API tools faq
paste
Advertisement
Ressy

Leaila

Ressy
Feb 7th, 2011
264
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.34 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 11-02-06.02 - Owner 02/07/2011 19:10:45.1.2 - x86
  2. Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3006.2250 [GMT -5:00]
  3. Running from: c:\users\Owner\Downloads\Combo-Fix.exe
  4. SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  5. * Created a new restore point
  6. .
  7.  
  8. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  9. .
  10.  
  11. c:\progra~2\Microsoft\Network\Downloader\qmgr0.dat
  12. c:\progra~2\Microsoft\Network\Downloader\qmgr1.dat
  13. c:\windows\system32\AutoRun.inf
  14. c:\windows\system32\KBL.LOG
  15.  
  16. ----- BITS: Possible infected sites -----
  17.  
  18. hxxp://updates.pitt.edu
  19. Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
  20. Restored copy from - Kitty had a snack :p
  21. .
  22. ((((((((((((((((((((((((( Files Created from 2011-01-08 to 2011-02-08 )))))))))))))))))))))))))))))))
  23. .
  24.  
  25. 2011-02-07 22:32 . 2011-02-07 22:32 -------- d-----w- c:\users\Owner\AppData\Local\CrashDumps
  26. 2011-02-06 22:48 . 2011-02-06 22:48 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
  27. 2011-02-06 22:48 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
  28. 2011-02-06 22:48 . 2011-02-06 22:48 -------- d-----w- c:\progra~2\Malwarebytes
  29. 2011-02-06 22:48 . 2011-02-06 22:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
  30. 2011-02-06 22:48 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
  31. 2011-02-06 18:41 . 2011-02-06 21:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
  32. 2011-02-06 18:41 . 2011-02-06 19:20 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
  33. 2011-02-06 04:00 . 2011-02-06 04:00 -------- d--h--w- c:\progra~2\Common Files
  34. 2011-02-06 03:56 . 2011-02-06 04:28 -------- d-----w- c:\progra~2\AVG10
  35. 2011-02-06 03:44 . 2011-02-06 03:55 -------- d-----w- c:\progra~2\MFAData
  36. 2011-02-05 03:55 . 2011-02-05 03:55 -------- d-----w- c:\users\Owner\AppData\Local\BuildAGadget Content
  37. 2011-02-04 22:01 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
  38. 2011-02-04 22:01 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
  39. 2011-02-04 01:21 . 2011-02-04 01:21 -------- d-----w- c:\users\Owner\AppData\Roaming\skypePM
  40. 2011-02-04 01:15 . 2011-02-04 01:15 -------- d-----w- c:\program files\Common Files\Skype
  41. 2011-02-04 01:15 . 2011-02-06 18:04 -------- d-----r- c:\program files\Skype
  42. 2011-02-04 01:15 . 2011-02-06 18:03 -------- d-----w- c:\users\Owner\AppData\Roaming\Skype
  43. 2011-02-04 01:15 . 2011-02-06 18:03 -------- d-----w- c:\progra~2\Skype
  44. 2011-02-03 01:37 . 2011-02-03 01:37 -------- d-----w- c:\users\Owner\AppData\Roaming\Tific
  45. 2011-02-03 01:16 . 2011-02-07 04:35 -------- d-----w- c:\program files\NortonInstaller
  46. 2011-01-29 06:38 . 2011-01-13 09:41 5890896 ----a-w- c:\progra~2\Microsoft\Windows Defender\Definition Updates\{AC25EF53-9363-4E2D-BF3A-896FC9F8172A}\mpengine.dll
  47. 2011-01-23 03:00 . 2011-02-06 18:04 -------- d-----w- c:\users\Public\CyberLink
  48. 2011-01-16 00:18 . 2011-01-16 00:18 -------- d--h--r- c:\users\Owner\AppData\Roaming\SecuROM
  49. 2011-01-15 23:38 . 2006-09-28 21:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
  50. 2011-01-15 23:38 . 2006-09-28 21:04 68888 ----a-w- c:\windows\system32\xinput1_3.dll
  51. 2011-01-15 23:36 . 2011-02-06 18:04 -------- d-----w- c:\windows\system32\AGEIA
  52. 2011-01-15 23:36 . 2011-02-06 18:04 -------- d-----w- c:\program files\AGEIA Technologies
  53. 2011-01-13 16:18 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
  54. 2011-01-13 16:18 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
  55. 2011-01-13 16:18 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
  56. 2011-01-13 16:18 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
  57. 2011-01-13 16:18 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
  58. 2011-01-13 16:18 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
  59. 2011-01-13 16:16 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
  60. 2011-01-11 23:08 . 2010-01-15 00:15 669184 ----atw- c:\windows\system32\PSR600A4.DLL
  61. 2011-01-11 23:07 . 2011-02-06 18:03 -------- d-----w- c:\program files\Pharos
  62.  
  63. .
  64. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  65. .
  66. 2011-01-06 03:57 . 2011-01-06 03:57 644360 ----a-w- c:\progra~2\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
  67. .
  68.  
  69. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  70. .
  71. .
  72. *Note* empty entries & legit default entries are not shown
  73. REGEDIT4
  74.  
  75. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  76. "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
  77. "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
  78. "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
  79. "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-10-02 1783136]
  80. "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
  81. "CurseClient"="c:\program files\Curse\CurseClient.exe" [2010-01-25 1845248]
  82. "BitTorrent DNA"="c:\users\Owner\Program Files\DNA\btdna.exe" [2009-11-13 323392]
  83. "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
  84.  
  85. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  86. "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
  87. "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
  88. "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
  89. "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
  90. "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
  91. "OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
  92. "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-10-09 86016]
  93. "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-09 81920]
  94. "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-09 8497696]
  95. "MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0417.0\mswinext.exe" [2010-07-06 240480]
  96. "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
  97. "MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
  98. "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
  99. "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
  100. "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
  101. "FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
  102. "dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
  103. "DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
  104. "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-08 159744]
  105. "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
  106. "MFARestart"="c:\programdata\MFAData\pack\avgrunasx.exe" [2010-11-24 241504]
  107. "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
  108.  
  109. c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
  110. OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
  111.  
  112. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  113. "EnableUIADesktopToggle"= 0 (0x0)
  114.  
  115. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
  116. @="Service"
  117.  
  118. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
  119. @="Driver"
  120.  
  121. [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
  122. "DisableMonitoring"=dword:00000001
  123.  
  124. [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
  125. "DisableMonitoring"=dword:00000001
  126.  
  127. [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  128. "DisableMonitoring"=dword:00000001
  129.  
  130. R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
  131. R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
  132. S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-11-03 537480]
  133. S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
  134. S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
  135.  
  136.  
  137. --- Other Services/Drivers In Memory ---
  138.  
  139. *Deregistered* - mchInjDrv
  140.  
  141. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  142. LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
  143.  
  144. [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
  145. 2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
  146. .
  147. .
  148. ------- Supplementary Scan -------
  149. .
  150. uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
  151. mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
  152. uInternet Settings,ProxyOverride = <local>
  153. IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
  154. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
  155. Trusted Zone: real.com\rhap-app-4-0
  156. Trusted Zone: real.com\rhapreg
  157. FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\wg8c7pf9.default\
  158. FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
  159. FF - prefs.js: browser.startup.homepage - my.yahoo.com
  160. FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
  161. FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
  162. FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
  163. FF - Ext: Ask Chrome Search Engine: askopensearch-VTS@ask.com - %profile%\extensions\askopensearch-VTS@ask.com
  164. FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
  165. FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
  166. FF - Ext: Aero Fox: {5c8bfb7c-9a54-11dc-8314-0800200c9a66} - %profile%\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
  167. FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
  168. FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
  169. FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
  170. FF - Ext: XULRunner: {5F51193C-9A92-436C-AA24-DE9FDA0ABE1A} - c:\users\Owner\AppData\Local\{5F51193C-9A92-436C-AA24-DE9FDA0ABE1A}
  171. .
  172. - - - - ORPHANS REMOVED - - - -
  173.  
  174. URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
  175. BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
  176. HKCU-Run-Aim6 - (no file)
  177. HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
  178. HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
  179. SafeBoot-MCODS
  180. AddRemove-Wow Web Stats Client v3.0 - c:\windows\system32\javaws.exe
  181.  
  182.  
  183.  
  184. **************************************************************************
  185.  
  186. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  187. Rootkit scan 2011-02-07 19:19
  188. Windows 6.0.6002 Service Pack 2 NTFS
  189.  
  190. scanning hidden processes ...
  191.  
  192. scanning hidden autostart entries ...
  193.  
  194. scanning hidden files ...
  195.  
  196. scan completed successfully
  197. hidden files: 0
  198.  
  199. **************************************************************************
  200.  
  201. [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
  202. "ImagePath"="a"
  203. .
  204. --------------------- LOCKED REGISTRY KEYS ---------------------
  205.  
  206. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  207. @Denied: (A) (Users)
  208. @Denied: (A) (Everyone)
  209. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  210. "BlindDial"=dword:00000000
  211.  
  212. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
  213. @Denied: (A) (Users)
  214. @Denied: (A) (Everyone)
  215. @Allowed: (B 1 2 3 4 5) (S-1-5-20)
  216. "BlindDial"=dword:00000000
  217. .
  218. Completion time: 2011-02-07 19:22:46
  219. ComboFix-quarantined-files.txt 2011-02-08 00:22
  220.  
  221. Pre-Run: 112,806,772,736 bytes free
  222. Post-Run: 112,274,866,176 bytes free
  223.  
  224. - - End Of File - - FAC89D1892C3C6D8D6527C588A691722
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!