API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 10th, 2010
111
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 30.23 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 10-08-08.01 - Administrator 10.08.2010 13:33:30.2.1 - x86
  2. Microsoft Windows XP Professional 5.1.2600.3.1250.385.1033.18.1535.1128 [GMT 2:00]
  3. Running from: c:\documents and settings\Administrator\My Documents\ComboFix.exe
  4. Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
  5. AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
  6. * Resident AV is active
  7.  
  8.  
  9. WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
  10.  
  11. FILE ::
  12. "C:\bog.exe"
  13. "C:\bog2.exe"
  14. "c:\windows\eReg.dat"
  15. "c:\windows\system32\unins000.dat"
  16. "c:\windows\system32\unins000.exe"
  17. .
  18.  
  19. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  20. .
  21.  
  22. C:\bog.exe
  23. C:\bog2.exe
  24. c:\windows\eReg.dat
  25. c:\windows\system32\unins000.dat
  26. c:\windows\system32\unins000.exe
  27.  
  28. .
  29. ((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))))
  30. .
  31.  
  32. 2010-08-08 20:28 . 2010-08-08 20:28 -------- d-----w- C:\_OTL
  33. 2010-08-08 01:06 . 2010-08-08 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Need for Speed World
  34. 2010-08-08 00:58 . 2010-08-08 00:58 10896656 ----a-w- c:\documents and settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\nfsw.exe
  35. 2010-08-08 00:58 . 2010-08-08 00:58 267536 ----a-w- c:\documents and settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\gameplay.dll
  36. 2010-08-08 00:58 . 2010-08-08 00:58 1790736 ----a-w- c:\documents and settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\gameplay.native.dll
  37. 2010-08-08 00:58 . 2010-08-08 00:58 4068624 ----a-w- c:\documents and settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\eawebkit.dll
  38. 2010-08-08 00:58 . 2010-08-08 00:58 462864 ----a-w- c:\documents and settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\d3dx10_37.dll
  39. 2010-08-08 00:58 . 2010-08-08 00:58 3786760 ----a-w- c:\documents and settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\d3dx9_37.dll
  40. 2010-08-08 00:40 . 2010-08-08 00:40 883670 ----a-w- c:\documents and settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\pb\pbcl.dll
  41. 2010-08-08 00:40 . 2010-08-08 00:40 57344 ----a-w- c:\documents and settings\All Users\Application Data\Electronic Arts\Need For Speed World\Data\pb\pbag.dll
  42. 2010-08-08 00:31 . 2010-08-08 00:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Electronic_Arts_Inc
  43. 2010-08-08 00:29 . 2010-08-08 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
  44. 2010-08-07 10:12 . 2010-08-07 10:12 452104 ----a-w- c:\documents and settings\Administrator\Application Data\Real\Update\setup3.12\setup.exe
  45. 2010-08-05 20:13 . 2010-08-05 20:13 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-32736981-n\msvcp71.dll
  46. 2010-08-05 20:13 . 2010-08-05 20:13 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-32736981-n\jmc.dll
  47. 2010-08-05 20:13 . 2010-08-05 20:13 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-32736981-n\msvcr71.dll
  48. 2010-08-05 20:13 . 2010-08-05 20:13 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-412fde9c-n\decora-sse.dll
  49. 2010-08-05 20:13 . 2010-08-05 20:13 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-412fde9c-n\decora-d3d.dll
  50. 2010-08-01 21:15 . 2010-08-01 21:15 -------- d-----w- c:\program files\Common Files\Java
  51. 2010-07-27 17:09 . 2010-07-27 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\EasyMP3Downloader
  52. 2010-07-27 17:09 . 2010-07-27 17:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\EasyMP3Downloader
  53. 2010-07-24 11:14 . 2010-07-24 11:14 460 ----a-w- c:\documents and settings\Administrator\304217.zip
  54. 2010-07-24 10:58 . 2010-07-24 10:58 191184 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
  55. 2010-07-24 10:35 . 2010-07-24 10:35 -------- dc----w- c:\documents and settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
  56. 2010-07-24 10:24 . 2010-07-24 10:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\uniblue
  57. 2010-07-24 10:08 . 2010-07-24 10:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
  58. 2010-07-24 10:04 . 2010-07-24 10:04 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
  59. 2010-07-24 10:03 . 2010-07-24 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
  60. 2010-07-24 10:03 . 2010-07-24 10:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
  61. 2010-07-24 09:21 . 2010-07-24 10:58 -------- d-----w- c:\program files\Common Files\PC Tools
  62. 2010-07-24 08:43 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
  63. 2010-07-24 08:43 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
  64. 2010-07-22 12:52 . 2010-07-22 12:52 -------- d-----w- c:\program files\SystemRequirementsLab
  65. 2010-07-22 09:28 . 2010-07-22 09:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HandBrake
  66. 2010-07-22 09:28 . 2010-07-22 09:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\HandBrake
  67. 2010-07-22 09:09 . 2010-07-22 09:09 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
  68. 2010-07-22 09:09 . 2010-07-22 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
  69. 2010-07-21 10:25 . 2010-07-21 10:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\VitySoft
  70. 2010-07-20 11:05 . 2010-07-20 11:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache
  71. 2010-07-20 09:51 . 2010-07-20 09:51 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ilivid Player
  72. 2010-07-17 12:37 . 2010-07-17 12:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Command and Conquer 3 Kanes Wrath
  73. 2010-07-17 12:21 . 2010-07-17 12:21 -------- d-----w- c:\program files\Folding@Home #01
  74. 2010-07-17 11:39 . 2010-07-17 11:39 -------- d-----w- c:\windows\system32\wbem\Repository
  75. 2010-07-16 16:13 . 2010-07-16 16:13 -------- d-----w- c:\windows\DVD Decrypter
  76. 2010-07-14 21:50 . 2008-03-09 05:25 236 ----a-w- c:\program files\Common Files\dx.reg
  77. 2010-07-14 21:50 . 2008-03-05 14:03 329224 ----a-w- c:\windows\system32\DXErr.exe
  78. 2010-07-14 21:50 . 2008-03-05 14:03 209416 ----a-w- c:\windows\system32\dxcpl.exe
  79. 2010-07-14 21:50 . 2006-11-02 10:46 167936 ----a-w- c:\windows\system32\dxgi.dll
  80. 2010-07-14 21:50 . 2008-04-12 16:13 1029126 ----a-w- c:\windows\system32\d3d10.dll
  81. 2010-07-14 21:50 . 2006-11-29 12:06 440080 ----a-w- c:\windows\system32\d3dx10.dll
  82. 2010-07-14 21:50 . 2006-11-02 10:47 1162656 ----a-w- c:\windows\system32\ntdllnew.dll
  83. 2010-07-13 19:27 . 2010-07-13 20:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\IconTweaker
  84. 2010-07-13 18:29 . 2010-07-13 18:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\Styler
  85. 2010-07-13 13:54 . 2010-07-13 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\IconTweaker
  86. 2010-07-13 13:32 . 2010-07-13 13:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\ViGlance
  87. 2010-07-11 19:32 . 2010-07-17 16:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
  88. 2010-07-11 19:32 . 2010-07-11 19:32 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
  89. 2010-07-11 19:30 . 2010-07-11 19:30 -------- d-----w- c:\windows\system32\URTTEMP
  90. 2010-07-11 19:27 . 2010-07-17 16:29 -------- d-----w- c:\windows\San Andreas Mod Installer
  91. 2010-07-11 17:54 . 2010-07-11 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
  92. 2010-07-11 17:54 . 2010-07-11 17:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
  93. 2010-07-11 14:33 . 2010-07-11 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
  94. 2010-07-11 14:33 . 2010-07-11 14:34 -------- d-----w- c:\program files\RegCure
  95. 2010-07-11 12:28 . 2010-07-11 12:28 -------- d-----w- c:\windows\RegCure
  96. 2010-07-11 12:00 . 2010-07-11 12:00 -------- d-----w- c:\program files\Common Files\xing shared
  97.  
  98. .
  99. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  100. .
  101. 2010-08-08 00:31 . 2010-01-16 03:41 69616 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
  102. 2010-08-07 22:03 . 2010-01-17 11:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
  103. 2010-08-04 18:35 . 2010-01-17 01:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent
  104. 2010-08-04 11:50 . 2010-01-16 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
  105. 2010-08-01 20:44 . 2010-01-16 06:04 -------- d-----w- c:\program files\Java
  106. 2010-07-29 10:40 . 2010-01-23 15:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\BSplayer Pro
  107. 2010-07-24 10:30 . 2010-01-17 01:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\DNA
  108. 2010-07-24 10:02 . 2010-01-17 11:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
  109. 2010-07-24 10:01 . 2010-01-23 16:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
  110. 2010-07-24 08:44 . 2010-01-17 11:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
  111. 2010-07-22 09:55 . 2005-12-31 23:18 -------- d--h--w- c:\program files\InstallShield Installation Information
  112. 2010-07-22 09:09 . 2010-01-17 03:27 -------- d-----w- c:\program files\Common Files\InstallShield
  113. 2010-07-17 03:00 . 2010-04-20 12:25 423656 ----a-w- c:\windows\system32\deployJava1.dll
  114. 2010-07-15 23:06 . 2010-01-17 01:40 -------- d-----w- c:\program files\DNA
  115. 2010-07-15 19:07 . 2010-01-17 22:17 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
  116. 2010-07-15 19:07 . 2010-01-17 22:16 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
  117. 2010-07-13 19:07 . 2008-04-14 03:42 218624 ----a-w- c:\windows\system32\uxtheme.dll
  118. 2010-07-13 13:30 . 2008-04-14 03:42 218624 ----a-w- c:\windows\system32\uxtheme(2).dll
  119. 2010-07-13 12:44 . 2010-02-02 22:36 -------- d-----w- c:\program files\DivX
  120. 2010-07-13 12:44 . 2010-02-02 22:36 -------- d-----w- c:\program files\Common Files\DivX Shared
  121. 2010-07-11 17:59 . 2006-01-01 00:18 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
  122. 2010-07-11 17:59 . 2006-01-01 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
  123. 2010-07-11 12:00 . 2010-03-15 19:43 -------- d-----w- c:\program files\Common Files\Real
  124. 2010-07-11 12:00 . 2010-03-15 19:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
  125. 2010-07-11 12:00 . 2003-03-18 20:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
  126. 2010-07-11 11:51 . 2010-03-15 19:43 -------- d-----w- c:\program files\Real
  127. 2010-07-10 18:51 . 2010-01-16 06:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
  128. 2010-07-10 18:05 . 2010-07-10 18:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Auslogics
  129. 2010-07-10 12:15 . 2010-01-16 04:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero
  130. 2010-07-10 12:01 . 2010-07-10 12:01 -------- d-----w- c:\program files\Microsoft.NET
  131. 2010-07-10 11:35 . 2010-07-04 19:07 -------- d-----w- c:\program files\Eset
  132. 2010-07-10 10:49 . 2010-01-16 04:15 -------- d-----w- c:\program files\Common Files\Nero
  133. 2010-07-10 10:49 . 2010-01-16 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
  134. 2010-07-10 09:28 . 2010-02-17 10:04 -------- d-----w- c:\program files\Unlocker
  135. 2010-07-08 11:11 . 2010-01-16 06:08 -------- d-----w- c:\program files\Common Files\Adobe
  136. 2010-07-07 10:16 . 2010-07-07 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
  137. 2010-07-07 09:45 . 2010-07-07 09:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
  138. 2010-07-05 16:04 . 2010-07-04 19:07 512096 ----a-w- c:\windows\system32\drivers\amon.sys
  139. 2010-07-05 16:04 . 2010-07-04 19:07 298104 ----a-w- c:\windows\system32\imon.dll
  140. 2010-07-05 16:04 . 2010-07-04 19:07 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
  141. 2010-07-04 18:52 . 2010-07-04 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
  142. 2010-07-04 18:51 . 2010-01-16 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
  143. 2010-07-04 18:36 . 2010-01-23 23:27 -------- d-----w- c:\program files\Google
  144. 2010-06-26 14:03 . 2010-01-24 18:04 286720 ------w- c:\windows\Setup1.exe
  145. 2010-06-26 14:03 . 2010-01-24 18:04 73216 ----a-w- c:\windows\ST6UNST.EXE
  146. 2010-06-25 20:41 . 2010-06-25 13:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Microsoft Games
  147. 2010-06-25 20:41 . 2010-06-25 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Games
  148. 2010-06-25 16:10 . 2010-06-25 16:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\fltk.org
  149. 2010-06-14 14:31 . 2010-01-16 03:23 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
  150. 2010-06-11 15:31 . 2010-06-11 15:31 -------- d-----w- c:\program files\Drag Racer 3
  151. 2010-06-02 02:55 . 2010-06-25 20:32 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
  152. 2010-06-02 02:55 . 2010-06-25 20:32 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
  153. 2010-06-02 02:55 . 2010-06-25 20:32 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
  154. 2010-05-27 20:40 . 2010-05-27 20:41 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe
  155. 2010-05-27 20:33 . 2010-05-27 20:32 93783440 ----a-w- c:\documents and settings\All Users\Application Data\OLYMPUS\ib\CameraBackup\000JB3208233\SETUP.EXE
  156. 2010-05-27 20:13 . 2010-05-27 20:13 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7f087506-n\msvcp71.dll
  157. 2010-05-27 20:13 . 2010-05-27 20:13 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7f087506-n\jmc.dll
  158. 2010-05-27 20:13 . 2010-05-27 20:13 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7f087506-n\msvcr71.dll
  159. 2010-05-27 20:13 . 2010-05-27 20:13 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1d7cbea8-n\decora-sse.dll
  160. 2010-05-27 20:13 . 2010-05-27 20:13 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1d7cbea8-n\decora-d3d.dll
  161. 2010-05-26 09:41 . 2010-06-25 20:32 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
  162. 2010-05-26 09:41 . 2010-06-25 20:32 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
  163. 2010-05-26 09:41 . 2010-06-25 20:32 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
  164. 2010-05-26 09:41 . 2010-06-25 20:32 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
  165. 2010-05-26 09:41 . 2010-06-25 20:32 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
  166. .
  167.  
  168. ((((((((((((((((((((((((((((( SnapShot@2010-08-08_21.01.25 )))))))))))))))))))))))))))))))))))))))))
  169. .
  170. + 2010-08-10 11:38 . 2010-08-10 11:38 16384 c:\windows\temp\Perflib_Perfdata_6d4.dat
  171. .
  172. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  173. .
  174. .
  175. *Note* empty entries & legit default entries are not shown
  176. REGEDIT4
  177.  
  178. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  179. "Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-02-04 93376]
  180. "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
  181. "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
  182.  
  183. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  184. "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-24 7696384]
  185. "nwiz"="nwiz.exe" [2006-08-24 1617920]
  186. "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
  187. "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
  188. "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
  189. "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
  190. "MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
  191. "nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-07-05 949376]
  192. "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
  193. "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-11 185896]
  194.  
  195. c:\documents and settings\All Users\Start Menu\Programs\Startup\
  196. 11bg Wireless LAN USB Utility.lnk - c:\program files\OEM\11bg Wireless LAN USB Utility\RtWLan.exe [2010-2-25 835584]
  197.  
  198. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
  199. 2009-09-03 12:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.dll
  200.  
  201. [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Real Desktop.lnk]
  202. backup=c:\windows\pss\Real Desktop.lnkStartup
  203.  
  204. [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^11bg Wireless LAN USB Utility.lnk]
  205. path=c:\documents and settings\All Users\Start Menu\Programs\Startup\11bg Wireless LAN USB Utility.lnk
  206. backup=c:\windows\pss\11bg Wireless LAN USB Utility.lnkCommon Startup
  207.  
  208. [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BitTorrent Ultra Accelerator.lnk]
  209. backup=c:\windows\pss\BitTorrent Ultra Accelerator.lnkCommon Startup
  210.  
  211. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
  212. 2009-06-30 07:55 2329224 ----a-w- d:\program files\IObit\Advanced SystemCare 3\AWC.exe
  213.  
  214. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
  215. 2010-07-13 19:17 323392 ----a-w- c:\program files\DNA\btdna.exe
  216.  
  217. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
  218. 2006-10-31 00:03 284184 ----a-w- c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe
  219.  
  220. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
  221. 2006-11-15 20:58 746520 ----a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe
  222.  
  223. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
  224. 2006-11-15 21:01 244512 ----a-w- c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe
  225.  
  226. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
  227. 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
  228.  
  229. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
  230. 2006-08-24 06:46 86016 ----a-w- c:\windows\system32\nvmctray.dll
  231.  
  232. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
  233. 2009-10-09 14:01 25626408 ----a-r- c:\program files\Skype\Phone\Skype.exe
  234.  
  235. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
  236. 2009-11-23 13:21 2001648 ----a-w- d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
  237.  
  238. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
  239. 2010-07-11 12:00 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
  240.  
  241. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
  242. 2007-08-16 07:03 1269000 ----a-w- d:\program files\Unibluee\SpyEraser\SpyEraser.exe
  243.  
  244. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
  245. 2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
  246.  
  247. [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  248. "AntiVirusOverride"=dword:00000001
  249. "FirewallOverride"=dword:00000001
  250.  
  251. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  252. "EnableFirewall"= 0 (0x0)
  253.  
  254. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  255. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  256. "%windir%\\system32\\sessmgr.exe"=
  257. "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
  258. "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
  259. "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
  260. "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
  261. "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  262. "c:\\Program Files\\DNA\\btdna.exe"=
  263. "d:\\Program Files\\BitTorrent\\bittorrent.exe"=
  264. "d:\\Nova mapa\\Moja mapa\\Igre\\Tom Clancy H.A.W.X\\HAWX.exe"=
  265. "d:\\Nova mapa\\Moja mapa\\Igre\\Tom Clancy H.A.W.X\\HAWX_dx10.exe"=
  266. "d:\\Nova mapa\\Moja mapa\\Igre\\PES 2009\\pes2009.exe"=
  267. "d:\\Nova mapa\\Moja mapa\\Igre\\PES 2009\\hnl2009.exe"=
  268. "updater.exe"= c:\windows\updater.exe
  269. "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
  270.  
  271. R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [16.1.2010 5:30 13696]
  272. R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [4.7.2010 21:07 15424]
  273. R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [23.11.2009 8:43 9968]
  274. R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23.11.2009 8:43 74480]
  275. R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [1.1.2006 1:18 38144]
  276. R2 FAH-01;Folding Service #01;c:\program files\Folding@Home #01\Folding@Home #01\FAH-Console.exe [30.6.2008 20:38 253952]
  277. R2 FAH-02;Folding Service #02;c:\program files\Folding@Home #01\Folding@Home #02\FAH-Console.exe [30.6.2008 20:38 253952]
  278. R3 RTL8187B;Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [1.1.2006 1:18 275968]
  279. S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [24.1.2010 1:27 135664]
  280. S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [27.5.2010 22:32 21648]
  281. S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [23.11.2009 8:43 7408]
  282. S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1.1.2006 2:18 691696]
  283. .
  284. Contents of the 'Scheduled Tasks' folder
  285.  
  286. 2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  287. - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 23:27]
  288.  
  289. 2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  290. - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-23 23:27]
  291.  
  292. 2010-08-10 c:\windows\Tasks\RegCure Program Check.job
  293. - d:\program files\RegCure\RegCure.exe [2007-10-16 08:20]
  294.  
  295. 2010-07-11 c:\windows\Tasks\RegCure.job
  296. - d:\program files\RegCure\RegCure.exe [2007-10-16 08:20]
  297.  
  298. 2010-07-24 c:\windows\Tasks\Uniblue SpyEraser.job
  299. - d:\program files\Unibluee\SpyEraser\SpyEraser.exe [2010-07-24 07:03]
  300.  
  301. 2010-08-10 c:\windows\Tasks\User_Feed_Synchronization-{45AACD1B-D57A-44EF-B942-D264B60DF36D}.job
  302. - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
  303. .
  304. .
  305. ------- Supplementary Scan -------
  306. .
  307. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
  308. LSP: c:\windows\system32\imon.dll
  309. FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s18irdy2.default\
  310. FF - prefs.js: browser.startup.homepage - www.google.hr
  311. FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
  312. FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
  313. FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
  314. FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
  315. FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
  316. FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
  317. FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
  318.  
  319. ---- FIREFOX POLICIES ----
  320. c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
  321. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
  322. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
  323. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
  324. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
  325. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
  326. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
  327. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
  328. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
  329. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
  330. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
  331. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
  332. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
  333. c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
  334. c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
  335. c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
  336. c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
  337. c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
  338. c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
  339. c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
  340. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
  341. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
  342. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
  343. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
  344. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
  345. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
  346. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
  347. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
  348. .
  349. - - - - ORPHANS REMOVED - - - -
  350.  
  351. AddRemove-DirectX10 for Windows XP - Win2000, 2003,..._is1 - c:\windows\system32\unins000.exe
  352.  
  353.  
  354.  
  355. **************************************************************************
  356.  
  357. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  358. Rootkit scan 2010-08-10 13:39
  359. Windows 5.1.2600 Service Pack 3 NTFS
  360.  
  361. scanning hidden processes ...
  362.  
  363. scanning hidden autostart entries ...
  364.  
  365. scanning hidden files ...
  366.  
  367. scan completed successfully
  368. hidden files: 0
  369.  
  370. **************************************************************************
  371. .
  372. --------------------- LOCKED REGISTRY KEYS ---------------------
  373.  
  374. [HKEY_USERS\S-1-5-21-2052111302-1383384898-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
  375. @Denied: (2) (Administrator)
  376. "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  377. d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,ac,90,07,85,64,ed,45,9a,be,db,\
  378. "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  379. d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,ac,90,07,85,64,ed,45,9a,be,db,\
  380. .
  381. --------------------- DLLs Loaded Under Running Processes ---------------------
  382.  
  383. - - - - - - - > 'winlogon.exe'(696)
  384. d:\program files\SUPERAntiSpyware\SASWINLO.dll
  385. c:\windows\system32\WININET.dll
  386. c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
  387.  
  388. - - - - - - - > 'explorer.exe'(8080)
  389. c:\windows\system32\WININET.dll
  390. c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
  391. c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
  392. c:\windows\system32\ieframe.dll
  393. c:\windows\system32\msi.dll
  394. c:\windows\system32\webcheck.dll
  395. c:\windows\system32\WPDShServiceObj.dll
  396. c:\windows\system32\PortableDeviceTypes.dll
  397. c:\windows\system32\PortableDeviceApi.dll
  398. c:\program files\Internet Explorer\mui\041a\browselc.dll
  399. c:\program files\Microsoft Office\Office12\1050\GrooveIntlResource.dll
  400. c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
  401. c:\windows\system32\nvcpl.dll
  402. c:\windows\system32\nvapi.dll
  403. c:\windows\system32\nvshell.dll
  404. .
  405. ------------------------ Other Running Processes ------------------------
  406. .
  407. c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
  408. c:\program files\Java\jre6\bin\jqs.exe
  409. c:\program files\Eset\nod32krn.exe
  410. c:\windows\system32\nvsvc32.exe
  411. c:\windows\SOUNDMAN.EXE
  412. .
  413. **************************************************************************
  414. .
  415. Completion time: 2010-08-10 13:42:56 - machine was rebooted
  416. ComboFix-quarantined-files.txt 2010-08-10 11:42
  417. ComboFix2.txt 2010-08-08 21:05
  418.  
  419. Pre-Run: 1.161.420.800 bytes free
  420. Post-Run: 1.149.427.712 bytes free
  421.  
  422. - - End Of File - - CAB8635B820D3674284566D1EE58BC64
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!