API tools faq
paste
Advertisement
Guest User

Combofix output 2

a guest
Apr 6th, 2013
195
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.50 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 13-04-06.01 - Dave 04/06/2013 8:23.2.2 - x86
  2. Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2771 [GMT -7:00]
  3. Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
  4. Command switches used :: c:\documents and settings\Dave\Desktop\CFScript.txt
  5. AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
  6. .
  7. FILE ::
  8. "c:\windows\system32\XDva021.sys"
  9. .
  10. .
  11. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  12. .
  13. .
  14. .
  15. ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
  16. .
  17. .
  18. -------\Legacy_XDVA021
  19. -------\Service_XDva021
  20. .
  21. .
  22. ((((((((((((((((((((((((( Files Created from 2013-03-06 to 2013-04-06 )))))))))))))))))))))))))))))))
  23. .
  24. .
  25. 2013-03-29 05:13 . 2013-03-29 05:12 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
  26. 2013-03-26 14:24 . 2013-03-26 14:24 -------- d-----w- c:\program files\ESET
  27. 2013-03-26 06:53 . 2013-03-26 06:53 -------- d-----w- c:\documents and settings\Dave\Application Data\Avira
  28. 2013-03-26 06:05 . 2013-03-26 06:05 -------- d-----w- c:\program files\RealNetworks
  29. 2013-03-26 06:05 . 2013-03-26 06:05 -------- d-----w- c:\documents and settings\All Users\Application Data\RealNetworks
  30. 2013-03-26 06:05 . 2013-03-26 06:05 -------- d-----w- c:\program files\Common Files\xing shared
  31. 2013-03-25 16:11 . 2013-03-29 04:18 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
  32. 2013-03-25 16:11 . 2013-03-29 04:18 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
  33. 2013-03-25 16:11 . 2013-03-29 04:18 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
  34. 2013-03-25 16:11 . 2013-03-25 16:11 -------- d-----w- c:\program files\Avira
  35. 2013-03-25 16:11 . 2013-03-25 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
  36. 2013-03-22 14:28 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
  37. 2013-03-22 14:28 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys
  38. 2013-03-14 16:13 . 2013-03-14 16:13 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
  39. 2013-03-13 15:14 . 2013-04-05 05:07 -------- d-----w- c:\program files\Mozilla Thunderbird
  40. .
  41. .
  42. .
  43. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  44. .
  45. 2013-03-29 05:12 . 2007-05-17 07:25 143872 ----a-w- c:\windows\system32\javacpl.cpl
  46. 2013-03-29 05:12 . 2012-06-22 14:47 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
  47. 2013-03-29 05:12 . 2010-05-06 04:12 782240 ----a-w- c:\windows\system32\deployJava1.dll
  48. 2013-03-26 06:05 . 2007-05-17 07:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
  49. 2013-03-26 06:05 . 2007-05-17 07:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
  50. 2013-03-13 15:48 . 2012-04-02 00:30 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
  51. 2013-03-13 15:48 . 2011-05-19 14:08 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
  52. 2013-02-12 00:32 . 2008-09-17 22:43 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
  53. 2013-02-12 00:32 . 2004-08-04 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
  54. 2013-02-05 20:05 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
  55. 2013-02-05 20:05 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
  56. 2013-02-05 20:05 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
  57. 2013-02-05 05:53 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
  58. 2013-01-26 03:55 . 2004-08-04 12:00 552448 ------w- c:\windows\system32\oleaut32.dll
  59. 2013-01-07 01:19 . 2004-08-04 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
  60. 2013-01-07 00:37 . 2004-08-03 22:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
  61. 2008-02-04 18:00 . 2013-03-13 15:41 44360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
  62. 2008-02-04 18:00 . 2013-03-13 15:41 107936 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
  63. 2013-03-13 15:41 . 2013-03-13 15:41 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
  64. .
  65. .
  66. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  67. .
  68. .
  69. *Note* empty entries & legit default entries are not shown
  70. REGEDIT4
  71. .
  72. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
  73. "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn5\yt.dll" [2013-04-01 1500440]
  74. .
  75. [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
  76. [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
  77. [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
  78. [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
  79. .
  80. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  81. "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-02-17 5244216]
  82. "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
  83. .
  84. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  85. "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-10-05 868352]
  86. "AsusStartupHelp"="c:\program files\ASUS\AASP\1.00.16\AsRunHelp.exe" [2006-11-14 363008]
  87. "Launch Ai Booster"="c:\program files\ASUS\AI Booster\OverClk.exe" [2006-11-29 3714048]
  88. "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-09 57344]
  89. "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
  90. "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-09 47904]
  91. "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
  92. "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
  93. "Media Codec Update Service"="c:\program files\Essentials Codec Pack\WECPUpdate.exe" [2009-01-25 196608]
  94. "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
  95. "NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
  96. "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
  97. "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
  98. "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
  99. "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
  100. "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-29 345312]
  101. "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-03-26 295512]
  102. "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
  103. .
  104. [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  105. "RunNarrator"="Narrator.exe" [2008-04-14 53760]
  106. .
  107. c:\documents and settings\Dave\Start Menu\Programs\Startup\
  108. Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-9-9 113664]
  109. Epson all-in-one Registration.lnk - d:\common\EpsonReg\EpsonReg.exe [N/A]
  110. .
  111. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  112. "%windir%\\system32\\sessmgr.exe"=
  113. "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
  114. "c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander\\bin\\SupremeCommander.exe"=
  115. "c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
  116. "c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
  117. "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
  118. "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
  119. "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
  120. "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  121. "c:\\utils\\putty\\putty.exe"=
  122. "c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
  123. "c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
  124. "c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
  125. "c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=
  126. "c:\\Program Files\\EpsonNet\\EpsonNet Setup\\tool09\\ENEasyApp.exe"=
  127. "c:\\WINDOWS\\system32\\dpvsetup.exe"=
  128. "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
  129. "c:\\Program Files\\StarCraft II\\StarCraft II.exe"=
  130. "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
  131. "c:\\Program Files\\StarCraft II\\Versions\\Base18574\\SC2.exe"=
  132. "c:\\Program Files\\StarCraft II\\Versions\\Base19132\\SC2.exe"=
  133. "c:\\Program Files\\Steam\\SteamApps\\common\\portal 2\\portal2.exe"=
  134. "c:\\Program Files\\StarCraft II\\Versions\\Base19679\\SC2.exe"=
  135. "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
  136. "c:\\Program Files\\Steam\\SteamApps\\common\\FTL Faster Than Light\\FTLGame.exe"=
  137. "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
  138. "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
  139. "c:\\Program Files\\iTunes\\iTunes.exe"=
  140. .
  141. R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [3/25/2013 9:11 AM 37352]
  142. R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/25/2013 9:11 AM 86752]
  143. R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [3/6/2013 2:21 AM 39056]
  144. S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/17/2007 8:46 AM 47360]
  145. .
  146. Contents of the 'Scheduled Tasks' folder
  147. .
  148. 2013-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
  149. - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 15:48]
  150. .
  151. 2013-01-02 c:\windows\Tasks\AppleSoftwareUpdate.job
  152. - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 01:57]
  153. .
  154. 2013-04-06 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-436374069-1364589140-839522115-1003.job
  155. - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 18:36]
  156. .
  157. 2013-04-06 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-436374069-1364589140-839522115-1003.job
  158. - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 18:36]
  159. .
  160. 2013-04-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
  161. - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 18:36]
  162. .
  163. 2013-04-06 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-436374069-1364589140-839522115-1003.job
  164. - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 18:36]
  165. .
  166. 2013-03-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
  167. - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 18:36]
  168. .
  169. 2013-04-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-436374069-1364589140-839522115-1003.job
  170. - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 18:36]
  171. .
  172. .
  173. ------- Supplementary Scan -------
  174. .
  175. uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
  176. uStart Page = hxxp://www.bing.com/?pc=Z045&form=ZGAPHP
  177. mStart Page = hxxp://www.yahoo.com/
  178. mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
  179. uInternet Settings,ProxyOverride = *.local
  180. uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
  181. LSP: %SYSTEMROOT%\system32\nvappfilter.dll
  182. TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
  183. FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\4qnniv0d.default\
  184. FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
  185. FF - prefs.js: browser.search.selectedEngine - Yahoo
  186. FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
  187. FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z045&form=ZGAADF&q=
  188. FF - ExtSQL: 2013-03-25 23:05; {DAC3F861-B30D-40dd-9166-F4E75327FAC7}; c:\documents and settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
  189. FF - ExtSQL: !HIDDEN! 2009-09-03 00:07; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
  190. FF - user.js: yahoo.homepage.dontask - true
  191. .
  192. .
  193. **************************************************************************
  194. .
  195. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  196. Rootkit scan 2013-04-06 08:35
  197. Windows 5.1.2600 Service Pack 3 NTFS
  198. .
  199. scanning hidden processes ...
  200. .
  201. scanning hidden autostart entries ...
  202. .
  203. scanning hidden files ...
  204. .
  205. scan completed successfully
  206. hidden files: 0
  207. .
  208. **************************************************************************
  209. .
  210. --------------------- LOCKED REGISTRY KEYS ---------------------
  211. .
  212. [HKEY_USERS\S-1-5-21-436374069-1364589140-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  213. "??"=hex:47,9d,bf,66,68,8f,3a,54,36,3f,c9,6d,64,c9,8f,43,e4,b6,3a,1e,04,e9,d9,
  214. a2,14,83,17,d3,fc,41,e5,a4,fa,f6,34,1f,20,23,3e,3e,c4,98,99,6a,33,ed,fe,20,\
  215. "??"=hex:a4,cc,29,03,52,bb,af,b9,97,f7,1a,59,54,2d,74,96
  216. .
  217. --------------------- DLLs Loaded Under Running Processes ---------------------
  218. .
  219. - - - - - - - > 'explorer.exe'(1344)
  220. c:\windows\system32\WININET.dll
  221. c:\windows\system32\ieframe.dll
  222. c:\windows\system32\webcheck.dll
  223. c:\windows\system32\WPDShServiceObj.dll
  224. c:\program files\WinSCP3\DragExt.dll
  225. c:\windows\system32\PortableDeviceTypes.dll
  226. c:\windows\system32\PortableDeviceApi.dll
  227. .
  228. ------------------------ Other Running Processes ------------------------
  229. .
  230. c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
  231. c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
  232. c:\program files\Avira\AntiVir Desktop\avguard.exe
  233. c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  234. c:\windows\system32\bgsvcgen.exe
  235. c:\program files\Bonjour\mDNSResponder.exe
  236. c:\program files\Java\jre7\bin\jqs.exe
  237. c:\program files\Common Files\LightScribe\LSSrvc.exe
  238. c:\windows\system32\nvsvc32.exe
  239. c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
  240. c:\windows\System32\StkASv2K.exe
  241. c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
  242. c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
  243. c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
  244. c:\program files\Avira\AntiVir Desktop\avshadow.exe
  245. c:\windows\system32\RunDLL32.exe
  246. c:\program files\iPod\bin\iPodService.exe
  247. c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
  248. .
  249. **************************************************************************
  250. .
  251. Completion time: 2013-04-06 08:40:21 - machine was rebooted
  252. ComboFix-quarantined-files.txt 2013-04-06 15:40
  253. ComboFix2.txt 2013-04-02 03:16
  254. .
  255. Pre-Run: 254,465,994,752 bytes free
  256. Post-Run: 254,337,662,976 bytes free
  257. .
  258. - - End Of File - - 60588FE6C801D0595C90A1AC02F025F4
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!