API tools faq
paste
Ressy

Untitled

Ressy
Feb 7th, 2011
114
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.10 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 11-02-06.02 - HP_Administrator 02/07/2011 12:08:16.2.2 - x86
  2. Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1604 [GMT -5:00]
  3. Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
  4. AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
  5. .
  6.  
  7. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  8. .
  9.  
  10. Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
  11. Restored copy from - Kitty had a snack :p
  12. .
  13. ((((((((((((((((((((((((( Files Created from 2011-01-07 to 2011-02-07 )))))))))))))))))))))))))))))))
  14. .
  15.  
  16. 2011-02-07 13:49 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
  17. 2011-02-07 13:49 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
  18. 2011-02-07 13:39 . 2011-02-07 13:39 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Temp
  19. 2011-02-07 04:32 . 2011-02-07 16:32 -------- d-----w- c:\program files\World of Warcraft
  20. 2011-02-04 02:44 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
  21. 2011-02-04 02:44 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
  22.  
  23. .
  24. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  25. .
  26. 2011-01-08 12:03 . 2011-01-08 12:03 388096 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
  27. 2011-01-08 03:27 . 2010-08-13 21:53 61440 ----a-w- c:\windows\system32\OpenCL.dll
  28. 2011-01-08 03:27 . 2010-08-13 21:53 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
  29. 2011-01-08 03:27 . 2009-08-06 14:50 4980736 ----a-w- c:\windows\system32\nvcuda.dll
  30. 2011-01-08 03:27 . 2009-08-06 14:50 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
  31. 2011-01-08 03:27 . 2009-08-06 14:50 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
  32. 2011-01-08 03:27 . 2009-08-06 14:50 1958400 ----a-w- c:\windows\system32\nvapi.dll
  33. 2011-01-08 03:27 . 2009-08-06 14:50 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
  34. 2011-01-08 03:27 . 2009-02-18 18:44 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
  35. 2011-01-08 03:27 . 2009-02-18 18:44 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
  36. 2011-01-08 00:56 . 2011-01-08 00:56 81920 ----a-w- c:\windows\system32\nvwddi.dll
  37. 2011-01-08 00:56 . 2011-01-08 00:56 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
  38. 2011-01-08 00:56 . 2011-01-08 00:56 277608 ----a-w- c:\windows\system32\nvmccs.dll
  39. 2011-01-08 00:56 . 2011-01-08 00:56 156776 ----a-w- c:\windows\system32\nvsvc32.exe
  40. 2011-01-08 00:56 . 2011-01-08 00:56 145000 ----a-w- c:\windows\system32\nvcolor.exe
  41. 2011-01-08 00:56 . 2011-01-08 00:56 13880424 ----a-w- c:\windows\system32\nvcpl.dll
  42. 2011-01-08 00:56 . 2011-01-08 00:56 111208 ----a-w- c:\windows\system32\nvmctray.dll
  43. 2011-01-04 02:57 . 2011-01-04 02:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
  44. 2011-01-04 02:57 . 2010-07-07 19:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
  45. 2011-01-01 23:57 . 2011-01-01 23:57 0 ----a-w- c:\windows\system32\drivers\sst3A3.tmp
  46. 2010-12-29 07:04 . 2010-10-17 18:24 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
  47. 2010-12-20 23:09 . 2009-04-30 20:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
  48. 2010-12-20 23:08 . 2009-04-30 20:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
  49. 2010-11-23 04:00 . 2010-10-17 18:24 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
  50. 2010-11-18 18:12 . 2004-08-09 21:00 81920 ----a-w- c:\windows\system32\isign32.dll
  51. 2004-08-09 21:00 94784 -csh--w- c:\windows\twain.dll
  52. 2008-04-14 00:12 50688 --sh--w- c:\windows\twain_32.dll
  53. 2004-07-30 07:04 1216 -csh--w- c:\windows\Twunk_16.dll
  54. 2004-07-30 07:04 1216 -csh--w- c:\windows\Twunk_32.dll
  55. 2010-09-18 06:53 974848 --sha-w- c:\windows\system32\mfc42.dll
  56. 2008-04-14 00:12 57344 --sha-w- c:\windows\system32\msvcirt.dll
  57. 2008-04-14 00:12 413696 --sha-w- c:\windows\system32\msvcp60.dll
  58. 2008-04-14 00:12 551936 --sh--w- c:\windows\system32\oleaut32.dll
  59. 2008-04-14 00:12 11776 --sh--w- c:\windows\system32\regsvr32.exe
  60. .
  61.  
  62. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  63. .
  64. .
  65. *Note* empty entries & legit default entries are not shown
  66. REGEDIT4
  67.  
  68. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  69. "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
  70.  
  71. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  72. "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208]
  73. "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424]
  74. "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
  75.  
  76. c:\documents and settings\All Users\Start Menu\Programs\Startup\
  77. Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
  78.  
  79. [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
  80. "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
  81.  
  82. [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
  83. "DisableMonitoring"=dword:00000001
  84.  
  85. [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
  86. "DisableMonitoring"=dword:00000001
  87.  
  88. [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  89. "DisableMonitoring"=dword:00000001
  90.  
  91. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  92. "%windir%\\system32\\sessmgr.exe"=
  93. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
  94. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
  95. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
  96. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
  97. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
  98. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
  99. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
  100. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
  101. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
  102. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
  103. "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
  104. "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
  105. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
  106. "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
  107. "c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
  108. "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
  109. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  110. "c:\\Program Files\\DISC\\DISCover.exe"=
  111. "c:\\Program Files\\DISC\\DiscStreamHub.exe"=
  112. "c:\\Program Files\\World of Warcraft\\Launcher.exe"=
  113.  
  114. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  115. "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
  116.  
  117. R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/17/2010 1:24 PM 135336]
  118. S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
  119. S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/9/2004 4:00 PM 14336]
  120. S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
  121.  
  122. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  123. WINRM REG_MULTI_SZ WINRM
  124. .
  125. .
  126. ------- Supplementary Scan -------
  127. .
  128. uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=7.0unattached&bm=ho_central
  129. uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
  130. uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
  131. mStart Page = hxxp://www.yahoo.com/
  132. mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
  133. uInternet Connection Wizard,ShellNext = iexplore
  134. uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
  135. IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
  136. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
  137. IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
  138. IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
  139. IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
  140. Trusted Zone: trymedia.com
  141. FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qn66q4k4.default\
  142. FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
  143. FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
  144. FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
  145. FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
  146. FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
  147. FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
  148. FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
  149. .
  150. - - - - ORPHANS REMOVED - - - -
  151.  
  152. AddRemove-World of Warcraft - c:\program files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
  153.  
  154.  
  155.  
  156. **************************************************************************
  157.  
  158. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  159. Rootkit scan 2011-02-07 12:13
  160. Windows 5.1.2600 Service Pack 3 NTFS
  161.  
  162. scanning hidden processes ...
  163.  
  164. scanning hidden autostart entries ...
  165.  
  166. scanning hidden files ...
  167.  
  168. scan completed successfully
  169. hidden files: 0
  170.  
  171. **************************************************************************
  172. .
  173. --------------------- LOCKED REGISTRY KEYS ---------------------
  174.  
  175. [HKEY_USERS\S-1-5-21-2008933920-3975109779-3429850926-1008\Software\Microsoft\SystemCertificates\AddressBook*]
  176. @Allowed: (Read) (RestrictedCode)
  177. @Allowed: (Read) (RestrictedCode)
  178. .
  179. --------------------- DLLs Loaded Under Running Processes ---------------------
  180.  
  181. - - - - - - - > 'winlogon.exe'(752)
  182. c:\windows\system32\WINSPOOL.DRV
  183. .
  184. Completion time: 2011-02-07 12:15:41
  185. ComboFix-quarantined-files.txt 2011-02-07 17:15
  186. ComboFix2.txt 2011-01-06 02:14
  187.  
  188. Pre-Run: 195,643,830,272 bytes free
  189. Post-Run: 195,670,708,224 bytes free
  190.  
  191. - - End Of File - - 0F0F32635A4397E72CDEFBD114ECF9AD
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!