API tools faq
paste
Guest User

cmbfx

a guest
Jun 26th, 2011
99
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.33 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 11-06-25.05 - Omega 6.06.2011. 13:14:54.1.4 - x64
  2. Microsoft Windows 7 Professional 6.1.7601.1.1250.385.1033.18.4091.2795 [GMT 2:00]
  3. Running from: c:\users\Omega\Desktop\ComboFix.exe
  4. AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
  5. FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
  6. SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
  7. SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  8. .
  9. .
  10. ((((((((((((((((((((((((( Files Created from 2011-05-26 to 2011-06-26 )))))))))))))))))))))))))))))))
  11. .
  12. .
  13. 2011-06-26 11:18 . 2011-06-26 11:18 -------- d-----w- c:\users\Default\AppData\Local\temp
  14. 2011-06-26 11:13 . 2011-06-26 11:14 -------- d-----w- C:\32788R22FWJFW
  15. 2011-06-25 19:50 . 2011-06-25 19:50 0 ----a-w- c:\windows\ativpsrm.bin
  16. 2011-06-25 19:49 . 2011-06-25 19:49 -------- d-----w- C:\_OTS
  17. 2011-06-25 15:17 . 2011-06-25 15:43 -------- d-----w- c:\programdata\TuneUp Software
  18. 2011-06-25 15:13 . 2011-06-25 15:13 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
  19. 2011-06-24 21:51 . 2011-06-24 21:51 -------- d-----w- c:\programdata\ATI
  20. 2011-06-24 21:49 . 2010-04-29 03:43 38528 ----a-w- c:\windows\system32\drivers\usbfilter.sys
  21. 2011-06-24 14:40 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
  22. 2011-06-24 14:40 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
  23. 2011-06-24 14:40 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
  24. 2011-06-24 14:40 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
  25. 2011-06-24 14:40 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
  26. 2011-06-24 14:40 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
  27. 2011-06-24 14:10 . 2011-06-25 10:26 -------- d-----w- c:\programdata\boost_interprocess
  28. 2011-06-24 13:49 . 2011-06-25 15:27 -------- d-----w- c:\program files (x86)\Microsoft.NET
  29. 2011-06-24 13:49 . 2011-06-24 13:49 -------- d-----w- c:\windows\PCHEALTH
  30. 2011-06-24 13:46 . 2011-06-24 13:46 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
  31. 2011-06-24 13:45 . 2011-06-24 13:45 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
  32. 2011-06-24 13:45 . 2011-06-24 15:18 -------- d-----w- c:\programdata\Microsoft Help
  33. 2011-06-24 13:45 . 2011-06-24 13:45 -------- d-----r- C:\MSOCache
  34. 2011-06-24 10:24 . 2011-06-24 10:24 -------- d-----w- c:\program files (x86)\HD Tune Pro
  35. 2011-06-24 10:21 . 2011-06-20 06:57 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CE41931E-0043-4899-A23C-7407CD64D743}\mpengine.dll
  36. 2011-06-24 10:18 . 2011-06-24 10:18 -------- d-----w- c:\program files\ESET
  37. 2011-06-24 10:14 . 2011-06-24 10:14 -------- d-----w- c:\programdata\OEM
  38. 2011-06-24 10:14 . 2011-06-24 10:14 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
  39. 2011-06-24 10:14 . 2011-06-24 10:14 -------- d-----w- c:\program files\Acer
  40. 2011-06-24 10:12 . 2011-06-24 10:12 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
  41. 2011-06-24 10:12 . 2011-06-24 10:12 -------- d-----w- c:\windows\SysWow64\Macromed
  42. 2011-06-24 10:08 . 2011-06-24 10:08 -------- d-----w- c:\program files (x86)\Launch Manager
  43. 2011-06-24 00:30 . 2011-06-24 21:49 -------- dc----w- c:\windows\system32\DRVSTORE
  44. 2011-06-24 00:28 . 2011-06-24 00:27 51200 ----a-w- c:\windows\system32\ATIODCLI.exe
  45. 2011-06-24 00:28 . 2011-06-24 00:27 332800 ----a-w- c:\windows\system32\ATIODE.exe
  46. 2011-06-24 00:28 . 2011-06-24 00:27 16440 ----a-w- c:\windows\system32\drivers\AtiPcie64.sys
  47. 2011-06-24 00:28 . 2011-06-24 00:27 118784 ----a-w- c:\windows\system32\atibtmon.exe
  48. 2011-06-24 00:28 . 2010-10-28 09:04 340480 ----a-w- c:\windows\system32\atiadlxx.dll
  49. 2011-06-24 00:17 . 2011-06-24 00:17 -------- d-----w- c:\program files (x86)\FinalWire
  50. 2011-06-23 23:57 . 2011-06-23 23:57 -------- d-----w- c:\windows\system32\appmgmt
  51. 2011-06-23 23:51 . 2011-06-23 23:51 -------- d-----w- c:\programdata\AMD
  52. 2011-06-23 23:51 . 2010-02-18 07:18 46136 ----a-w- c:\windows\system32\drivers\amdiox64.sys
  53. 2011-06-23 23:50 . 2011-06-23 23:50 -------- d-----w- C:\ATI
  54. 2011-06-23 23:49 . 2011-06-24 20:58 -------- d-----w- C:\AMD
  55. 2011-06-23 22:11 . 2011-06-23 12:20 -------- d-----w- c:\windows\Panther
  56. 2011-06-23 18:07 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
  57. 2011-06-23 18:07 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
  58. 2011-06-23 18:07 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
  59. 2011-06-23 18:07 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
  60. 2011-06-23 18:07 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
  61. 2011-06-23 18:07 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
  62. 2011-06-23 18:07 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
  63. 2011-06-23 18:07 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
  64. 2011-06-23 18:07 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
  65. 2011-06-23 18:07 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
  66. 2011-06-23 17:54 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
  67. 2011-06-23 17:54 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
  68. 2011-06-23 14:02 . 2011-06-23 14:02 -------- d-----r- c:\program files (x86)\Skype
  69. 2011-06-23 14:02 . 2011-06-25 19:46 -------- d-sh--w- c:\windows\Installer
  70. 2011-06-23 14:02 . 2011-06-23 14:02 -------- d-----w- c:\programdata\Skype
  71. 2011-06-23 12:26 . 2010-05-11 10:11 2229608 ----a-w- c:\windows\system32\drivers\athrx.sys
  72. 2011-06-23 12:20 . 2011-06-23 12:22 -------- d-----w- c:\users\Omega
  73. 2011-06-23 12:20 . 2011-06-23 12:20 -------- d-----w- C:\Recovery
  74. .
  75. .
  76. .
  77. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  78. .
  79. 2011-05-25 04:12 . 2011-05-25 04:12 676864 ----a-w- c:\windows\SysWow64\aticfx32.dll
  80. 2011-05-25 04:11 . 2011-05-25 04:11 795648 ----a-w- c:\windows\system32\aticfx64.dll
  81. 2011-05-25 04:05 . 2011-05-25 04:05 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
  82. 2011-05-25 03:18 . 2011-05-25 03:18 1222656 ----a-w- c:\windows\system32\atiumd6v.dll
  83. 2011-05-25 03:18 . 2011-05-25 03:18 1923584 ----a-w- c:\windows\SysWow64\atiumdmv.dll
  84. 2011-05-24 22:04 . 2011-05-24 22:04 61952 ----a-w- c:\windows\system32\OVDecode64.dll
  85. 2011-05-24 22:04 . 2011-05-24 22:04 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
  86. 2011-05-24 21:44 . 2011-05-24 21:44 53760 ----a-w- c:\windows\system32\OpenCL.dll
  87. 2011-05-24 21:44 . 2011-05-24 21:44 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
  88. 2011-05-24 21:44 . 2011-05-24 21:44 16672768 ----a-w- c:\windows\system32\amdocl64.dll
  89. 2011-05-24 21:43 . 2011-05-24 21:43 12798976 ----a-w- c:\windows\SysWow64\amdocl.dll
  90. 2011-05-24 17:14 . 2010-11-21 03:27 270720 ------w- c:\windows\system32\MpSigStub.exe
  91. .
  92. .
  93. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  94. .
  95. .
  96. *Note* empty entries & legit default entries are not shown
  97. REGEDIT4
  98. .
  99. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  100. "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
  101. "googletalk"="c:\users\Omega\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
  102. .
  103. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  104. "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
  105. "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-28 98304]
  106. .
  107. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  108. "ConsentPromptBehaviorAdmin"= 5 (0x5)
  109. "ConsentPromptBehaviorUser"= 3 (0x3)
  110. "EnableUIADesktopToggle"= 0 (0x0)
  111. .
  112. R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
  113. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
  114. R3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
  115. R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
  116. R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
  117. R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
  118. R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
  119. S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
  120. S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
  121. S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
  122. S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
  123. S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
  124. S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-01-12 810144]
  125. S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
  126. S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
  127. S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
  128. S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
  129. S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
  130. S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
  131. S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
  132. .
  133. .
  134. .
  135. --------- x86-64 -----------
  136. .
  137. .
  138. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  139. "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
  140. "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2918656]
  141. .
  142. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  143. "LoadAppInit_DLLs"=0x0
  144. .
  145. ------- Supplementary Scan -------
  146. .
  147. uLocal Page = c:\windows\system32\blank.htm
  148. mLocal Page = c:\windows\SysWOW64\blank.htm
  149. IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
  150. IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
  151. TCP: DhcpNameServer = 192.168.2.1
  152. FF - ProfilePath - c:\users\Omega\AppData\Roaming\Mozilla\Firefox\Profiles\7g0t4v0c.default\
  153. .
  154. .
  155. --------------------- LOCKED REGISTRY KEYS ---------------------
  156. .
  157. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Swearware\backup\winsock2\Parameters]
  158. @DACL=(02 0000)
  159. @SACL=
  160. "NameSpace_Callout"=expand:"%SystemRoot%\\System32\\fwpuclnt.dll"
  161. "WinSock_Registry_Version"="2.0"
  162. "AutodialDLL"="rasadhlp.dll"
  163. "Current_NameSpace_Catalog"="NameSpace_Catalog5"
  164. "Current_Protocol_Catalog"="Protocol_Catalog9"
  165. .
  166. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
  167. @Denied: (Full) (Everyone)
  168. .
  169. ------------------------ Other Running Processes ------------------------
  170. .
  171. c:\program files (x86)\Launch Manager\LMworker.exe
  172. .
  173. **************************************************************************
  174. .
  175. Completion time: 2011-06-26 13:25:00 - machine was rebooted
  176. ComboFix-quarantined-files.txt 2011-06-26 11:25
  177. .
  178. Pre-Run: 181.274.132.480 bytes free
  179. Post-Run: 180.873.199.616 bytes free
  180. .
  181. - - End Of File - - 4260B6C0552A5EE5DF43BF03D83EC8C7
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!