API tools faq
paste
Advertisement
Ressy

Combo-Fix Log

Ressy
Feb 9th, 2011
161
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.45 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 11-02-09.02 - Benson Wood 02/09/2011 15:17:22.1.4 - x64 NETWORK
  2. Microsoft Windows 7 Ultimate N 6.1.7600.0.1252.1.1033.18.8190.7381 [GMT -6:00]
  3. Running from: c:\users\Benson Wood\Desktop\Combo-Fix.exe
  4. SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  5. * Created a new restore point
  6. .
  7.  
  8. ((((((((((((((((((((((((( Files Created from 2011-01-09 to 2011-02-09 )))))))))))))))))))))))))))))))
  9. .
  10.  
  11. 2011-02-09 21:20 . 2011-02-09 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp
  12. 2011-02-09 18:05 . 2010-12-21 00:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
  13. 2011-02-09 18:05 . 2011-02-09 18:05 -------- d-----w- c:\programdata\Malwarebytes
  14. 2011-02-09 18:04 . 2011-02-09 18:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
  15. 2011-02-09 18:04 . 2010-12-21 00:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
  16. 2011-02-09 17:51 . 2011-02-09 17:51 -------- d-----w- c:\programdata\NVIDIA
  17. 2011-02-09 17:49 . 2011-02-09 17:49 -------- d-----w- c:\programdata\NVIDIA Corporation
  18. 2011-02-09 15:33 . 2011-02-09 15:33 -------- d-----w- c:\windows\CheckSur
  19. 2011-02-09 15:23 . 2010-01-27 04:07 238696 ----a-w- c:\windows\system32\nvcohda6.dll
  20. 2011-02-09 15:23 . 2011-02-09 15:23 -------- d-----w- c:\windows\DEA314C409294250BC9298E4C105F28D.TMP
  21. 2011-02-09 15:21 . 2010-04-03 22:55 930272 ----a-w- c:\windows\system32\dpinst.exe
  22. 2011-02-09 15:21 . 2010-04-03 22:55 254056 ----a-w- c:\windows\system32\nvcod1914.dll
  23. 2011-02-09 15:21 . 2010-04-03 22:55 254056 ----a-w- c:\windows\system32\nvcod.dll
  24. 2011-02-09 15:21 . 2011-02-09 15:23 -------- d-----w- C:\NVIDIA
  25. 2011-02-09 12:37 . 2011-02-09 12:37 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
  26. 2011-02-09 04:08 . 2004-02-27 06:00 962612 ----a-w- c:\windows\SysWow64\mfc42d.dll
  27. 2011-02-09 04:08 . 2004-02-17 06:00 434252 ----a-w- c:\windows\SysWow64\MSVCRTD.DLL
  28. 2011-02-09 04:07 . 2011-02-09 04:07 -------- d-----w- c:\program files (x86)\Common Files\Adobe
  29. 2011-02-09 02:36 . 2009-09-30 03:33 24576 ----a-r- c:\windows\SysWow64\AsIO.dll
  30. 2011-02-09 02:36 . 2009-08-04 02:28 13440 ----a-r- c:\windows\SysWow64\drivers\AsIO.sys
  31. 2011-02-09 02:36 . 2011-02-09 04:08 -------- d-----w- c:\program files (x86)\ASUS
  32. 2011-02-04 17:23 . 2011-02-04 18:39 -------- d-----w- c:\program files (x86)\StarCraft II
  33. 2011-02-04 12:46 . 2009-11-05 20:08 1957888 ----a-w- c:\windows\system32\NcpCredentialProvider.dll
  34. 2011-02-04 12:46 . 2009-10-08 15:54 151016 ----a-w- c:\windows\system32\drivers\ncplelhp.sys
  35. 2011-02-04 12:46 . 2011-02-09 04:12 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
  36. 2011-02-04 12:46 . 2011-02-04 12:46 -------- d-----w- c:\program files (x86)\WatchGuard
  37. 2011-02-04 12:45 . 2011-02-09 02:36 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
  38. 2011-02-01 19:57 . 2011-02-01 19:57 -------- d-----w- c:\windows\SysWow64\Wat
  39. 2011-02-01 19:57 . 2011-02-01 19:57 -------- d-----w- c:\windows\system32\Wat
  40. 2011-02-01 19:51 . 2011-02-01 19:51 -------- d-----w- c:\program files (x86)\Microsoft.NET
  41. 2011-02-01 19:43 . 2011-02-01 19:43 -------- d-----w- c:\program files\Microsoft IntelliPoint
  42. 2011-02-01 19:43 . 2011-02-01 19:43 -------- d-----w- c:\windows\PCHEALTH
  43. 2011-02-01 19:32 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll
  44. 2011-02-01 19:32 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
  45. 2011-02-01 19:31 . 2011-02-01 19:31 -------- d-----w- c:\program files\Ventrilo
  46. 2011-02-01 19:31 . 2011-02-01 19:31 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
  47. 2011-02-01 19:28 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
  48. 2011-02-01 19:26 . 2009-11-25 18:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
  49. 2011-02-01 19:26 . 2009-11-25 18:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
  50. 2011-02-01 19:26 . 2009-11-25 18:47 48960 ----a-w- c:\windows\system32\netfxperf.dll
  51. 2011-02-01 19:26 . 2009-11-25 18:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
  52. 2011-02-01 19:26 . 2009-11-25 18:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
  53. 2011-02-01 19:26 . 2009-11-25 18:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
  54. 2011-02-01 19:26 . 2009-11-25 18:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
  55. 2011-02-01 19:26 . 2009-11-25 18:47 444752 ----a-w- c:\windows\system32\mscoree.dll
  56. 2011-02-01 19:26 . 2009-11-25 18:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe
  57. 2011-02-01 19:26 . 2009-11-25 18:47 1942856 ----a-w- c:\windows\system32\dfshim.dll
  58. 2011-02-01 19:21 . 2011-02-09 18:48 -------- d-----w- c:\program files (x86)\World of Warcraft
  59. 2011-02-01 19:21 . 2011-02-04 17:44 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
  60. 2011-02-01 19:20 . 2011-02-04 17:44 -------- d-----w- c:\programdata\Blizzard Entertainment
  61. 2011-02-01 19:18 . 2009-09-26 06:20 223448 ----a-w- c:\windows\system32\drivers\fvevol.sys
  62. 2011-02-01 19:15 . 2011-02-01 19:15 -------- d-----w- c:\windows\SysWow64\Macromed
  63. 2011-02-01 19:13 . 2010-10-19 16:41 270720 ------w- c:\windows\system32\MpSigStub.exe
  64. 2011-02-01 18:51 . 2010-09-07 20:09 29288 ----a-w- c:\windows\system32\nvhdap64.dll
  65. 2011-02-01 18:51 . 2010-09-07 20:08 155752 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
  66. 2011-02-01 18:51 . 2010-09-07 20:08 1308776 ----a-w- c:\windows\system32\nvgenco64.dll
  67. 2011-02-01 18:51 . 2011-02-09 17:46 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
  68. 2011-02-01 18:50 . 2011-02-09 17:49 -------- d-sh--w- c:\windows\Installer
  69. 2011-02-01 18:50 . 2010-10-16 18:55 1500264 ----a-w- c:\windows\system32\nvdispco642050.dll
  70. 2011-02-01 18:50 . 2010-10-16 18:55 1308776 ----a-w- c:\windows\system32\nvgenco642030.dll
  71. 2011-02-01 18:49 . 2011-02-09 17:49 -------- d-----w- c:\program files\NVIDIA Corporation
  72. 2011-02-01 18:11 . 2011-02-01 16:20 -------- d-----w- c:\windows\Panther
  73. 2011-02-01 18:11 . 2011-02-01 18:11 -------- d-----w- C:\Boot
  74. 2011-02-01 16:21 . 2011-02-01 16:21 -------- d-----w- c:\users\Benson Wood
  75. 2011-02-01 16:20 . 2011-02-01 16:20 -------- d-----w- C:\Recovery
  76.  
  77. .
  78. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  79. .
  80. 2011-02-09 02:38 . 2011-02-09 02:37 651273 ----a-w- c:\windows\M4A77TD-ASUS-2104.zip
  81. .
  82.  
  83. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  84. .
  85. .
  86. *Note* empty entries & legit default entries are not shown
  87. REGEDIT4
  88.  
  89. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  90. "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
  91.  
  92. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  93. "ConsentPromptBehaviorAdmin"= 0 (0x0)
  94. "ConsentPromptBehaviorUser"= 3 (0x3)
  95. "EnableLUA"= 0 (0x0)
  96. "EnableUIADesktopToggle"= 0 (0x0)
  97. "PromptOnSecureDesktop"= 0 (0x0)
  98.  
  99. R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
  100. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
  101. R3 ncpfilt;WatchGuard Filter;c:\windows\system32\DRIVERS\ncplelhp.sys [2009-10-08 151016]
  102. R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-01 1255736]
  103. S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
  104. S2 ncpclcfg;ncpclcfg;c:\program files (x86)\WatchGuard\Mobile VPN\ncpclcfg.exe [2008-06-30 86016]
  105. S2 ncprwsnt;ncprwsnt;c:\program files (x86)\WatchGuard\Mobile VPN\ncprwsnt.exe [2009-10-28 1381384]
  106. S2 NcpSec;NcpSec;c:\program files (x86)\WatchGuard\Mobile VPN\ncpsec.exe [2008-10-06 32768]
  107. S2 rwsrsu;rwsrsu;c:\program files (x86)\WatchGuard\Mobile VPN\rwsrsu.exe [2009-10-12 819712]
  108. S3 ncplelhp;WatchGuard Secure Client NDIS6 Driver;c:\windows\system32\DRIVERS\ncplelhp.sys [2009-10-08 151016]
  109. S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-09-07 155752]
  110. S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
  111. S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
  112. S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
  113.  
  114. .
  115.  
  116. --------- x86-64 -----------
  117.  
  118.  
  119. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  120. "LoadAppInit_DLLs"=0x0
  121. .
  122. ------- Supplementary Scan -------
  123. .
  124. uLocal Page = c:\windows\system32\blank.htm
  125. uStart Page = hxxp://www.google.com/
  126. mLocal Page = c:\windows\SysWOW64\blank.htm
  127. .
  128. .
  129. --------------------- LOCKED REGISTRY KEYS ---------------------
  130.  
  131. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  132. @Denied: (A 2) (Everyone)
  133. @="FlashBroker"
  134. "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
  135.  
  136. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  137. "Enabled"=dword:00000001
  138.  
  139. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  140. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
  141.  
  142. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  143. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  144.  
  145. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  146. @Denied: (A 2) (Everyone)
  147. @="Shockwave Flash Object"
  148.  
  149. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  150. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
  151. "ThreadingModel"="Apartment"
  152.  
  153. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  154. @="0"
  155.  
  156. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  157. @="ShockwaveFlash.ShockwaveFlash.10"
  158.  
  159. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  160. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
  161.  
  162. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  163. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  164.  
  165. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  166. @="1.0"
  167.  
  168. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  169. @="ShockwaveFlash.ShockwaveFlash"
  170.  
  171. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  172. @Denied: (A 2) (Everyone)
  173. @="Macromedia Flash Factory Object"
  174.  
  175. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  176. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
  177. "ThreadingModel"="Apartment"
  178.  
  179. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  180. @="FlashFactory.FlashFactory.1"
  181.  
  182. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  183. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
  184.  
  185. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  186. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  187.  
  188. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  189. @="1.0"
  190.  
  191. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  192. @="FlashFactory.FlashFactory"
  193.  
  194. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  195. @Denied: (A 2) (Everyone)
  196. @="IFlashBroker4"
  197.  
  198. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  199. @="{00020424-0000-0000-C000-000000000046}"
  200.  
  201. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  202. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  203. "Version"="1.0"
  204.  
  205. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  206. @Denied: (Full) (Everyone)
  207. .
  208. Completion time: 2011-02-09 15:26:27 - machine was rebooted
  209. ComboFix-quarantined-files.txt 2011-02-09 21:26
  210.  
  211. Pre-Run: 13,567,553,536 bytes free
  212. Post-Run: 13,512,380,416 bytes free
  213.  
  214. - - End Of File - - 444BB1CE301B30041F36E81C2541F90A
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!