%windir%\system32\cmd.exe /c "start %cd%RECYCLER\18cb2562.exe &&%windir%\explorer.exe %cd%Minecraft
ComboFix 12-03-22.01 - aaa 24-Mar-12 5:37.1.2 - x86
Microsoft Windows 7 Home Basic 6.1.7600.0.1252.1.1033.18.2047.1016 [GMT 5.5:30]
Running from: c:\users\aaa\Downloads\Programs\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\aaa\AppData\Local\assembly\tmp
c:\users\aaa\AppData\Local\TempDIR
c:\users\aaa\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\aaa\AppData\Roaming\chrtmp
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\chrome.manifest
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\chrome\idmmzcc.jar
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\components\iIDMMzCC.xpt
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper.js
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\components2\idmhelper2.js
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc.dll
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\components2\idmmzcc64.dll
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper.xpt
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\components2\iIDMHelper2.xpt
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\components2\iIDMMzCC.xpt
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\install.js
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\install.rdf
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\META-INF\manifest.mf
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.rsa
c:\users\aaa\AppData\Roaming\IDM\idmmzcc3\META-INF\zigbert.sf
K:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-02-24 to 2012-03-24 )))))))))))))))))))))))))))))))
.
.
2019-08-20 05:43 . 2019-11-27 19:29 -------- d-----w- c:\users\aaa\AppData\Local\ElevatedDiagnostics
2012-03-24 00:16 . 2012-03-24 00:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-23 21:41 . 2012-03-23 21:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-23 21:41 . 2011-12-10 09:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 06:52 . 2012-03-21 06:52 -------- d-----w- c:\users\aaa\AppData\Local\BigHugeEngine
2012-03-20 05:35 . 2012-03-20 05:35 -------- d-----w- C:\Ikinari Osananajimi
2012-03-20 05:33 . 2012-03-20 05:34 -------- d-----w- C:\Minamoto-kun Monogatari
2012-03-15 08:40 . 2012-03-15 08:40 -------- d-----w- C:\Unbalance X Unbalance
2012-03-15 08:10 . 2012-03-15 08:43 -------- d-----w- C:\Rika
2012-03-15 07:31 . 2012-03-15 07:48 -------- d-----w- C:\Mahou no Iroha!
2012-03-15 06:38 . 2012-03-15 10:21 -------- d-----w- C:\Archlord
2012-03-15 00:22 . 2012-03-15 00:22 -------- d-----w- c:\program files\Common Files\Steam
2012-03-15 00:22 . 2012-03-24 00:07 -------- d-----w- c:\program files\Steams
2012-03-14 23:17 . 2012-03-21 08:26 -------- d-----w- c:\users\UpdatusUser
2012-03-14 23:15 . 2012-02-29 23:59 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-14 23:15 . 2012-02-29 23:59 5892928 ----a-w- c:\windows\system32\nvcuda.dll
2012-03-14 23:15 . 2012-02-29 23:59 2517312 ----a-w- c:\windows\system32\nvcuvid.dll
2012-03-14 23:15 . 2012-02-29 23:59 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-03-14 23:15 . 2012-02-29 23:59 19444544 ----a-w- c:\windows\system32\nvoglv32.dll
2012-03-14 23:15 . 2012-02-29 23:59 17543488 ----a-w- c:\windows\system32\nvcompiler.dll
2012-03-14 23:15 . 2012-02-29 23:59 10819392 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-03-14 09:34 . 2012-03-14 09:34 -------- d-----w- C:\found.000
2012-03-03 09:26 . 2012-03-05 10:11 -------- d-----w- C:\ID
2012-03-03 08:53 . 2012-03-03 09:00 -------- d-----w- C:\Onikirisama No Hakoirimusume
2012-03-03 08:38 . 2012-03-03 08:50 -------- d-----w- C:\Umi No Misaki
2012-02-29 07:56 . 2012-02-29 07:56 416064 ----a-w- c:\windows\system32\nvStreaming.exe
2012-02-28 07:36 . 2012-02-28 08:09 -------- d-----w- C:\Omamori Himari
2012-02-25 12:42 . 2012-02-25 12:42 -------- d-----w- C:\Pokemon Black & White PC[Hyperdrive25]
2012-02-25 12:37 . 2012-03-24 04:20 -------- d-----w- C:\Downloads
2012-02-23 15:32 . 2012-02-23 15:56 -------- d-----w- C:\Seikoku No Ryuu Kishi
2012-02-23 15:11 . 2012-02-23 15:17 -------- d-----w- C:\Onihime VS
2012-02-23 15:10 . 2012-02-23 15:12 -------- d-----w- C:\Nyankoi!
2012-02-23 13:38 . 2012-02-23 14:07 -------- d-----w- C:\Hekikai no AiON
2012-02-23 13:30 . 2012-02-23 14:58 -------- d-----w- C:\Dragon Who
2012-02-23 12:33 . 2012-02-23 13:26 -------- d-----w- C:\Momoiro Sango
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 23:59 . 2011-09-04 08:56 881984 ----a-w- c:\windows\system32\nvgenco32.dll
2012-02-29 23:59 . 2011-09-04 08:56 2301248 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:59 . 2011-09-04 08:56 1000256 ----a-w- c:\windows\system32\nvdispco32.dll
2012-02-29 23:59 . 2009-07-13 22:09 7713088 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-02-29 23:59 . 2009-06-10 21:19 15009600 ----a-w- c:\windows\system32\nvd3dum.dll
2012-02-29 20:56 . 2011-09-04 08:56 3881792 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:55 . 2011-09-04 08:56 2719040 ----a-w- c:\windows\system32\nvsvc.dll
2012-02-29 20:53 . 2011-09-04 08:56 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 20:53 . 2011-09-04 08:56 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-02-29 20:53 . 2011-09-04 08:56 62272 ----a-w- c:\windows\system32\nvshext.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 15:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-04-04 3278232]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-13 39408]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-08-18 67456]
"Steam"="c:\program files\Steams\steam.exe" [2012-03-15 1242448]
"Steam"="c:\program files\Steams\steam.exe" [2012-03-15 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-08-15 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Razer Naga Driver"="c:\program files\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-13 135664]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-08-13 135664]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 25112]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-13 1343400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-08-13 691696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-08-15 136360]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-03-28 86792]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-29 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [2009-07-13 47104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-03-31 103424]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-13 06:07]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-13 06:07]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1875463198-1878521284-4275246811-1000Core.job
- c:\users\aaa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-13 06:07]
.
2012-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1875463198-1878521284-4275246811-1000UA.job
- c:\users\aaa\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-13 06:07]
.
2012-03-24 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\smartd~1\Messages\SDNotify.exe [2011-12-18 18:22]
.
.
------- Supplementary Scan -------
.
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{33A22B2D-55BA-4508-B767-BF2E9C21A73F} - c:\program files (x86)\InstallShield Installation Information\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}\setup.exe
.
.
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bdbybz"="c:\\Users\\aaa\\AppData\\Roaming\\Bdbybz.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1875463198-1878521284-4275246811-1000_Classes\CLSID\{017900f3-dc7e-4318-97f8-7651578f8fde}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e8
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,3d,f6,71,65,13,40,c1,17,05,5d,b7,6b,69,6e,15,db,b0,3e,d7,50,a3,8d,\
.
[HKEY_USERS\S-1-5-21-1875463198-1878521284-4275246811-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):b3,04,2c,73,32,71,72,f8,89,e9,34,3c,03,83,3c,68,ca,06,63,f5,1e,
11,75,d0,b4,53,f0,6a,7c,6a,4c,d9,04,cd,30,9d,8e,a5,33,8d,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-24 05:52:54
ComboFix-quarantined-files.txt 2012-03-24 00:22
.
Pre-Run: 30,828,048,384 bytes free
Post-Run: 30,679,367,680 bytes free
.
- - End Of File - - 11EB41EC044356C1B95E852AA163DBD8