API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 29th, 2011
98
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 29.32 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 11-08-28.01 - Mateo 8.08.2011. 22:05:04.2.4 - x64
  2. Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.4095.2676 [GMT 2:00]
  3. Running from: c:\users\Mateo\Desktop\ComboFix.exe
  4. Command switches used :: F:\CFScript.txt
  5. AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
  6. SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
  7. SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  8. .
  9. FILE ::
  10. "c:\windows\SysWow64\TBM3833.tmp"
  11. "c:\windows\SysWow64\TBM3872.tmp"
  12. "c:\windows\SysWow64\TBM38D1.tmp"
  13. "c:\windows\SysWow64\TBM38E1.tmp"
  14. "c:\windows\SysWow64\TBM38F2.tmp"
  15. "c:\windows\SysWow64\TBM3922.tmp"
  16. "c:\windows\SysWow64\TBM3932.tmp"
  17. "c:\windows\SysWow64\TBM3943.tmp"
  18. "c:\windows\SysWow64\TBM3963.tmp"
  19. "c:\windows\SysWow64\TBM3974.tmp"
  20. "c:\windows\SysWow64\TBM3994.tmp"
  21. "c:\windows\SysWow64\TBM39B4.tmp"
  22. "c:\windows\SysWow64\TBM39F3.tmp"
  23. "c:\windows\SysWow64\TBM3A42.tmp"
  24. "c:\windows\SysWow64\TBM3A63.tmp"
  25. "c:\windows\SysWow64\TBM3A73.tmp"
  26. "c:\windows\SysWow64\TBM3B20.tmp"
  27. "c:\windows\SysWow64\TBM3B7F.tmp"
  28. .
  29. .
  30. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  31. .
  32. .
  33. C:\CtJbFW
  34. c:\ctjbfw\cttemp\ctbmp\imgbrz.bmp
  35. c:\ctjbfw\cttemp\ctbmp\imgchs.bmp
  36. c:\ctjbfw\cttemp\ctbmp\imgcht.bmp
  37. c:\ctjbfw\cttemp\ctbmp\imgdut.bmp
  38. c:\ctjbfw\cttemp\ctbmp\imgeng.bmp
  39. c:\ctjbfw\cttemp\ctbmp\imgfrn.bmp
  40. c:\ctjbfw\cttemp\ctbmp\imgger.bmp
  41. c:\ctjbfw\cttemp\ctbmp\imgita.bmp
  42. c:\ctjbfw\cttemp\ctbmp\imgjpn.bmp
  43. c:\ctjbfw\cttemp\ctbmp\imgkor.bmp
  44. c:\ctjbfw\cttemp\ctbmp\imgspn.bmp
  45. c:\ctjbfw\cttemp\lang.html
  46. c:\windows\SysWow64\TBM3833.tmp
  47. c:\windows\SysWow64\TBM3872.tmp
  48. c:\windows\SysWow64\TBM38D1.tmp
  49. c:\windows\SysWow64\TBM38E1.tmp
  50. c:\windows\SysWow64\TBM38F2.tmp
  51. c:\windows\SysWow64\TBM3922.tmp
  52. c:\windows\SysWow64\TBM3932.tmp
  53. c:\windows\SysWow64\TBM3943.tmp
  54. c:\windows\SysWow64\TBM3963.tmp
  55. c:\windows\SysWow64\TBM3974.tmp
  56. c:\windows\SysWow64\TBM3994.tmp
  57. c:\windows\SysWow64\TBM39B4.tmp
  58. c:\windows\SysWow64\TBM39F3.tmp
  59. c:\windows\SysWow64\TBM3A42.tmp
  60. c:\windows\SysWow64\TBM3A63.tmp
  61. c:\windows\SysWow64\TBM3A73.tmp
  62. c:\windows\SysWow64\TBM3B20.tmp
  63. c:\windows\SysWow64\TBM3B7F.tmp
  64. .
  65. .
  66. ((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-28 )))))))))))))))))))))))))))))))
  67. .
  68. .
  69. 2011-08-28 20:10 . 2011-08-28 20:10 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
  70. 2011-08-28 20:10 . 2011-08-28 20:10 -------- d-----w- c:\users\Guest\AppData\Local\temp
  71. 2011-08-28 20:10 . 2011-08-28 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp
  72. 2011-08-28 15:59 . 2011-08-28 15:59 2048 ----a-w- c:\windows\SysWow64\tzres.dll
  73. 2011-08-28 15:59 . 2011-08-28 15:59 2048 ----a-w- c:\windows\system32\tzres.dll
  74. 2011-08-28 00:16 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05B6E846-747B-4A77-AED3-58845FEE5307}\mpengine.dll
  75. 2011-08-26 12:47 . 2011-08-26 15:04 -------- d-----w- c:\users\Mateo\AppData\Local\Ahead
  76. 2011-08-26 12:44 . 2011-08-28 16:09 -------- d-----w- c:\program files (x86)\Common Files\Ahead
  77. 2011-08-22 13:36 . 2011-08-22 13:42 -------- d-----w- c:\program files (x86)\Minecraft Beta
  78. 2011-08-21 20:30 . 2011-08-21 20:30 -------- d-----w- c:\program files (x86)\LIMBO
  79. 2011-08-21 07:21 . 2011-08-22 21:26 2656 ----a-w- c:\windows\SysWow64\io02.sys
  80. 2011-08-11 11:27 . 2011-08-13 00:09 -------- d-----w- c:\users\Mateo\AppData\Roaming\.minecraft
  81. 2011-08-11 11:27 . 2011-08-11 11:27 -------- d-----w- c:\users\Mateo\AppData\Roaming\Minecraft
  82. 2011-08-11 06:19 . 2011-08-11 06:19 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
  83. 2011-08-10 14:45 . 2011-08-10 14:45 -------- d-----w- c:\program files (x86)\MSI Kombustor
  84. 2011-08-10 14:29 . 2011-08-10 14:29 -------- d-----w- c:\users\Mateo\AppData\Local\Micro-Star_Int'l_Co.,_Ltd
  85. 2011-08-10 14:07 . 2011-08-17 08:59 134104 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
  86. 2011-08-10 14:07 . 2011-08-17 08:59 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
  87. 2011-08-10 14:07 . 2011-08-17 08:59 785368 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
  88. 2011-08-10 14:07 . 2011-08-17 08:59 478168 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
  89. 2011-08-10 14:07 . 2011-08-17 08:59 1846232 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
  90. 2011-08-10 14:07 . 2011-08-17 08:59 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
  91. 2011-08-10 14:07 . 2010-01-01 08:00 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
  92. 2011-08-10 14:07 . 2010-01-01 08:00 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
  93. 2011-08-10 13:54 . 2011-06-24 05:25 338432 ----a-w- c:\windows\system32\conhost.exe
  94. 2011-08-10 12:04 . 1999-06-25 08:55 149504 ----a-w- c:\windows\UNWISE.EXE
  95. 2011-08-10 10:14 . 2011-08-10 15:44 -------- d-----r- c:\users\Mateo\Virtual Machines
  96. 2011-08-10 10:07 . 2009-07-22 22:24 2048 ----a-w- c:\windows\system32\drivers\en-US\vpcusb.sys.mui
  97. 2011-08-10 10:01 . 2005-05-10 23:01 20480 ----a-w- c:\windows\system32\Jb4Instx.crl
  98. 2011-08-10 09:37 . 2011-08-10 10:01 -------- d-----w- c:\program files\Creative
  99. 2011-08-10 09:20 . 2000-05-22 08:58 647872 ------w- c:\windows\SysWow64\Mscomct2.ocx
  100. 2011-08-10 09:20 . 1999-10-11 01:00 41984 ------w- c:\windows\Ctregrun.exe
  101. 2011-08-10 09:19 . 2011-08-10 09:19 -------- d-----w- c:\program files (x86)\Common Files\SWF Studio
  102. 2011-08-10 09:17 . 2011-08-10 12:04 -------- d-----w- c:\program files (x86)\Creative
  103. 2011-08-10 09:16 . 2003-11-10 16:12 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
  104. 2011-08-10 09:16 . 2003-11-10 16:14 729088 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
  105. 2011-08-10 09:16 . 2003-11-10 16:13 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
  106. 2011-08-10 09:16 . 2003-11-10 16:12 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
  107. 2011-08-10 09:16 . 2003-11-10 16:11 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
  108. 2011-08-10 09:16 . 2011-08-10 09:16 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
  109. 2011-08-10 09:16 . 2011-08-10 09:16 188548 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
  110. 2011-08-09 17:55 . 2011-08-10 13:52 -------- d-----w- c:\users\Mateo\AppData\Roaming\go
  111. 2011-08-09 17:55 . 2011-08-10 13:52 -------- d-----w- c:\programdata\Easybits GO
  112. 2011-08-09 15:40 . 2011-08-09 15:40 -------- d-----w- c:\users\Mateo\AppData\Roaming\DVRemote
  113. 2011-08-09 14:39 . 2011-08-09 14:39 -------- d-----w- c:\users\Mateo\AppData\Roaming\Malwarebytes
  114. 2011-08-09 14:38 . 2011-08-09 14:38 -------- d-----w- c:\programdata\Malwarebytes
  115. 2011-08-09 14:38 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
  116. 2011-08-09 10:51 . 2011-08-09 11:26 -------- d-----w- c:\users\Mateo\AppData\Local\WMTools Downloaded Files
  117. 2011-08-09 10:26 . 2011-08-09 10:26 -------- d-----w- c:\program files (x86)\Movie Maker 2.6
  118. 2011-08-07 18:32 . 2011-08-07 18:32 -------- d-----w- c:\programdata\YouTube Downloader
  119. 2011-08-07 18:32 . 2011-08-07 18:32 -------- d-----w- c:\program files (x86)\YouTube Downloader
  120. 2011-08-07 18:08 . 2011-08-07 18:08 -------- d-----w- C:\Download
  121. 2011-08-07 18:08 . 2011-08-07 18:08 -------- d-----w- C:\tmpDownload
  122. 2011-08-07 18:08 . 2011-08-07 18:13 -------- d-----w- C:\YoutubeMusicDownloader
  123. 2011-08-06 17:22 . 2011-08-06 17:22 -------- d-----w- c:\programdata\Futuremark
  124. 2011-08-05 14:22 . 2011-08-05 14:50 -------- d-----w- c:\program files (x86)\DVDInfoPro
  125. 2011-08-04 09:50 . 2011-08-04 09:50 53248 ----a-r- c:\users\Mateo\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
  126. 2011-08-04 09:50 . 2011-08-04 09:50 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
  127. 2011-08-04 09:50 . 2011-08-04 09:50 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
  128. 2011-08-04 09:49 . 2011-08-04 09:51 -------- d-----w- c:\programdata\Logishrd
  129. 2011-08-04 09:49 . 2011-08-04 09:50 -------- d-----w- c:\users\Mateo\AppData\Roaming\Logitech
  130. 2011-08-04 09:49 . 2011-08-04 09:49 -------- d-----w- c:\users\Mateo\AppData\Roaming\Logishrd
  131. 2011-08-04 09:44 . 2011-08-04 09:44 -------- d-----w- c:\program files (x86)\Driver-Soft
  132. 2011-08-02 07:02 . 2011-08-02 07:02 -------- d-----w- c:\users\Mateo\.mobione
  133. 2011-07-31 12:07 . 2011-07-31 12:07 -------- d-----w- c:\program files (x86)\Common Files\Bcgsoft
  134. 2011-07-31 12:05 . 2011-07-31 12:05 -------- d-----w- c:\program files (x86)\The Game Creators
  135. 2011-07-31 11:21 . 2011-07-31 13:46 -------- d-----w- c:\users\Mateo\AppData\Roaming\WindSolutions
  136. 2011-07-31 11:21 . 2011-07-31 11:22 -------- d-----w- c:\programdata\WindSolutions
  137. 2011-07-31 10:08 . 2011-07-31 10:14 -------- d-----w- c:\windows\occache
  138. .
  139. .
  140. .
  141. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  142. .
  143. 2011-08-25 12:10 . 2011-06-25 17:26 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
  144. 2011-08-25 12:10 . 2011-04-05 14:44 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
  145. 2011-08-24 08:56 . 2011-04-08 15:20 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
  146. 2011-08-22 19:44 . 2011-04-05 14:44 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
  147. 2011-08-13 12:09 . 2011-05-15 07:18 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  148. 2011-07-17 09:24 . 2011-07-17 09:24 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
  149. 2011-07-17 09:24 . 2011-07-17 09:24 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
  150. 2011-07-16 11:56 . 2011-07-16 11:56 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
  151. 2011-07-16 04:26 . 2011-08-10 13:54 44032 ----a-w- c:\windows\apppatch\acwow64.dll
  152. 2011-06-30 11:30 . 2011-06-30 11:30 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
  153. 2011-06-30 11:30 . 2011-04-02 21:35 122904 ----a-w- c:\windows\system32\OpenAL32.dll
  154. 2011-06-20 11:28 . 2011-06-20 11:28 4096 ----a-w- c:\windows\SysWow64\drivers\nocashio.sys
  155. 2011-06-11 03:07 . 2011-07-13 09:01 3137536 ----a-w- c:\windows\system32\win32k.sys
  156. 2011-06-10 23:58 . 2011-06-10 23:58 81744 ----a-w- c:\windows\SysWow64\mfcm100u.dll
  157. 2011-06-10 23:58 . 2011-06-10 23:58 81744 ----a-w- c:\windows\SysWow64\mfcm100.dll
  158. 2011-06-10 23:58 . 2011-06-10 23:58 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll
  159. 2011-06-10 23:58 . 2011-06-10 23:58 64336 ----a-w- c:\windows\SysWow64\mfc100fra.dll
  160. 2011-06-10 23:58 . 2011-06-10 23:58 64336 ----a-w- c:\windows\SysWow64\mfc100deu.dll
  161. 2011-06-10 23:58 . 2011-06-10 23:58 63824 ----a-w- c:\windows\SysWow64\mfc100esn.dll
  162. 2011-06-10 23:58 . 2011-06-10 23:58 62288 ----a-w- c:\windows\SysWow64\mfc100ita.dll
  163. 2011-06-10 23:58 . 2011-06-10 23:58 60752 ----a-w- c:\windows\SysWow64\mfc100rus.dll
  164. 2011-06-10 23:58 . 2011-06-10 23:58 55120 ----a-w- c:\windows\SysWow64\mfc100enu.dll
  165. 2011-06-10 23:58 . 2011-06-10 23:58 51024 ----a-w- c:\windows\SysWow64\vcomp100.dll
  166. 2011-06-10 23:58 . 2011-06-10 23:58 4422992 ----a-w- c:\windows\SysWow64\mfc100u.dll
  167. 2011-06-10 23:58 . 2011-06-10 23:58 4397384 ----a-w- c:\windows\SysWow64\mfc100.dll
  168. 2011-06-10 23:58 . 2011-06-10 23:58 43856 ----a-w- c:\windows\SysWow64\mfc100jpn.dll
  169. 2011-06-10 23:58 . 2011-06-10 23:58 43344 ----a-w- c:\windows\SysWow64\mfc100kor.dll
  170. 2011-06-10 23:58 . 2011-06-10 23:58 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll
  171. 2011-06-10 23:58 . 2011-06-10 23:58 36176 ----a-w- c:\windows\SysWow64\mfc100cht.dll
  172. 2011-06-10 23:58 . 2011-06-10 23:58 36176 ----a-w- c:\windows\SysWow64\mfc100chs.dll
  173. 2011-06-10 23:58 . 2011-06-10 23:58 138056 ----a-w- c:\windows\SysWow64\atl100.dll
  174. 2011-06-01 14:43 . 2011-06-01 14:43 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
  175. .
  176. .
  177. ------- Sigcheck -------
  178. Note: Unsigned files aren't necessarily malware.
  179. .
  180. [7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
  181. [7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
  182. [-] 2011-04-02 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
  183. .
  184. [-] 2011-04-02 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
  185. [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
  186. [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
  187. .
  188. ((((((((((((((((((((((((((((( SnapShot@2011-08-28_18.49.39 )))))))))))))))))))))))))))))))))))))))))
  189. .
  190. - 2009-07-14 04:54 . 2011-08-28 18:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
  191. + 2009-07-14 04:54 . 2011-08-28 20:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
  192. + 2009-07-14 04:54 . 2011-08-28 20:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
  193. - 2009-07-14 04:54 . 2011-08-28 18:49 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
  194. - 2009-07-14 04:54 . 2011-08-28 18:49 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
  195. + 2009-07-14 04:54 . 2011-08-28 20:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
  196. + 2011-04-01 17:01 . 2011-08-28 18:50 73298 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
  197. + 2009-07-14 05:10 . 2011-08-28 18:50 36798 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
  198. - 2009-07-14 05:10 . 2011-08-28 18:13 36798 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
  199. + 2011-04-01 16:56 . 2011-08-28 18:50 21946 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3263693909-2342236705-2179083420-1001_UserData.bin
  200. - 2011-08-28 18:48 . 2011-08-28 18:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
  201. + 2011-08-28 20:11 . 2011-08-28 20:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
  202. - 2011-08-28 18:48 . 2011-08-28 18:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
  203. + 2011-08-28 20:11 . 2011-08-28 20:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
  204. + 2009-07-14 05:01 . 2011-08-28 20:10 462944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
  205. - 2009-07-14 05:01 . 2011-08-28 18:48 462944 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
  206. + 2009-07-14 02:36 . 2011-08-28 18:53 2342508 c:\windows\system32\perfh009.dat
  207. + 2009-07-14 02:36 . 2011-08-28 18:53 1702560 c:\windows\system32\perfc009.dat
  208. + 2011-04-01 21:04 . 2011-08-28 20:10 23507680 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3263693909-2342236705-2179083420-1001-12288.dat
  209. .
  210. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  211. .
  212. .
  213. *Note* empty entries & legit default entries are not shown
  214. REGEDIT4
  215. .
  216. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  217. "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
  218. "Advanced SystemCare 4"="c:\program files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [2011-04-22 402832]
  219. .
  220. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  221. "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
  222. "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
  223. .
  224. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  225. "ConsentPromptBehaviorAdmin"= 0 (0x0)
  226. "ConsentPromptBehaviorUser"= 3 (0x3)
  227. "EnableLUA"= 0 (0x0)
  228. "EnableUIADesktopToggle"= 0 (0x0)
  229. "PromptOnSecureDesktop"= 0 (0x0)
  230. "EnableLinkedConnections"= 1 (0x1)
  231. .
  232. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  233. Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
  234. .
  235. R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
  236. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
  237. R2 Firefox Service;Firefox Service;c:\users\Mateo\AppData\Roaming\Mozilla\Firefox\Profiles\77cuhd3z.default\extensions\startup.service@mozilla.com\svc.exe [x]
  238. R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
  239. R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
  240. R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
  241. R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
  242. R3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [x]
  243. R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2007-08-20 12744]
  244. R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
  245. R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
  246. R3 gupdatem;Usluga Google ažuriranje (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 136176]
  247. R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
  248. R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
  249. R3 Jukebox3_x64;Jukebox3_x64;c:\windows\system32\DRIVERS\ctpdusbx.sys [x]
  250. R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [x]
  251. R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
  252. R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
  253. R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
  254. R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
  255. R3 TipCtrl;TipCtrl;c:\program files (x86)\uTIPu\TipCtrl.exe [x]
  256. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
  257. R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
  258. R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
  259. R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
  260. R3 vpcuxd;USB Virtualization Stub Service;c:\windows\system32\DRIVERS\vpcuxd.sys [x]
  261. R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
  262. R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
  263. R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
  264. R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
  265. R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
  266. R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
  267. R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
  268. R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
  269. S1 aswSnx;aswSnx; [x]
  270. S1 aswSP;aswSP; [x]
  271. S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
  272. S2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-22 352656]
  273. S2 aswFsBlk;aswFsBlk; [x]
  274. S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
  275. S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
  276. S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-04 2329480]
  277. S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
  278. S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
  279. S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
  280. S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
  281. .
  282. .
  283. Contents of the 'Scheduled Tasks' folder
  284. .
  285. 2011-08-28 c:\windows\Tasks\GlaryInitialize.job
  286. - c:\program files (x86)\Glary Utilities\initialize.exe [2011-04-02 09:28]
  287. .
  288. 2011-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  289. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 08:53]
  290. .
  291. 2011-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  292. - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-05 08:53]
  293. .
  294. .
  295. --------- x86-64 -----------
  296. .
  297. .
  298. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
  299. @="{472083B0-C522-11CF-8763-00608CC02F24}"
  300. [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
  301. 2011-02-23 14:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
  302. .
  303. ------- Supplementary Scan -------
  304. .
  305. uLocal Page = c:\windows\system32\blank.htm
  306. uStart Page = hxxp://www.google.hr/
  307. uInternet Settings,ProxyOverride = *.local
  308. IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
  309. IE: Save video on Savevid.com - c:\program files (x86)\Savevid\redirect.htm
  310. TCP: Interfaces\{5F461A11-4018-45FC-8570-DD2DFA551E15}: NameServer = 208.67.222.222,208.67.220.220
  311. DPF: {173D9E48-B527-4AA0-A929-30B446002AA8} - hxxp://213.147.118.29:6055/DVRemoteAx.cab
  312. FF - ProfilePath - c:\users\Mateo\AppData\Roaming\Mozilla\Firefox\Profiles\lzvjtc6w.default\
  313. FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/
  314. FF - user.js: browser.cache.memory.capacity - 65536
  315. FF - user.js: browser.chrome.favicons - false
  316. FF - user.js: browser.display.show_image_placeholders - true
  317. FF - user.js: browser.turbo.enabled - true
  318. FF - user.js: browser.urlbar.autocomplete.enabled - true
  319. FF - user.js: browser.urlbar.autofill - true
  320. FF - user.js: browser.xul.error_pages.enabled - true
  321. FF - user.js: content.interrupt.parsing - true
  322. FF - user.js: content.max.tokenizing.time - 3000000
  323. FF - user.js: content.maxtextrun - 8191
  324. FF - user.js: content.notify.backoffcount - 5
  325. FF - user.js: content.notify.interval - 750000
  326. FF - user.js: content.notify.ontimer - true
  327. FF - user.js: content.switch.threshold - 750000
  328. FF - user.js: network.http.max-connections - 32
  329. FF - user.js: network.http.max-connections-per-server - 8
  330. FF - user.js: network.http.max-persistent-connections-per-proxy - 8
  331. FF - user.js: network.http.max-persistent-connections-per-server - 4
  332. FF - user.js: network.http.pipelining - true
  333. FF - user.js: network.http.pipelining.maxrequests - 8
  334. FF - user.js: network.http.proxy.pipelining - true
  335. FF - user.js: network.http.request.max-start-delay - 0
  336. FF - user.js: nglayout.initialpaint.delay - 0
  337. FF - user.js: plugin.expose_full_path - true
  338. FF - user.js: ui.submenuDelay - 0
  339. .
  340. .
  341. --------------------- LOCKED REGISTRY KEYS ---------------------
  342. .
  343. [HKEY_USERS\S-1-5-21-3263693909-2342236705-2179083420-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  344. "??"=hex:95,cc,bb,0a,1d,89,07,be,1e,3e,29,f5,66,bc,52,93,4d,ba,ec,ec,5b,10,1a,
  345. 28,eb,07,d1,7f,62,44,77,66,a8,b4,04,91,c5,09,08,28,bd,b8,c9,1d,68,b8,68,e6,\
  346. "??"=hex:ee,05,af,95,26,d8,05,61,94,55,77,8f,bf,f8,62,97
  347. .
  348. [HKEY_USERS\S-1-5-21-3263693909-2342236705-2179083420-1001\Software\SecuROM\License information*]
  349. "datasecu"=hex:c2,f8,e0,8b,2f,6c,3c,0f,37,bf,99,3e,ac,e5,44,73,db,95,79,7e,2a,
  350. 0c,58,fe,30,71,83,0b,b3,ec,4b,c8,ec,03,19,67,c7,b3,d4,ff,77,9c,bb,68,78,20,\
  351. "rkeysecu"=hex:5b,d3,d4,03,8f,90,cc,ce,5a,ed,c2,05,a5,77,1d,47
  352. .
  353. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  354. @Denied: (A 2) (Everyone)
  355. @="FlashBroker"
  356. "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
  357. .
  358. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  359. "Enabled"=dword:00000001
  360. .
  361. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  362. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
  363. .
  364. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  365. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  366. .
  367. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  368. @Denied: (A 2) (Everyone)
  369. @="Shockwave Flash Object"
  370. .
  371. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  372. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
  373. "ThreadingModel"="Apartment"
  374. .
  375. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  376. @="0"
  377. .
  378. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  379. @="ShockwaveFlash.ShockwaveFlash.10"
  380. .
  381. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  382. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
  383. .
  384. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  385. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  386. .
  387. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  388. @="1.0"
  389. .
  390. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  391. @="ShockwaveFlash.ShockwaveFlash"
  392. .
  393. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  394. @Denied: (A 2) (Everyone)
  395. @="Macromedia Flash Factory Object"
  396. .
  397. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  398. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
  399. "ThreadingModel"="Apartment"
  400. .
  401. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  402. @="FlashFactory.FlashFactory.1"
  403. .
  404. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  405. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
  406. .
  407. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  408. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  409. .
  410. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  411. @="1.0"
  412. .
  413. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  414. @="FlashFactory.FlashFactory"
  415. .
  416. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  417. @Denied: (A 2) (Everyone)
  418. @="IFlashBroker4"
  419. .
  420. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  421. @="{00020424-0000-0000-C000-000000000046}"
  422. .
  423. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  424. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  425. "Version"="1.0"
  426. .
  427. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  428. @Denied: (A) (Users)
  429. @Denied: (A) (Everyone)
  430. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  431. "BlindDial"=dword:00000000
  432. .
  433. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  434. @Denied: (A) (Users)
  435. @Denied: (A) (Everyone)
  436. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  437. "BlindDial"=dword:00000000
  438. .
  439. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  440. @Denied: (Full) (Everyone)
  441. .
  442. ------------------------ Other Running Processes ------------------------
  443. .
  444. c:\program files\AVAST Software\Avast\AvastSvc.exe
  445. c:\program files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
  446. c:\program files (x86)\MSI Afterburner\MSIAfterburner.exe
  447. c:\program files (x86)\Google\Update\1.3.21.65\GoogleCrashHandler.exe
  448. c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  449. c:\windows\SysWOW64\PnkBstrA.exe
  450. c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
  451. .
  452. **************************************************************************
  453. .
  454. Completion time: 2011-08-28 22:16:00 - machine was rebooted
  455. ComboFix-quarantined-files.txt 2011-08-28 20:16
  456. ComboFix2.txt 2011-08-28 18:53
  457. .
  458. Pre-Run: 12.935.753.728 bytes free
  459. Post-Run: 12.865.765.376 bytes free
  460. .
  461. - - End Of File - - FCDE3EB77BAE030CD6629DA8FC6FB88C
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!