\dllhost.exe
  377. c:\windows\syswow64\dllhost.exe
  378. c:\windows\syswow64\dllhost.exe
  379. c:\windows\syswow64\dllhost.exe
  380. c:\windows\SysWOW64\WerFault.exe
  381. .
  382. **************************************************************************
  383. .
  384. Completion time: 2014-07-12 18:47:46 - machine was rebooted
  385. ComboFix-quarantined-files.txt 2014-07-13 00:47
  386. ComboFix2.txt 2014-07-12 19:06
  387. ComboFix3.txt 2014-07-06 20:23
  388. ComboFix4.txt 2014-06-29 07:38
  389. ComboFix5.txt 2014-07-13 00:22
  390. .
  391. Pre-Run: 785,832,472,576 bytes free
  392. Post-Run: 784,763,211,776 bytes free
  393. .
  394. - - End Of File - - B997318313419971B48E79F3413DECF2
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!