API tools faq
paste
Advertisement
Guest User

ComboFix-MSE

a guest
Jun 17th, 2011
253
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.12 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 11-06-17.02 - Admin 17/06/2011 19:53:02.1.1 - x86
  2. Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.948 [GMT 1:00]
  3. Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
  4. .
  5. .
  6. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  7. .
  8. .
  9. c:\documents and settings\Admin\Application Data\inlog
  10. c:\documents and settings\Admin\Local Settings\Application Data\{D5C3971B-9E81-4074-B74B-E4A346395303}
  11. c:\documents and settings\Admin\Local Settings\Application Data\{D5C3971B-9E81-4074-B74B-E4A346395303}\chrome.manifest
  12. c:\documents and settings\Admin\Local Settings\Application Data\{D5C3971B-9E81-4074-B74B-E4A346395303}\chrome\content\_cfg.js
  13. c:\documents and settings\Admin\Local Settings\Application Data\{D5C3971B-9E81-4074-B74B-E4A346395303}\chrome\content\overlay.xul
  14. c:\documents and settings\Admin\Local Settings\Application Data\{D5C3971B-9E81-4074-B74B-E4A346395303}\install.rdf
  15. c:\windows\system32\install.exe
  16. .
  17. .
  18. ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
  19. .
  20. .
  21. -------\Legacy_INPUT_MANAGER
  22. -------\Legacy_LOCAL_ACCOUNT_AUTHORITY_SERVICE
  23. -------\Legacy_MOUSEDRIVER
  24. -------\Legacy_PLUG_MANAGER
  25. .
  26. .
  27. ((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
  28. .
  29. .
  30. 2011-06-17 18:36 . 2011-06-17 18:36 -------- d-----w- c:\program files\Hitman Pro 3.5
  31. 2011-06-17 18:21 . 2011-06-17 18:41 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
  32. 2011-06-17 18:21 . 2011-06-17 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
  33. 2011-06-17 17:16 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
  34. 2011-06-17 17:16 . 2011-06-17 17:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
  35. 2011-06-17 17:16 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
  36. 2011-06-17 14:46 . 2011-06-17 14:46 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\AVG Security Toolbar
  37. 2011-06-17 14:05 . 2011-06-17 14:05 -------- d-----w- c:\documents and settings\Admin\Application Data\AVG10
  38. 2011-06-17 14:05 . 2011-06-17 14:05 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
  39. 2011-06-17 14:03 . 2011-06-17 17:50 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
  40. 2011-06-17 14:03 . 2011-06-17 14:03 -------- d-----w- c:\program files\AVG
  41. 2011-06-17 14:02 . 2011-06-17 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
  42. 2011-06-16 21:15 . 2011-06-17 08:26 -------- d-----w- C:\Downloads
  43. 2011-06-16 21:07 . 2011-06-16 21:07 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Mozilla
  44. 2011-06-16 20:27 . 2011-06-16 20:27 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
  45. 2011-06-16 20:27 . 2011-06-16 20:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
  46. 2011-06-15 22:44 . 2011-06-15 22:44 -------- d-----w- c:\documents and settings\Administrator
  47. 2011-06-10 22:32 . 2011-06-15 22:26 0 ----a-w- c:\windows\Hgoqoxubace.bin
  48. 2011-06-10 22:31 . 2011-06-10 22:31 144 ----a-w- c:\documents and settings\Admin\Application Data\phvoisznn.bat
  49. 2011-06-10 22:30 . 2011-06-10 22:30 166400 --sha-r- c:\windows\system32\normidna8.dll
  50. 2011-06-10 22:30 . 2011-06-10 22:30 166400 --sha-r- c:\windows\system32\atkctrs0.dll
  51. 2011-06-10 12:01 . 2011-06-10 12:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
  52. 2011-05-20 20:16 . 2011-05-20 20:16 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
  53. .
  54. .
  55. .
  56. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  57. .
  58. 2011-05-16 12:57 . 2010-12-11 09:58 499712 ----a-w- c:\windows\system32\msvcp71.dll
  59. 2011-05-16 12:57 . 2010-12-11 09:58 348160 ----a-w- c:\windows\system32\msvcr71.dll
  60. 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
  61. 2011-04-14 16:26 . 2011-06-16 21:06 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
  62. .
  63. .
  64. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  65. .
  66. .
  67. *Note* empty entries & legit default entries are not shown
  68. REGEDIT4
  69. .
  70. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  71. "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
  72. "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
  73. "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
  74. "HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2011-06-17 6470464]
  75. .
  76. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  77. "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
  78. "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
  79. .
  80. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
  81. 2010-11-10 12:49 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
  82. .
  83. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
  84. 2010-11-10 12:49 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
  85. .
  86. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
  87. 2010-12-09 00:07 69632 ----a-w- c:\windows\Alcmtr.exe
  88. .
  89. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
  90. 2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
  91. .
  92. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus D92 Series]
  93. 2006-09-27 04:00 139264 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIBZE.EXE
  94. .
  95. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
  96. 2008-04-14 05:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
  97. .
  98. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
  99. 2010-07-09 16:24 13923432 ----a-w- c:\windows\system32\nvcpl.dll
  100. .
  101. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
  102. 2010-07-09 16:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
  103. .
  104. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
  105. 2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
  106. .
  107. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
  108. 2010-12-09 00:07 16208384 ----a-w- c:\windows\RTHDCPL.exe
  109. .
  110. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
  111. 2010-12-09 00:07 2879488 ----a-w- c:\windows\SkyTel.exe
  112. .
  113. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
  114. 2011-05-16 12:57 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
  115. .
  116. [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
  117. "WMPNetworkSvc"=3 (0x3)
  118. "Plug Manager"=2 (0x2)
  119. "ose"=3 (0x3)
  120. "MyWebSearchService"=2 (0x2)
  121. "MouseDriver"=2 (0x2)
  122. "Local Account Authority Service"=2 (0x2)
  123. "JavaQuickStarterService"=2 (0x2)
  124. "Input Manager"=2 (0x2)
  125. "idsvc"=3 (0x3)
  126. "IDriverT"=3 (0x3)
  127. "gusvc"=3 (0x3)
  128. "gupdatem"=3 (0x3)
  129. "gupdate"=2 (0x2)
  130. .
  131. [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  132. "AntiVirusOverride"=dword:00000001
  133. "FirewallOverride"=dword:00000001
  134. .
  135. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  136. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  137. "%windir%\\system32\\sessmgr.exe"=
  138. .
  139. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  140. "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
  141. .
  142. S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 14:16 130384]
  143. S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14/04/2008 13:00 14336]
  144. S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 14:16 753504]
  145. S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/03/2011 13:48 136176]
  146. S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [22/03/2011 13:48 136176]
  147. .
  148. --- Other Services/Drivers In Memory ---
  149. .
  150. *NewlyCreated* - WUAUSERV
  151. .
  152. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  153. WINRM REG_MULTI_SZ WINRM
  154. .
  155. Contents of the 'Scheduled Tasks' folder
  156. .
  157. 2011-06-10 c:\windows\Tasks\AppleSoftwareUpdate.job
  158. - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
  159. .
  160. 2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  161. - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 12:48]
  162. .
  163. 2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  164. - c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 12:48]
  165. .
  166. 2011-06-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-448539723-1801674531-1004.job
  167. - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
  168. .
  169. 2011-06-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-448539723-1801674531-1004.job
  170. - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 09:47]
  171. .
  172. .
  173. ------- Supplementary Scan -------
  174. .
  175. uStart Page = hxxp://www.google.co.uk/
  176. IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
  177. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  178. IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
  179. TCP: DhcpNameServer = 192.168.0.97
  180. TCP: Interfaces\{12AD199B-99ED-4750-A343-5018CFF9EE0B}: NameServer = 8.8.8.8,8.8.4.4
  181. FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\qzokx1at.default\
  182. FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
  183. FF - prefs.js: network.proxy.type - 0
  184. .
  185. - - - - ORPHANS REMOVED - - - -
  186. .
  187. Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
  188. WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
  189. MSConfigStartUp-conhost - c:\documents and settings\Admin\Application Data\Microsoft\conhost.exe
  190. MSConfigStartUp-Gsinigowe - c:\windows\ezebeqixiwu.dll
  191. MSConfigStartUp-Input Manager - c:\documents and settings\Admin\Application Data\conima.exe
  192. MSConfigStartUp-Local Account Service - c:\documents and settings\Admin\Application Data\lssas.exe
  193. MSConfigStartUp-MSC - c:\program files\Microsoft Security Client\msseces.exe
  194. MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
  195. MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
  196. MSConfigStartUp-NtWqIVLZEWZU - c:\docume~1\Admin\LOCALS~1\Temp\Vlq.exe
  197. MSConfigStartUp-p2ie470 - c:\documents and settings\Admin\Application Data\kx0378r.exe
  198. MSConfigStartUp-Plug Manager - c:\documents and settings\Admin\Application Data\manager.exe
  199. MSConfigStartUp-QK9G0Z54EX - c:\windows\Vmalya.exe
  200. MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
  201. MSConfigStartUp-Tmijogiseyi - c:\windows\jtmthusu.dll
  202. MSConfigStartUp-YDZ1QVAGOJ - c:\docume~1\Admin\LOCALS~1\Temp\Vll.exe
  203. .
  204. .
  205. .
  206. **************************************************************************
  207. .
  208. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  209. Rootkit scan 2011-06-17 19:58
  210. Windows 5.1.2600 Service Pack 3 NTFS
  211. .
  212. scanning hidden processes ...
  213. .
  214. scanning hidden autostart entries ...
  215. .
  216. scanning hidden files ...
  217. .
  218. scan completed successfully
  219. hidden files: 0
  220. .
  221. **************************************************************************
  222. .
  223. --------------------- DLLs Loaded Under Running Processes ---------------------
  224. .
  225. - - - - - - - > 'explorer.exe'(3716)
  226. c:\windows\system32\WININET.dll
  227. c:\windows\system32\ieframe.dll
  228. c:\windows\system32\webcheck.dll
  229. c:\windows\system32\WPDShServiceObj.dll
  230. c:\windows\system32\PortableDeviceTypes.dll
  231. c:\windows\system32\PortableDeviceApi.dll
  232. .
  233. ------------------------ Other Running Processes ------------------------
  234. .
  235. c:\windows\system32\nvsvc32.exe
  236. c:\windows\system32\rundll32.exe
  237. c:\windows\system32\rundll32.exe
  238. c:\windows\system32\rundll32.exe
  239. .
  240. **************************************************************************
  241. .
  242. Completion time: 2011-06-17 20:01:07 - machine was rebooted
  243. ComboFix-quarantined-files.txt 2011-06-17 19:01
  244. .
  245. Pre-Run: 23,217,901,568 bytes free
  246. Post-Run: 23,123,918,848 bytes free
  247. .
  248. WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
  249. [boot loader]
  250. timeout=2
  251. default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
  252. [operating systems]
  253. c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  254. UnsupportedDebug="do not select this" /debug
  255. multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
  256. .
  257. - - End Of File - - DCC3D0C8BAFE7029C99D2BB7B16D9D06
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!