API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 21st, 2017
192
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 28.29 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 11-07-02.03 - Dixon 07/03/2011 13:17:22.1.8 - x64
  2. Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.4350 [GMT -7:00]
  3. Running from: c:\users\Dixon\Desktop\ComboFix.exe
  4. AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
  5. SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
  6. SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  7. .
  8. .
  9. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  10. .
  11. .
  12. C:\Install.exe
  13. c:\users\Dixon\videos\F.E.A.R. 3.exe
  14. d:\program files (x86)\Steam\Steam.exe
  15. .
  16. .
  17. ((((((((((((((((((((((((( Files Created from 2011-06-03 to 2011-07-03 )))))))))))))))))))))))))))))))
  18. .
  19. .
  20. 2011-07-03 20:13 . 2011-07-03 20:15 -------- d-----w- C:\32788R22FWJFW
  21. 2011-07-03 20:09 . 2011-07-03 20:09 -------- d-----w- C:\_OTL
  22. 2011-07-02 21:47 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
  23. 2011-07-02 21:47 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9815B8C-B586-458A-8D82-6FF0D97390B3}\mpengine.dll
  24. 2011-07-01 19:01 . 2011-07-01 19:01 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{92830C51-F022-41C5-85DC-8327E2F106A8}\gapaengine.dll
  25. 2011-07-01 19:00 . 2011-05-29 16:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
  26. 2011-07-01 19:00 . 2011-07-01 19:00 -------- d-----w- c:\program files (x86)\Microsoft Security Client
  27. 2011-07-01 19:00 . 2011-07-01 19:00 -------- d-----w- c:\program files\Microsoft Security Client
  28. 2011-07-01 17:31 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE089114-261A-4E5C-A3A5-D66BF21CB067}\mpengine.dll
  29. 2011-06-26 22:23 . 2011-06-26 22:23 -------- d-----w- c:\program files (x86)\Cheat Engine 6.1
  30. 2011-06-25 22:52 . 2011-06-25 23:54 -------- d-----w- c:\program files (x86)\Duke Nukem Forever
  31. 2011-06-23 21:52 . 2011-06-23 21:52 -------- d-----w- c:\users\Dixon\AppData\Roaming\Day 1 Studios
  32. 2011-06-23 21:41 . 2011-06-23 21:41 -------- d-----w- c:\program files (x86)\WB Games
  33. 2011-06-19 07:03 . 2011-06-19 07:03 -------- d-----w- c:\programdata\Trend Micro
  34. 2011-06-19 06:45 . 2011-06-19 06:45 -------- d-----w- c:\program files (x86)\Trend Micro
  35. 2011-06-19 04:42 . 2011-07-01 19:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
  36. 2011-06-19 02:14 . 2011-06-23 06:24 -------- d-----w- c:\users\Dixon\AppData\Roaming\ApexDC++
  37. 2011-06-19 02:14 . 2011-06-23 06:24 -------- d-----w- c:\users\Dixon\AppData\Local\ApexDC++
  38. 2011-06-18 22:28 . 2011-06-22 06:33 -------- d-----w- c:\program files (x86)\Hotspot Shield
  39. 2011-06-18 20:19 . 2011-06-19 09:00 -------- d-----w- c:\program files (x86)\proXPN
  40. 2011-06-18 06:39 . 2011-06-18 06:39 -------- d-----w- c:\program files (x86)\Conduit
  41. 2011-06-18 06:39 . 2011-06-18 06:39 -------- d-----w- c:\program files (x86)\uTorrentBar
  42. 2011-06-18 06:39 . 2011-06-18 06:39 -------- d-----w- C:\extensions
  43. 2011-06-17 21:08 . 2011-06-17 21:08 -------- d-----w- c:\program files\iTunes
  44. 2011-06-17 21:08 . 2011-06-17 21:08 -------- d-----w- c:\program files (x86)\iTunes
  45. 2011-06-17 21:08 . 2011-06-17 21:08 -------- d-----w- c:\program files\iPod
  46. 2011-06-17 21:07 . 2011-06-17 21:07 -------- d-----w- c:\program files\Bonjour
  47. 2011-06-17 21:07 . 2011-06-17 21:07 -------- d-----w- c:\program files (x86)\Bonjour
  48. 2011-06-17 20:32 . 2011-06-17 20:32 -------- d-----w- c:\program files (x86)\Common Files\Adobe
  49. 2011-06-17 07:52 . 2011-06-17 07:52 -------- d-----w- c:\users\Dixon\AppData\Roaming\Malwarebytes
  50. 2011-06-17 07:51 . 2011-06-17 07:51 -------- d-----w- c:\programdata\Malwarebytes
  51. 2011-06-17 07:51 . 2011-05-29 16:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
  52. 2011-06-17 03:07 . 2011-06-17 03:07 -------- d-----w- c:\program files (x86)\WinPcap
  53. 2011-06-16 23:50 . 2011-06-16 23:50 -------- d-----w- c:\program files (x86)\WinSCP
  54. 2011-06-14 04:24 . 2011-06-14 04:24 -------- d-----w- c:\users\Dixon\AppData\Local\{775A4998-DDB3-4B98-B339-10DB03DB3DD9}
  55. 2011-06-14 04:23 . 2011-06-14 04:23 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c05eacf21cc2a4a03\InstallManager_WLE_WLE.exe
  56. 2011-06-14 02:42 . 2011-07-01 20:48 -------- d-sh--w- c:\windows\SysWow64\YIKYOR
  57. 2011-06-14 01:54 . 2011-07-01 20:48 -------- d-----w- c:\windows\SysWow64\FDGETO
  58. 2011-06-13 14:31 . 2011-07-01 20:48 -------- d-sh--w- c:\windows\SysWow64\KFVGMK
  59. 2011-06-13 14:28 . 2011-07-01 20:48 -------- d-sh--w- c:\windows\SysWow64\TJMFUT
  60. 2011-06-13 07:38 . 2011-07-01 20:48 -------- d-sh--w- c:\windows\SysWow64\PANMAU
  61. 2011-06-13 07:27 . 2011-07-01 20:48 -------- d-sh--w- c:\windows\SysWow64\NFWOAW
  62. 2011-06-13 06:48 . 2011-07-01 20:48 -------- d-sh--w- c:\windows\SysWow64\EIQAJB
  63. 2011-06-08 03:23 . 2011-06-14 23:54 -------- d-----w- c:\programdata\Skype Extras
  64. 2011-06-08 03:23 . 2011-06-08 03:23 -------- d-----w- c:\program files (x86)\Common Files\Skype
  65. 2011-06-06 19:55 . 2011-06-06 19:55 183696 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
  66. 2011-06-05 00:30 . 2011-06-05 00:30 -------- d-----w- c:\users\Dixon\AppData\Local\{C2D6102E-EF45-4DC3-8922-2B5BEDCE7EC3}
  67. .
  68. .
  69. .
  70. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  71. .
  72. 2011-06-25 22:52 . 2011-05-17 22:46 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  73. 2011-06-17 08:18 . 2011-03-10 00:56 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
  74. 2011-06-17 08:17 . 2011-01-25 01:06 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
  75. 2011-06-17 03:23 . 2009-07-13 23:57 23212544 ----a-w- c:\windows\system32\imageres.dll
  76. 2011-06-02 23:28 . 2011-06-02 23:28 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
  77. 2011-06-02 23:28 . 2011-06-02 23:28 161792 ----a-w- c:\windows\SysWow64\msls31.dll
  78. 2011-06-02 23:28 . 2011-06-02 23:28 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
  79. 2011-06-02 23:28 . 2011-06-02 23:28 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
  80. 2011-06-02 23:28 . 2011-06-02 23:28 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
  81. 2011-06-02 23:28 . 2011-06-02 23:28 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
  82. 2011-06-02 23:28 . 2011-06-02 23:28 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
  83. 2011-06-02 23:28 . 2011-06-02 23:28 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
  84. 2011-06-02 23:28 . 2011-06-02 23:28 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
  85. 2011-06-02 23:28 . 2011-06-02 23:28 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
  86. 2011-06-02 23:28 . 2011-06-02 23:28 367104 ----a-w- c:\windows\SysWow64\html.iec
  87. 2011-06-02 23:28 . 2011-06-02 23:28 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
  88. 2011-06-02 23:28 . 2011-06-02 23:28 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
  89. 2011-06-02 23:28 . 2011-06-02 23:28 152064 ----a-w- c:\windows\SysWow64\wextract.exe
  90. 2011-06-02 23:28 . 2011-06-02 23:28 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
  91. 2011-06-02 23:28 . 2011-06-02 23:28 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
  92. 2011-06-02 23:28 . 2011-06-02 23:28 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
  93. 2011-06-02 23:28 . 2011-06-02 23:28 11776 ----a-w- c:\windows\SysWow64\mshta.exe
  94. 2011-06-02 23:28 . 2011-06-02 23:28 101888 ----a-w- c:\windows\SysWow64\admparse.dll
  95. 2011-06-02 23:28 . 2011-06-02 23:28 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
  96. 2011-06-02 23:28 . 2011-06-02 23:28 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
  97. 2011-06-02 23:28 . 2011-06-02 23:28 76800 ----a-w- c:\windows\system32\tdc.ocx
  98. 2011-06-02 23:28 . 2011-06-02 23:28 49664 ----a-w- c:\windows\system32\imgutil.dll
  99. 2011-06-02 23:28 . 2011-06-02 23:28 48640 ----a-w- c:\windows\system32\mshtmler.dll
  100. 2011-06-02 23:28 . 2011-06-02 23:28 222208 ----a-w- c:\windows\system32\msls31.dll
  101. 2011-06-02 23:28 . 2011-06-02 23:28 173056 ----a-w- c:\windows\system32\ieUnatt.exe
  102. 2011-06-02 23:28 . 2011-06-02 23:28 1389056 ----a-w- c:\windows\system32\wininet.dll
  103. 2011-06-02 23:28 . 2011-06-02 23:28 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
  104. 2011-06-02 23:28 . 2011-06-02 23:28 12288 ----a-w- c:\windows\system32\mshta.exe
  105. 2011-06-02 23:28 . 2011-06-02 23:28 114176 ----a-w- c:\windows\system32\admparse.dll
  106. 2011-06-02 23:28 . 2011-06-02 23:28 111616 ----a-w- c:\windows\system32\iesysprep.dll
  107. 2011-06-02 23:28 . 2011-06-02 23:28 448512 ----a-w- c:\windows\system32\html.iec
  108. 2011-06-02 23:28 . 2011-06-02 23:28 85504 ----a-w- c:\windows\system32\iesetup.dll
  109. 2011-06-02 23:28 . 2011-06-02 23:28 603648 ----a-w- c:\windows\system32\vbscript.dll
  110. 2011-06-02 23:28 . 2011-06-02 23:28 30720 ----a-w- c:\windows\system32\licmgr10.dll
  111. 2011-06-02 23:28 . 2011-06-02 23:28 165888 ----a-w- c:\windows\system32\iexpress.exe
  112. 2011-06-02 23:28 . 2011-06-02 23:28 160256 ----a-w- c:\windows\system32\wextract.exe
  113. 2011-06-02 23:28 . 2011-06-02 23:28 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
  114. 2011-05-25 02:14 . 2011-01-22 04:10 270720 ------w- c:\windows\system32\MpSigStub.exe
  115. 2011-05-24 23:40 . 2011-05-24 23:40 56832 ----a-w- c:\windows\system32\drivers\HssDrv.sys
  116. 2011-05-10 15:06 . 2011-05-10 15:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
  117. 2011-05-10 15:06 . 2011-05-10 15:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
  118. 2011-04-27 22:25 . 2011-04-27 22:25 84864 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
  119. 2011-04-22 22:15 . 2011-05-25 00:35 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
  120. 2011-04-18 20:18 . 2011-04-18 20:18 40832 ----a-w- c:\windows\system32\drivers\MpNWMon.sys
  121. 2011-04-18 20:18 . 2011-04-18 20:18 189440 ----a-w- c:\windows\system32\drivers\MpFilter.sys
  122. 2011-04-10 01:55 . 2011-04-10 01:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
  123. 2011-04-10 01:55 . 2011-04-10 01:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
  124. 2011-04-09 07:02 . 2011-05-11 04:39 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
  125. 2011-04-09 06:58 . 2011-05-12 01:15 142336 ----a-w- c:\windows\system32\poqexec.exe
  126. 2011-04-09 06:02 . 2011-05-11 04:39 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
  127. 2011-04-09 06:02 . 2011-05-11 04:39 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
  128. 2011-04-09 05:56 . 2011-05-12 01:15 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
  129. 2011-04-06 23:26 . 2011-04-06 23:26 96544 ----a-w- c:\windows\system32\dnssd.dll
  130. 2011-04-06 23:26 . 2011-04-06 23:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
  131. 2011-04-06 23:26 . 2011-04-06 23:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
  132. 2011-04-06 23:26 . 2011-04-06 23:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
  133. 2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
  134. 2011-04-06 23:20 . 2011-04-06 23:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
  135. 2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
  136. 2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
  137. .
  138. .
  139. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  140. .
  141. .
  142. *Note* empty entries & legit default entries are not shown
  143. REGEDIT4
  144. .
  145. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  146. "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
  147. .
  148. [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
  149. .
  150. [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
  151. 2010-12-09 20:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
  152. .
  153. [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
  154. 2010-12-09 20:51 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTor.dll
  155. .
  156. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
  157. "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
  158. "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
  159. .
  160. [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
  161. .
  162. [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
  163. .
  164. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  165. "msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
  166. "SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-10-17 590056]
  167. .
  168. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  169. "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 336384]
  170. "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
  171. "Razer Mamba Driver"="c:\program files (x86)\Razer\Mamba\RazerTray.exe" [2009-12-15 3278728]
  172. "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
  173. "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-09-04 959488]
  174. "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
  175. "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
  176. "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
  177. "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
  178. "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
  179. "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
  180. "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
  181. "Lycosa"="c:\program files (x86)\Razer\Lycosa\razerhid.exe" [2011-03-01 233984]
  182. "Logitech G930"="c:\program files (x86)\Logitech\G930\G930.exe" [2011-03-23 1516888]
  183. "Razer Blackwidow Driver"="c:\program files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe" [2011-03-08 883616]
  184. "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
  185. "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
  186. "Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
  187. .
  188. c:\users\Dixon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
  189. Windows Live Messenger.lnk - c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe [2010-11-10 4240760]
  190. .
  191. c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
  192. HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
  193. .
  194. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  195. "ConsentPromptBehaviorAdmin"= 5 (0x5)
  196. "ConsentPromptBehaviorUser"= 3 (0x3)
  197. "EnableUIADesktopToggle"= 0 (0x0)
  198. .
  199. [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
  200. "{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
  201. .
  202. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  203. Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
  204. .
  205. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
  206. @="Service"
  207. .
  208. R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
  209. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
  210. R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-01-22 79360]
  211. R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-01-22 79360]
  212. R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
  213. R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
  214. R3 LADF_BakerCOnly;BakerC Filter Driver;c:\windows\system32\DRIVERS\ladfBakerCamd64.sys [x]
  215. R3 LADF_BakerROnly;BakerR Filter Driver;c:\windows\system32\DRIVERS\ladfBakerRamd64.sys [x]
  216. R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\DRIVERS\ladfDHP2amd64.sys [x]
  217. R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\DRIVERS\ladfSBVMamd64.sys [x]
  218. R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [x]
  219. R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
  220. R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
  221. R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
  222. R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
  223. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
  224. R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
  225. R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [x]
  226. R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
  227. R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
  228. R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
  229. R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
  230. R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
  231. R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
  232. S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
  233. S1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [x]
  234. S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
  235. S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
  236. S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
  237. S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-06-02 298824]
  238. S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2011-05-25 329544]
  239. S2 HyperDeskCustomThemeEnabler;HyperDesk's Custom Theme Enabler;c:\windows\Installer\MSI8642.tmp [2011-04-17 102400]
  240. S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2010-12-17 439632]
  241. S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-04-15 2280312]
  242. S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
  243. S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
  244. S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
  245. S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
  246. S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
  247. S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
  248. S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
  249. S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
  250. S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
  251. S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
  252. S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
  253. S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
  254. S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
  255. S3 TSCOMM;CommStudio Virtual Adapter by TamoSoft;c:\windows\system32\DRIVERS\tscomm.sys [x]
  256. S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [x]
  257. .
  258. .
  259. [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
  260. hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
  261. .
  262. Contents of the 'Scheduled Tasks' folder
  263. .
  264. 2011-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-745986013-3072718195-1801061463-1000Core.job
  265. - c:\users\Dixon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-22 04:12]
  266. .
  267. 2011-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-745986013-3072718195-1801061463-1000UA.job
  268. - c:\users\Dixon\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-22 04:12]
  269. .
  270. .
  271. --------- x86-64 -----------
  272. .
  273. .
  274. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
  275. 2011-05-24 23:41 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
  276. .
  277. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  278. "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-08 10867816]
  279. "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
  280. .
  281. [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
  282. "{F791A188-699D-4FD4-955A-EB59E89B1907}"= "c:\program files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll" [2010-01-28 104448]
  283. .
  284. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  285. "LoadAppInit_DLLs"=0x0
  286. .
  287. ------- Supplementary Scan -------
  288. .
  289. uLocal Page = c:\windows\system32\blank.htm
  290. uStart Page = hxxp://search.hotspotshield.com/g/?c=h
  291. mLocal Page = c:\windows\SysWOW64\blank.htm
  292. uInternet Settings,ProxyOverride = *.local
  293. IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
  294. IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
  295. TCP: DhcpNameServer = 192.168.1.1
  296. CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
  297. .
  298. - - - - ORPHANS REMOVED - - - -
  299. .
  300. Wow6432Node-HKCU-Run-Steam - d:\program files (x86)\Steam\steam.exe
  301. AddRemove-Bulletstorm_is1 - d:\games\TPTB\Bulletstorm\unins000.exe
  302. AddRemove-Steam App 10180 - d:\program files (x86)\Steam\steam.exe
  303. AddRemove-Steam App 10190 - d:\program files (x86)\Steam\steam.exe
  304. AddRemove-Steam App 1250 - d:\program files (x86)\Steam\steam.exe
  305. AddRemove-Steam App 17520 - d:\program files (x86)\Steam\steam.exe
  306. AddRemove-Steam App 220 - d:\program files (x86)\Steam\steam.exe
  307. AddRemove-Steam App 22350 - d:\program files (x86)\Steam\steam.exe
  308. AddRemove-Steam App 240 - d:\program files (x86)\Steam\steam.exe
  309. AddRemove-Steam App 33220 - d:\program files (x86)\Steam\steam.exe
  310. AddRemove-Steam App 380 - d:\program files (x86)\Steam\steam.exe
  311. AddRemove-Steam App 4000 - d:\program files (x86)\Steam\steam.exe
  312. AddRemove-Steam App 420 - d:\program files (x86)\Steam\steam.exe
  313. AddRemove-Steam App 42700 - d:\program files (x86)\Steam\steam.exe
  314. AddRemove-Steam App 42710 - d:\program files (x86)\Steam\steam.exe
  315. AddRemove-Steam App 550 - d:\program files (x86)\Steam\steam.exe
  316. AddRemove-Steam App 8850 - d:\program files (x86)\Steam\steam.exe
  317. AddRemove-Steam App 99850 - d:\program files (x86)\Steam\steam.exe
  318. AddRemove-Steam App 99900 - d:\program files (x86)\Steam\steam.exe
  319. .
  320. .
  321. .
  322. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HyperDeskCustomThemeEnabler]
  323. "ImagePath"="\"c:\windows\Installer\MSI8642.tmp\" -service"
  324. .
  325. --------------------- LOCKED REGISTRY KEYS ---------------------
  326. .
  327. [HKEY_USERS\S-1-5-21-745986013-3072718195-1801061463-1000\Software\SecuROM\License information*]
  328. "datasecu"=hex:8c,81,68,5b,9b,0c,5e,3e,f8,c1,75,78,a2,40,89,36,bb,fb,6c,62,e5,
  329. c7,2b,cf,34,47,4b,20,93,13,bf,5b,0e,57,6a,db,2a,6c,90,19,e4,0f,70,d5,11,7b,\
  330. "rkeysecu"=hex:42,c8,05,12,11,53,bc,26,69,c9,24,d3,f3,bd,d0,70
  331. .
  332. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  333. @Denied: (A 2) (Everyone)
  334. @="FlashBroker"
  335. "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe,-101"
  336. .
  337. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  338. "Enabled"=dword:00000001
  339. .
  340. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  341. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe"
  342. .
  343. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  344. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  345. .
  346. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  347. @Denied: (A 2) (Everyone)
  348. @="Shockwave Flash Object"
  349. .
  350. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
  351. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
  352. "ThreadingModel"="Apartment"
  353. .
  354. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
  355. @="0"
  356. .
  357. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
  358. @="ShockwaveFlash.ShockwaveFlash.10"
  359. .
  360. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  361. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
  362. .
  363. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
  364. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  365. .
  366. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
  367. @="1.0"
  368. .
  369. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  370. @="ShockwaveFlash.ShockwaveFlash"
  371. .
  372. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  373. @Denied: (A 2) (Everyone)
  374. @="Macromedia Flash Factory Object"
  375. .
  376. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  377. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
  378. "ThreadingModel"="Apartment"
  379. .
  380. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  381. @="FlashFactory.FlashFactory.1"
  382. .
  383. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  384. @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
  385. .
  386. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  387. @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
  388. .
  389. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  390. @="1.0"
  391. .
  392. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  393. @="FlashFactory.FlashFactory"
  394. .
  395. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  396. @Denied: (A 2) (Everyone)
  397. @="IFlashBroker4"
  398. .
  399. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  400. @="{00020424-0000-0000-C000-000000000046}"
  401. .
  402. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  403. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  404. "Version"="1.0"
  405. .
  406. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
  407. @Denied: (A) (Everyone)
  408. "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
  409. .
  410. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
  411. @Denied: (A) (Everyone)
  412. .
  413. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
  414. "Key"="ActionsPane3"
  415. "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
  416. .
  417. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  418. @Denied: (Full) (Everyone)
  419. .
  420. ------------------------ Other Running Processes ------------------------
  421. .
  422. c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  423. c:\program files (x86)\Bonjour\mDNSResponder.exe
  424. c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
  425. .
  426. **************************************************************************
  427. .
  428. Completion time: 2011-07-03 13:27:30 - machine was rebooted
  429. ComboFix-quarantined-files.txt 2011-07-03 20:27
  430. .
  431. Pre-Run: 463,381,774,336 bytes free
  432. Post-Run: 463,479,713,792 bytes free
  433. .
  434. - - End Of File - - 6A8AD399AD39BCBE78EDA64882CC5BCC
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!