API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jul 11th, 2017
578
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 23.21 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 11-01-10.07 - rohanz 13/01/2011 18:32:00.2.2 - x86
  2. Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3574.2531 [GMT 5.5:30]
  3. Running from: c:\users\rohanz\Downloads\ComboFix.exe
  4. AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
  5. AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
  6. FW: Avira FireWall *Enabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}
  7. FW: COMODO Firewall *Disabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
  8. FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
  9. SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
  10. SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
  11. SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
  12. SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  13. .
  14.  
  15. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  16. .
  17.  
  18. E:\install.exe
  19.  
  20. .
  21. ((((((((((((((((((((((((( Files Created from 2010-12-13 to 2011-01-13 )))))))))))))))))))))))))))))))
  22. .
  23.  
  24. 2011-01-13 13:59 . 2011-01-13 13:59 -------- d-----w- c:\users\Default\AppData\Local\temp
  25. 2011-01-13 06:55 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
  26. 2011-01-13 06:55 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
  27. 2011-01-13 06:55 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
  28. 2011-01-13 06:55 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
  29. 2011-01-13 06:55 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
  30. 2011-01-11 15:06 . 2011-01-11 15:06 -------- d-----w- C:\Intel
  31. 2011-01-11 11:01 . 2010-11-16 06:31 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{02CBDC59-D539-4A7A-A811-D0AE4CDCE326}\mpengine.dll
  32. 2011-01-11 09:47 . 2011-01-11 09:47 -------- d-----w- c:\program files\MSXML 4.0
  33. 2011-01-11 09:47 . 2011-01-11 09:47 -------- d-----w- c:\program files\Common Files\Microsoft Games
  34. 2011-01-10 07:33 . 2011-01-10 08:37 -------- d-----w- c:\program files\FreeTrack
  35. 2011-01-10 07:31 . 2011-01-10 07:31 -------- d-----w- c:\program files\Translate Client
  36. 2011-01-10 07:13 . 2011-01-10 07:13 0 ----a-w- c:\windows\VDMAF28.tmp
  37. 2011-01-10 07:13 . 2011-01-10 07:13 0 ----a-w- c:\windows\VDMAF27.tmp
  38. 2011-01-10 07:12 . 2011-01-10 07:12 0 ----a-w- c:\windows\VDM2E34.tmp
  39. 2011-01-10 07:12 . 2011-01-10 07:12 0 ----a-w- c:\windows\VDM2E33.tmp
  40. 2011-01-10 07:09 . 1997-10-08 08:36 27600 ----a-r- c:\windows\isk3ro.exe
  41. 2011-01-08 23:40 . 2011-01-08 23:40 0 ----a-w- c:\windows\VDM678D.tmp
  42. 2011-01-08 23:40 . 2011-01-08 23:40 0 ----a-w- c:\windows\VDM678C.tmp
  43. 2011-01-08 23:32 . 2011-01-08 23:32 0 ----a-w- c:\windows\VDM6115.tmp
  44. 2011-01-08 23:32 . 2011-01-08 23:32 0 ----a-w- c:\windows\VDM60F5.tmp
  45. 2011-01-08 23:32 . 2011-01-08 23:32 0 ----a-w- c:\windows\VDMF527.tmp
  46. 2011-01-08 23:32 . 2011-01-08 23:32 0 ----a-w- c:\windows\VDMF517.tmp
  47. 2011-01-08 23:25 . 2011-01-08 23:25 0 ----a-w- c:\windows\VDMB595.tmp
  48. 2011-01-08 23:25 . 2011-01-08 23:25 0 ----a-w- c:\windows\VDMB4F8.tmp
  49. 2011-01-08 23:24 . 2011-01-08 23:24 0 ----a-w- c:\windows\VDMF84D.tmp
  50. 2011-01-08 23:24 . 2011-01-08 23:24 0 ----a-w- c:\windows\VDMF84C.tmp
  51. 2011-01-08 23:23 . 2011-01-08 23:23 0 ----a-w- c:\windows\VDMD2B2.tmp
  52. 2011-01-08 23:23 . 2011-01-08 23:23 0 ----a-w- c:\windows\VDMD292.tmp
  53. 2011-01-08 23:18 . 2011-01-08 23:18 0 ----a-w- c:\windows\VDM8C9B.tmp
  54. 2011-01-08 23:18 . 2011-01-08 23:18 0 ----a-w- c:\windows\VDM8C9A.tmp
  55. 2011-01-08 23:12 . 2011-01-08 23:12 0 ----a-w- c:\windows\VDMF0F5.tmp
  56. 2011-01-08 23:10 . 2011-01-08 23:10 0 ----a-w- c:\windows\VDM787A.tmp
  57. 2011-01-08 23:10 . 2011-01-08 23:10 0 ----a-w- c:\windows\VDM783A.tmp
  58. 2011-01-08 23:09 . 2011-01-08 23:09 0 ----a-w- c:\windows\VDM2EEB.tmp
  59. 2011-01-08 23:09 . 2011-01-08 23:09 0 ----a-w- c:\windows\VDM2EEA.tmp
  60. 2011-01-08 23:07 . 2011-01-08 23:07 0 ----a-w- c:\windows\VDM681.tmp
  61. 2011-01-08 23:07 . 2011-01-08 23:07 0 ----a-w- c:\windows\VDM680.tmp
  62. 2011-01-08 23:05 . 2011-01-08 23:05 0 ----a-w- c:\windows\VDM6A5E.tmp
  63. 2011-01-08 23:04 . 2011-01-08 23:04 0 ----a-w- c:\windows\VDM23DC.tmp
  64. 2011-01-08 23:04 . 2011-01-08 23:04 0 ----a-w- c:\windows\VDM23DB.tmp
  65. 2011-01-08 22:58 . 2011-01-08 22:58 0 ----a-w- c:\windows\VDME39D.tmp
  66. 2011-01-08 22:53 . 2011-01-08 22:53 0 ----a-w- c:\windows\VDM9D59.tmp
  67. 2011-01-08 22:53 . 2011-01-08 22:53 0 ----a-w- c:\windows\VDM9D58.tmp
  68. 2011-01-08 22:52 . 2011-01-08 22:52 0 ----a-w- c:\windows\VDM5F7D.tmp
  69. 2011-01-08 22:52 . 2011-01-08 22:52 0 ----a-w- c:\windows\VDM5F6C.tmp
  70. 2011-01-08 22:47 . 2011-01-08 22:47 0 ----a-w- c:\windows\VDM4851.tmp
  71. 2011-01-08 22:44 . 2011-01-08 22:44 0 ----a-w- c:\windows\VDM289F.tmp
  72. 2011-01-08 22:41 . 2011-01-08 22:41 0 ----a-w- c:\windows\VDMAD09.tmp
  73. 2011-01-08 22:32 . 2011-01-08 22:32 0 ----a-w- c:\windows\VDM7362.tmp
  74. 2011-01-08 22:32 . 2011-01-08 22:32 0 ----a-w- c:\windows\VDM7351.tmp
  75. 2011-01-08 22:22 . 2011-01-08 22:22 0 ----a-w- c:\windows\VDMCC08.tmp
  76. 2011-01-08 22:22 . 2011-01-08 22:22 0 ----a-w- c:\windows\VDMCBD8.tmp
  77. 2011-01-08 22:20 . 2011-01-08 22:20 0 ----a-w- c:\windows\VDM6AB4.tmp
  78. 2011-01-08 22:20 . 2011-01-08 22:20 0 ----a-w- c:\windows\VDM6AB3.tmp
  79. 2011-01-08 22:18 . 2011-01-08 22:18 0 ----a-w- c:\windows\VDM8840.tmp
  80. 2011-01-08 22:18 . 2011-01-08 22:18 0 ----a-w- c:\windows\VDM883F.tmp
  81. 2011-01-08 22:18 . 2011-01-08 22:18 0 ----a-w- c:\windows\VDM70E7.tmp
  82. 2011-01-08 22:18 . 2011-01-08 22:18 0 ----a-w- c:\windows\VDM70E6.tmp
  83. 2011-01-08 22:09 . 2011-01-08 22:09 0 ----a-w- c:\windows\VDM4246.tmp
  84. 2011-01-08 22:09 . 2011-01-08 22:09 0 ----a-w- c:\windows\VDM4226.tmp
  85. 2011-01-08 22:09 . 2011-01-08 22:09 0 ----a-w- c:\windows\VDM2AAF.tmp
  86. 2011-01-08 22:09 . 2011-01-08 22:09 0 ----a-w- c:\windows\VDM2AAE.tmp
  87. 2011-01-08 22:03 . 2011-01-08 22:03 0 ----a-w- c:\windows\VDM5CD.tmp
  88. 2011-01-08 22:03 . 2011-01-08 22:03 0 ----a-w- c:\windows\VDMB359.tmp
  89. 2011-01-08 22:03 . 2011-01-08 22:03 0 ----a-w- c:\windows\VDMB339.tmp
  90. 2011-01-08 21:57 . 2011-01-08 21:57 0 ----a-w- c:\windows\VDME770.tmp
  91. 2011-01-08 21:57 . 2011-01-08 21:57 0 ----a-w- c:\windows\VDME76F.tmp
  92. 2011-01-08 21:21 . 2011-01-08 21:21 0 ----a-w- c:\windows\VDM67DD.tmp
  93. 2011-01-08 21:21 . 2011-01-08 21:21 0 ----a-w- c:\windows\VDM67DC.tmp
  94. 2011-01-08 21:17 . 2011-01-08 21:17 0 ----a-w- c:\windows\VDMD4E.tmp
  95. 2011-01-08 21:17 . 2011-01-08 21:17 0 ----a-w- c:\windows\VDMD4D.tmp
  96. 2011-01-08 21:17 . 2011-01-08 21:17 0 ----a-w- c:\windows\VDMC747.tmp
  97. 2011-01-08 21:06 . 2011-01-08 21:06 0 ----a-w- c:\windows\VDME5F9.tmp
  98. 2011-01-08 21:06 . 2011-01-08 21:06 0 ----a-w- c:\windows\VDME5F8.tmp
  99. 2011-01-08 20:54 . 2011-01-08 20:54 0 ----a-w- c:\windows\VDMBA72.tmp
  100. 2011-01-08 20:54 . 2011-01-08 20:54 0 ----a-w- c:\windows\VDMBA71.tmp
  101. 2011-01-08 20:50 . 2011-01-08 20:50 0 ----a-w- c:\windows\VDM3068.tmp
  102. 2011-01-08 20:50 . 2011-01-08 20:50 0 ----a-w- c:\windows\VDM3067.tmp
  103. 2011-01-08 20:43 . 2011-01-08 20:43 0 ----a-w- c:\windows\VDM6368.tmp
  104. 2011-01-08 20:43 . 2011-01-08 20:43 0 ----a-w- c:\windows\VDM6357.tmp
  105. 2011-01-08 20:43 . 2011-01-08 20:43 0 ----a-w- c:\windows\VDM2849.tmp
  106. 2011-01-08 20:43 . 2011-01-08 20:43 0 ----a-w- c:\windows\VDM2848.tmp
  107. 2011-01-08 20:36 . 2011-01-08 20:36 0 ----a-w- c:\windows\VDM2396.tmp
  108. 2011-01-08 20:36 . 2011-01-08 20:36 0 ----a-w- c:\windows\VDM2366.tmp
  109. 2011-01-08 20:33 . 2011-01-08 20:33 0 ----a-w- c:\windows\VDM619C.tmp
  110. 2011-01-08 20:33 . 2011-01-08 20:33 0 ----a-w- c:\windows\VDM619B.tmp
  111. 2011-01-08 20:16 . 2011-01-08 20:16 0 ----a-w- c:\windows\VDMB62B.tmp
  112. 2011-01-08 20:16 . 2011-01-08 20:16 0 ----a-w- c:\windows\VDMB61A.tmp
  113. 2011-01-08 20:13 . 2011-01-08 20:13 0 ----a-w- c:\windows\VDME840.tmp
  114. 2011-01-08 20:13 . 2011-01-08 20:13 0 ----a-w- c:\windows\VDME83F.tmp
  115. 2011-01-08 20:00 . 2011-01-08 20:00 0 ----a-w- c:\windows\VDM2451.tmp
  116. 2011-01-08 20:00 . 2011-01-08 20:00 0 ----a-w- c:\windows\VDM2450.tmp
  117. 2011-01-08 19:58 . 2011-01-08 19:58 0 ----a-w- c:\windows\VDM1EB4.tmp
  118. 2011-01-08 19:58 . 2011-01-08 19:58 0 ----a-w- c:\windows\VDM1EB3.tmp
  119. 2011-01-08 19:57 . 2011-01-08 19:57 0 ----a-w- c:\windows\VDM1C32.tmp
  120. 2011-01-08 19:37 . 2011-01-08 19:37 0 ----a-w- c:\windows\VDM4790.tmp
  121. 2011-01-08 19:37 . 2011-01-08 19:37 0 ----a-w- c:\windows\VDM4780.tmp
  122. 2011-01-08 19:26 . 2011-01-08 19:26 0 ----a-w- c:\windows\VDMC14F.tmp
  123. 2011-01-08 19:26 . 2011-01-08 19:26 0 ----a-w- c:\windows\VDMC14E.tmp
  124. 2011-01-08 19:24 . 2011-01-08 19:24 0 ----a-w- c:\windows\VDM6078.tmp
  125. 2011-01-08 19:24 . 2011-01-08 19:24 0 ----a-w- c:\windows\VDM6068.tmp
  126. 2011-01-08 19:17 . 2011-01-08 19:17 0 ----a-w- c:\windows\VDM12F3.tmp
  127. 2011-01-08 19:17 . 2011-01-08 19:17 0 ----a-w- c:\windows\VDM12F2.tmp
  128. 2011-01-08 19:03 . 2011-01-08 19:03 0 ----a-w- c:\windows\VDM8F02.tmp
  129. 2011-01-08 19:03 . 2011-01-08 19:03 0 ----a-w- c:\windows\VDM8F01.tmp
  130. 2011-01-08 19:02 . 2011-01-08 19:02 0 ----a-w- c:\windows\VDMD32F.tmp
  131. 2011-01-08 19:02 . 2011-01-08 19:02 0 ----a-w- c:\windows\VDMD2FF.tmp
  132. 2011-01-08 18:53 . 2011-01-08 18:53 0 ----a-w- c:\windows\VDM3124.tmp
  133. 2011-01-08 18:53 . 2011-01-08 18:53 0 ----a-w- c:\windows\VDM3123.tmp
  134. 2011-01-08 18:49 . 2011-01-08 18:49 0 ----a-w- c:\windows\VDMC777.tmp
  135. 2011-01-08 18:49 . 2011-01-08 18:49 0 ----a-w- c:\windows\VDMC776.tmp
  136. 2011-01-08 18:48 . 2011-01-08 18:48 0 ----a-w- c:\windows\VDM2E8E.tmp
  137. 2011-01-08 18:48 . 2011-01-08 18:48 0 ----a-w- c:\windows\VDM2E8D.tmp
  138. 2011-01-08 18:48 . 2011-01-08 18:48 0 ----a-w- c:\windows\VDMD095.tmp
  139. 2011-01-08 18:48 . 2011-01-08 18:48 0 ----a-w- c:\windows\VDMD094.tmp
  140. 2011-01-08 18:45 . 2011-01-08 18:45 0 ----a-w- c:\windows\VDMBFB1.tmp
  141. 2011-01-08 18:45 . 2011-01-08 18:45 0 ----a-w- c:\windows\VDMBFA1.tmp
  142. 2011-01-08 18:33 . 2011-01-08 18:33 0 ----a-w- c:\windows\VDM58E2.tmp
  143. 2011-01-08 18:33 . 2011-01-08 18:33 0 ----a-w- c:\windows\VDM58D1.tmp
  144. 2011-01-08 18:18 . 2011-01-08 18:18 0 ----a-w- c:\windows\VDMC9C9.tmp
  145. 2011-01-08 18:18 . 2011-01-08 18:18 0 ----a-w- c:\windows\VDM6B83.tmp
  146. 2011-01-08 18:18 . 2011-01-08 18:18 0 ----a-w- c:\windows\VDM6B82.tmp
  147. 2011-01-08 17:58 . 2011-01-08 17:58 0 ----a-w- c:\windows\VDM30EF.tmp
  148. 2011-01-08 17:58 . 2011-01-08 17:58 0 ----a-w- c:\windows\VDM30EE.tmp
  149.  
  150. .
  151. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  152. .
  153. 2010-11-27 13:01 . 2010-11-27 13:01 2288640 ----a-w- c:\windows\system32\python27.dll
  154. 2010-11-09 21:24 . 2010-11-09 21:24 49016 ----a-w- c:\windows\system32\sirenacm.dll
  155. 2010-11-09 20:58 . 2010-11-09 20:58 301936 ----a-w- c:\windows\WLXPGSS.SCR
  156. .
  157.  
  158. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  159. .
  160. .
  161. *Note* empty entries & legit default entries are not shown
  162. REGEDIT4
  163.  
  164. [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
  165. 2010-06-30 19:09 1425896 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
  166.  
  167. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  168. "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-30 1425896]
  169.  
  170. [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
  171. [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
  172. [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
  173. [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
  174.  
  175. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
  176. "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-30 1425896]
  177.  
  178. [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
  179. [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
  180. [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
  181. [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
  182.  
  183. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  184. "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-12-19 396152]
  185. "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
  186. "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
  187.  
  188. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  189. "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-05-07 344736]
  190. "VX1000"="c:\windows\vVX1000.exe" [2009-06-30 762208]
  191. "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
  192. "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
  193. "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
  194. "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
  195. "AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2011-01-03 9340872]
  196. "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-12-28 2548040]
  197. "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-05 281768]
  198.  
  199. c:\users\rohanz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
  200. Malwarebytes' Anti-Malware.lnk - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2011-1-2 963976]
  201. NetBalancer Tray.lnk - c:\program files\NetBalancer\SeriousBit.NetBalancer.Tray.exe [2011-1-6 79872]
  202.  
  203. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  204. "ConsentPromptBehaviorAdmin"= 5 (0x5)
  205. "ConsentPromptBehaviorUser"= 3 (0x3)
  206. "EnableUIADesktopToggle"= 0 (0x0)
  207.  
  208. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
  209. "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\windows\System32\guard32.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
  210.  
  211. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  212. "mixer1"=wdmaud.drv
  213.  
  214. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  215. Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
  216.  
  217. [HKLM\~\startupfolder\C:^Users^rohanz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Outlook 2010.lnk]
  218. path=c:\users\rohanz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Outlook 2010.lnk
  219. backup=c:\windows\pss\Microsoft Outlook 2010.lnk.Startup
  220. backupExtension=.Startup
  221.  
  222. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
  223. 2010-11-10 07:19 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
  224.  
  225. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
  226. 2010-11-10 07:19 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
  227.  
  228. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
  229. 2010-03-05 22:14 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
  230.  
  231. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
  232. 2010-02-21 23:27 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
  233.  
  234. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
  235. 2010-12-19 13:45 136176 ----atw- c:\users\rohanz\AppData\Local\Google\Update\GoogleUpdate.exe
  236.  
  237. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
  238. 2010-11-09 21:24 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
  239.  
  240. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
  241. 2010-01-16 04:24 717696 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
  242.  
  243. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
  244. 2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
  245.  
  246. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
  247. 2010-02-19 08:07 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
  248.  
  249. [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
  250. "DisableMonitoring"=dword:00000001
  251.  
  252. R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-05-06 132184]
  253. R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
  254. R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
  255. R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
  256. R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
  257. R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-20 1343400]
  258. R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
  259. R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-09 242712]
  260. R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
  261. R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
  262. S1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2011-01-03 121288]
  263. S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2011-01-05 102856]
  264. S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-12-28 236600]
  265. S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-12-28 35256]
  266. S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
  267. S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2011-01-05 539304]
  268. S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-01-05 339624]
  269. S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-05 135336]
  270. S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-01-05 403624]
  271. S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
  272. S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
  273. S2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2010-12-10 10240]
  274. S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
  275. S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
  276. S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2011-01-05 79432]
  277. S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-02-11 114952]
  278. S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
  279. S3 Nbdrv;NetBalancer Service;c:\windows\system32\DRIVERS\nbdrv.sys [2010-05-14 28776]
  280. S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
  281.  
  282. .
  283. Contents of the 'Scheduled Tasks' folder
  284.  
  285. 2011-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4253880287-1621139973-2272405923-1000Core.job
  286. - c:\users\rohanz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 13:45]
  287.  
  288. 2011-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4253880287-1621139973-2272405923-1000UA.job
  289. - c:\users\rohanz\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-19 13:45]
  290. .
  291. .
  292. ------- Supplementary Scan -------
  293. .
  294. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
  295. IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
  296. LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
  297. TCP: {7852765C-60BF-4A82-920C-EB0A204B91C1} = 156.154.70.22,156.154.71.22
  298. Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
  299. FF - ProfilePath - c:\users\rohanz\AppData\Roaming\Mozilla\Firefox\Profiles\ukighwcf.default\
  300. FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
  301. FF - Ext: Kaspersky Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
  302. FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
  303. FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
  304. FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
  305. FF - Ext: afurladvisor: afurladvisor@anchorfree.com - c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
  306. FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
  307. FF - Ext: Cooliris: piclens@cooliris.com - %profile%\extensions\piclens@cooliris.com
  308. FF - Ext: KeyScrambler: keyscrambler@qfx.software.corporation - %profile%\extensions\keyscrambler@qfx.software.corporation
  309. FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
  310. FF - Ext: AnchorFree Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
  311. FF - Ext: FacePAD: Facebook Photo Album Downloader: facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com
  312. .
  313. - - - - ORPHANS REMOVED - - - -
  314.  
  315. HKCU-Run-AdobeBridge - (no file)
  316.  
  317.  
  318. .
  319. --------------------- LOCKED REGISTRY KEYS ---------------------
  320.  
  321. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  322. @Denied: (A 2) (Everyone)
  323. @="FlashBroker"
  324. "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
  325.  
  326. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
  327. "Enabled"=dword:00000001
  328.  
  329. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
  330. @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
  331.  
  332. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
  333. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  334.  
  335. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  336. @Denied: (A 2) (Everyone)
  337. @="IFlashBroker4"
  338.  
  339. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
  340. @="{00020424-0000-0000-C000-000000000046}"
  341.  
  342. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
  343. @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
  344. "Version"="1.0"
  345.  
  346. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  347. @Denied: (Full) (Everyone)
  348. .
  349. --------------------- DLLs Loaded Under Running Processes ---------------------
  350.  
  351. - - - - - - - > 'winlogon.exe'(712)
  352. c:\windows\System32\guard32.dll
  353.  
  354. - - - - - - - > 'lsass.exe'(672)
  355. c:\windows\system32\guard32.dll
  356. .
  357. Completion time: 2011-01-13 21:29:30
  358. ComboFix-quarantined-files.txt 2011-01-13 15:58
  359.  
  360. Pre-Run: 1,346,531,328 bytes free
  361. Post-Run: 1,375,092,736 bytes free
  362.  
  363. - - End Of File - - 38074F896C22AF42D4F4402D26CC155E
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!