Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ComboFix 11-02-06.02 - Owner 02/07/2011 19:10:45.1.2 - x86
- Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.2250 [GMT -5:00]
- Running from: c:\users\Owner\Downloads\Combo-Fix.exe
- SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
- * Created a new restore point
- .
- ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
- .
- c:\progra~2\Microsoft\Network\Downloader\qmgr0.dat
- c:\progra~2\Microsoft\Network\Downloader\qmgr1.dat
- c:\windows\system32\AutoRun.inf
- c:\windows\system32\KBL.LOG
- ----- BITS: Possible infected sites -----
- hxxp://updates.pitt.edu
- Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
- Restored copy from - Kitty had a snack :p
- .
- ((((((((((((((((((((((((( Files Created from 2011-01-08 to 2011-02-08 )))))))))))))))))))))))))))))))
- .
- 2011-02-07 22:32 . 2011-02-07 22:32 -------- d-----w- c:\users\Owner\AppData\Local\CrashDumps
- 2011-02-06 22:48 . 2011-02-06 22:48 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
- 2011-02-06 22:48 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
- 2011-02-06 22:48 . 2011-02-06 22:48 -------- d-----w- c:\progra~2\Malwarebytes
- 2011-02-06 22:48 . 2011-02-06 22:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
- 2011-02-06 22:48 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
- 2011-02-06 18:41 . 2011-02-06 21:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
- 2011-02-06 18:41 . 2011-02-06 19:20 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
- 2011-02-06 04:00 . 2011-02-06 04:00 -------- d--h--w- c:\progra~2\Common Files
- 2011-02-06 03:56 . 2011-02-06 04:28 -------- d-----w- c:\progra~2\AVG10
- 2011-02-06 03:44 . 2011-02-06 03:55 -------- d-----w- c:\progra~2\MFAData
- 2011-02-05 03:55 . 2011-02-05 03:55 -------- d-----w- c:\users\Owner\AppData\Local\BuildAGadget Content
- 2011-02-04 22:01 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
- 2011-02-04 22:01 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
- 2011-02-04 01:21 . 2011-02-04 01:21 -------- d-----w- c:\users\Owner\AppData\Roaming\skypePM
- 2011-02-04 01:15 . 2011-02-04 01:15 -------- d-----w- c:\program files\Common Files\Skype
- 2011-02-04 01:15 . 2011-02-06 18:04 -------- d-----r- c:\program files\Skype
- 2011-02-04 01:15 . 2011-02-06 18:03 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype
- 2011-02-04 01:15 . 2011-02-06 18:03 -------- d-----w- c:\progra~2\Skype
- 2011-02-03 01:37 . 2011-02-03 01:37 -------- d-----w- c:\users\Owner\AppData\Roaming\Tific
- 2011-02-03 01:16 . 2011-02-07 04:35 -------- d-----w- c:\program files\NortonInstaller
- 2011-01-29 06:38 . 2011-01-13 09:41 5890896 ----a-w- c:\progra~2\Microsoft\Windows Defender\Definition Updates\{AC25EF53-9363-4E2D-BF3A-896FC9F8172A}\mpengine.dll
- 2011-01-23 03:00 . 2011-02-06 18:04 -------- d-----w- c:\users\Public\CyberLink
- 2011-01-16 00:18 . 2011-01-16 00:18 -------- d--h--r- c:\users\Owner\AppData\Roaming\SecuROM
- 2011-01-15 23:38 . 2006-09-28 21:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
- 2011-01-15 23:38 . 2006-09-28 21:04 68888 ----a-w- c:\windows\system32\xinput1_3.dll
- 2011-01-15 23:36 . 2011-02-06 18:04 -------- d-----w- c:\windows\system32\AGEIA
- 2011-01-15 23:36 . 2011-02-06 18:04 -------- d-----w- c:\program files\AGEIA Technologies
- 2011-01-13 16:18 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
- 2011-01-13 16:18 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
- 2011-01-13 16:18 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
- 2011-01-13 16:18 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
- 2011-01-13 16:18 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
- 2011-01-13 16:18 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
- 2011-01-13 16:16 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
- 2011-01-11 23:08 . 2010-01-15 00:15 669184 ----atw- c:\windows\system32\PSR600A4.DLL
- 2011-01-11 23:07 . 2011-02-06 18:03 -------- d-----w- c:\program files\Pharos
- .
- (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- 2011-01-06 03:57 . 2011-01-06 03:57 644360 ----a-w- c:\progra~2\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
- .
- ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
- .
- .
- *Note* empty entries & legit default entries are not shown
- REGEDIT4
- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
- "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
- "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
- "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 1783136]
- "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
- "CurseClient"="c:\program files\Curse\CurseClient.exe" [2010-01-25 1845248]
- "BitTorrent DNA"="c:\users\Owner\Program Files\DNA\btdna.exe" [2009-11-13 323392]
- "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
- "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
- "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
- "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
- "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
- "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
- "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
- "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-09 86016]
- "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-09 81920]
- "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-09 8497696]
- "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
- "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
- "MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
- "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
- "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
- "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
- "FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
- "dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
- "DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
- "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-08 159744]
- "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
- "MFARestart"="c:\programdata\MFAData\pack\avgrunasx.exe" [2010-11-24 241504]
- "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
- c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
- OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
- "EnableUIADesktopToggle"= 0 (0x0)
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
- @="Service"
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
- @="Driver"
- [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
- "DisableMonitoring"=dword:00000001
- [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
- "DisableMonitoring"=dword:00000001
- [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
- "DisableMonitoring"=dword:00000001
- R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
- R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
- S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-11-03 537480]
- S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
- S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
- --- Other Services/Drivers In Memory ---
- *Deregistered* - mchInjDrv
- [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
- LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
- [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
- 2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
- .
- .
- ------- Supplementary Scan -------
- .
- uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
- mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
- uInternet Settings,ProxyOverride = <local>
- IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
- IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
- Trusted Zone: real.com\rhap-app-4-0
- Trusted Zone: real.com\rhapreg
- FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wg8c7pf9.default\
- FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
- FF - prefs.js: browser.startup.homepage - my.yahoo.com
- FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
- FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
- FF - Ext: Ask Chrome Search Engine: askopensearch-VTS@ask.com - %profile%\extensions\askopensearch-VTS@ask.com
- FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
- FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- FF - Ext: Aero Fox: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
- FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
- FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
- FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
- FF - Ext: XULRunner: {5F51193C-9A92-436C-AA24-DE9FDA0ABE1A} - c:\users\Owner\AppData\Local\{5F51193C-9A92-436C-AA24-DE9FDA0ABE1A}
- .
- - - - - ORPHANS REMOVED - - - -
- URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
- BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
- HKCU-Run-Aim6 - (no file)
- HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
- HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
- SafeBoot-MCODS
- AddRemove-Wow Web Stats Client v3.0 - c:\windows\system32\javaws.exe
- **************************************************************************
- catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
- Rootkit scan 2011-02-07 19:19
- Windows 6.0.6002 Service Pack 2 NTFS
- scanning hidden processes ...
- scanning hidden autostart entries ...
- scanning hidden files ...
- scan completed successfully
- hidden files: 0
- **************************************************************************
- [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
- "ImagePath"="a"
- .
- --------------------- LOCKED REGISTRY KEYS ---------------------
- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
- @Denied: (A) (Users)
- @Denied: (A) (Everyone)
- @Allowed: (B 1 2 3 4 5) (S-1-5-20)
- "BlindDial"=dword:00000000
- [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
- @Denied: (A) (Users)
- @Denied: (A) (Everyone)
- @Allowed: (B 1 2 3 4 5) (S-1-5-20)
- "BlindDial"=dword:00000000
- .
- Completion time: 2011-02-07 19:22:46
- ComboFix-quarantined-files.txt 2011-02-08 00:22
- Pre-Run: 112,806,772,736 bytes free
- Post-Run: 112,274,866,176 bytes free
- - - End Of File - - FAC89D1892C3C6D8D6527C588A691722
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement