API tools faq
paste
Ressy

sarmonic/combofix

Ressy
Feb 9th, 2011
105
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 13.71 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 11-02-09.03 - Joe 02/09/2011 22:53:30.1.2 - x64
  2. Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4095.1317 [GMT -6:00]
  3. Running from: c:\users\Joe\Downloads\ComboFix.exe
  4. AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
  5. SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
  6. SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  7. .
  8.  
  9. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  10. .
  11.  
  12. C:\install.exe
  13. c:\users\Joe\AppData\Roaming\inst.exe
  14.  
  15. .
  16. ((((((((((((((((((((((((( Files Created from 2011-01-10 to 2011-02-10 )))))))))))))))))))))))))))))))
  17. .
  18.  
  19. 2011-02-10 04:58 . 2011-02-10 04:58 -------- d-----w- c:\users\Default\AppData\Local\temp
  20. 2011-02-09 23:48 . 2011-01-13 08:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
  21. 2011-02-09 23:48 . 2011-01-13 08:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F0217F66-D8A3-473B-ABE7-A884A70E92BF}\mpengine.dll
  22. 2011-02-09 23:47 . 2011-02-09 23:47 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B5E24FA4-9EAE-41B5-998E-7D1AC36B5C78}\gapaengine.dll
  23. 2011-02-09 23:44 . 2011-02-09 23:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client
  24. 2011-02-09 23:44 . 2011-02-09 23:44 -------- d-----w- c:\program files\Microsoft Security Client
  25. 2011-02-09 23:43 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
  26. 2011-02-08 23:37 . 2010-12-18 06:11 714752 ----a-w- c:\windows\system32\kerberos.dll
  27. 2011-02-08 23:35 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FFE9CC82-AD53-4889-883F-D9F886A45CDE}\mpengine.dll
  28. 2011-02-01 01:35 . 2011-02-01 01:35 -------- d-----w- c:\program files (x86)\Microsoft XNA
  29. 2011-01-21 04:17 . 2011-01-21 04:17 -------- d-----w- c:\program files (x86)\oZone3D
  30. 2011-01-12 00:22 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
  31. 2011-01-12 00:22 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
  32. 2011-01-12 00:22 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
  33. 2011-01-12 00:22 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
  34. 2011-01-12 00:22 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
  35. 2011-01-12 00:22 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
  36. 2011-01-12 00:22 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
  37. 2011-01-12 00:22 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
  38. 2011-01-12 00:22 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
  39. 2011-01-12 00:22 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
  40.  
  41. .
  42. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  43. .
  44. 2011-01-07 05:45 . 2011-01-07 05:37 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
  45. 2011-01-07 05:45 . 2011-01-07 05:37 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
  46. 2011-01-07 05:37 . 2011-01-07 05:37 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
  47. 2011-01-07 05:37 . 2011-01-07 05:37 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
  48. 2010-12-31 00:27 . 2010-12-23 01:21 466520 ----a-w- c:\windows\system32\wrap_oal.dll
  49. 2010-12-31 00:27 . 2010-12-23 01:21 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
  50. 2010-12-31 00:27 . 2010-12-23 01:21 122968 ----a-w- c:\windows\system32\OpenAL32.dll
  51. 2010-12-31 00:27 . 2010-12-23 01:21 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
  52. 2010-12-30 23:59 . 2010-12-30 23:59 428416 ----a-w- c:\windows\SysWow64\RzMwApi.dll
  53. 2010-12-30 21:50 . 2010-12-30 21:48 41984 ----a-w- c:\windows\system32\~WebUpdateHelper.exe
  54. 2010-12-16 15:23 . 2010-12-16 15:23 126464 ----a-w- c:\windows\system32\drivers\RzSynapse.sys
  55. 2010-11-26 04:20 . 2010-11-26 04:20 8120320 ----a-w- c:\windows\system32\drivers\atikmdag.sys
  56. 2010-11-26 03:19 . 2010-11-26 03:19 21610496 ----a-w- c:\windows\system32\atio6axx.dll
  57. 2010-11-26 03:02 . 2010-11-26 03:02 16702976 ----a-w- c:\windows\SysWow64\atioglxx.dll
  58. 2010-11-26 02:58 . 2010-11-26 02:58 143360 ----a-w- c:\windows\system32\atiapfxx.exe
  59. 2010-11-26 02:58 . 2010-11-26 02:58 550400 ----a-w- c:\windows\SysWow64\aticfx32.dll
  60. 2010-11-26 02:57 . 2010-11-26 02:57 648704 ----a-w- c:\windows\system32\aticfx64.dll
  61. 2010-11-26 02:54 . 2010-11-26 02:54 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
  62. 2010-11-26 02:54 . 2010-11-26 02:54 478720 ----a-w- c:\windows\system32\atieclxx.exe
  63. 2010-11-26 02:54 . 2010-11-26 02:54 203776 ----a-w- c:\windows\system32\atiesrxx.exe
  64. 2010-11-26 02:53 . 2010-11-26 02:53 120320 ----a-w- c:\windows\system32\atitmm64.dll
  65. 2010-11-26 02:52 . 2010-11-26 02:52 423424 ----a-w- c:\windows\system32\atipdl64.dll
  66. 2010-11-26 02:52 . 2010-11-26 02:52 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
  67. 2010-11-26 02:52 . 2010-11-26 02:52 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
  68. 2010-11-26 02:52 . 2010-11-26 02:52 16384 ----a-w- c:\windows\system32\atimuixx.dll
  69. 2010-11-26 02:52 . 2010-11-26 02:52 59392 ----a-w- c:\windows\system32\atiedu64.dll
  70. 2010-11-26 02:52 . 2010-11-26 02:52 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
  71. 2010-11-26 02:49 . 2010-11-26 02:49 4066816 ----a-w- c:\windows\SysWow64\atidxx32.dll
  72. 2010-11-26 02:40 . 2010-11-26 02:40 4794368 ----a-w- c:\windows\system32\atidxx64.dll
  73. 2010-11-26 02:30 . 2010-11-26 02:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
  74. 2010-11-26 02:30 . 2010-11-26 02:30 4122624 ----a-w- c:\windows\SysWow64\atiumdag.dll
  75. 2010-11-26 02:30 . 2010-11-26 02:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
  76. 2010-11-26 02:30 . 2010-11-26 02:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
  77. 2010-11-26 02:30 . 2010-11-26 02:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
  78. 2010-11-26 02:29 . 2010-11-26 02:29 6815232 ----a-w- c:\windows\system32\aticaldd64.dll
  79. 2010-11-26 02:29 . 2010-11-26 02:29 3217408 ----a-w- c:\windows\system32\atiumd6a.dll
  80. 2010-11-26 02:28 . 2010-11-26 02:28 5441024 ----a-w- c:\windows\SysWow64\aticaldd.dll
  81. 2010-11-26 02:24 . 2010-11-26 02:24 58880 ----a-w- c:\windows\system32\coinst.dll
  82. 2010-11-26 02:24 . 2010-11-26 02:24 5258240 ----a-w- c:\windows\system32\atiumd64.dll
  83. 2010-11-26 02:22 . 2010-11-26 02:22 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
  84. 2010-11-26 02:17 . 2010-11-26 02:17 351232 ----a-w- c:\windows\system32\atiadlxx.dll
  85. 2010-11-26 02:17 . 2010-11-26 02:17 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
  86. 2010-11-26 02:17 . 2010-11-26 02:17 14848 ----a-w- c:\windows\system32\atig6pxx.dll
  87. 2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
  88. 2010-11-26 02:17 . 2010-11-26 02:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
  89. 2010-11-26 02:17 . 2010-11-26 02:17 31744 ----a-w- c:\windows\system32\atig6txx.dll
  90. 2010-11-26 02:16 . 2010-11-26 02:16 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
  91. 2010-11-26 02:16 . 2010-11-26 02:16 289792 ----a-w- c:\windows\system32\drivers\atikmpag.sys
  92. 2010-11-26 02:16 . 2010-11-26 02:16 39936 ----a-w- c:\windows\system32\atiuxp64.dll
  93. 2010-11-26 02:15 . 2010-11-26 02:15 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
  94. 2010-11-26 02:15 . 2010-11-26 02:15 37888 ----a-w- c:\windows\system32\atiu9p64.dll
  95. 2010-11-26 02:15 . 2010-11-26 02:15 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
  96. 2010-11-26 02:15 . 2010-11-26 02:15 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
  97. 2010-11-26 02:09 . 2010-11-26 02:09 53760 ----a-w- c:\windows\system32\atimpc64.dll
  98. 2010-11-26 02:09 . 2010-11-26 02:09 53760 ----a-w- c:\windows\system32\amdpcom64.dll
  99. 2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
  100. 2010-11-26 02:09 . 2010-11-26 02:09 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
  101. 2010-11-18 03:38 . 2009-08-18 18:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
  102. 2010-11-18 03:38 . 2009-08-18 17:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
  103. 2010-11-17 12:04 . 2010-11-17 12:04 115216 ----a-w- c:\windows\system32\drivers\AtihdW76.sys
  104. 2010-11-13 00:53 . 2010-09-19 06:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
  105. .
  106.  
  107. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  108. .
  109. .
  110. *Note* empty entries & legit default entries are not shown
  111. REGEDIT4
  112.  
  113. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  114. "Google Update"="c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-11-21 136176]
  115.  
  116. [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  117. "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-19 421888]
  118. "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-07-21 141608]
  119. "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
  120. "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
  121. "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
  122. "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-26 98304]
  123. "Razer Naga Driver"="c:\program files (x86)\Razer\Naga Epic\NagaEpicSysTray.exe" [2010-12-30 957840]
  124.  
  125. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  126. "ConsentPromptBehaviorAdmin"= 5 (0x5)
  127. "ConsentPromptBehaviorUser"= 3 (0x3)
  128. "EnableUIADesktopToggle"= 0 (0x0)
  129.  
  130. [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
  131. Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
  132.  
  133. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
  134. @="Service"
  135.  
  136. R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
  137. R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
  138. R3 atillk64;atillk64;c:\users\Joe\Desktop\winflash\atillk64.sys [x]
  139. R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 12672]
  140. R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2010-07-11 19952]
  141. R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
  142. R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-06 1255736]
  143. S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776]
  144. S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480]
  145. S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320]
  146. S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792]
  147. S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
  148. S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 40832]
  149. S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 72064]
  150. S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
  151. S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2010-12-16 126464]
  152.  
  153. .
  154. Contents of the 'Scheduled Tasks' folder
  155.  
  156. 2011-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-560932278-2290011197-830165931-1001Core.job
  157. - c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-21 05:59]
  158.  
  159. 2011-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-560932278-2290011197-830165931-1001UA.job
  160. - c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-21 05:59]
  161. .
  162.  
  163. --------- x86-64 -----------
  164.  
  165.  
  166. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  167. "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
  168.  
  169. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  170. "LoadAppInit_DLLs"=0x0
  171. .
  172. ------- Supplementary Scan -------
  173. .
  174. uLocal Page = c:\windows\system32\blank.htm
  175. mLocal Page = c:\windows\SysWOW64\blank.htm
  176. uInternet Settings,ProxyOverride = *.local
  177. TCP: {45078DEC-B30F-4C7F-A8ED-E35D66F90B48} = 208.180.83.133,208.180.42.68
  178. .
  179. - - - - ORPHANS REMOVED - - - -
  180.  
  181. AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
  182.  
  183.  
  184. .
  185. --------------------- LOCKED REGISTRY KEYS ---------------------
  186.  
  187. [HKEY_USERS\S-1-5-21-560932278-2290011197-830165931-1001\Software\SecuROM\License information*]
  188. "datasecu"=hex:44,18,99,e5,f5,8d,48,d2,ee,e6,96,0d,8b,ae,a3,55,c9,6d,4b,a0,53,
  189. 7e,f2,81,8e,31,02,17,ed,c0,c0,ad,42,69,d5,76,cc,ea,95,3b,d3,74,65,99,2d,c5,\
  190. "rkeysecu"=hex:93,dd,bc,dc,75,2e,28,b7,c5,da,89,a6,04,35,74,37
  191.  
  192. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  193. @Denied: (Full) (Everyone)
  194. .
  195. ------------------------ Other Running Processes ------------------------
  196. .
  197. c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
  198. c:\program files (x86)\Bonjour\mDNSResponder.exe
  199. c:\windows\SysWOW64\PnkBstrA.exe
  200. .
  201. **************************************************************************
  202. .
  203. Completion time: 2011-02-09 23:03:56 - machine was rebooted
  204. ComboFix-quarantined-files.txt 2011-02-10 05:03
  205.  
  206. Pre-Run: 29,713,182,720 bytes free
  207. Post-Run: 29,639,577,600 bytes free
  208.  
  209. - - End Of File - - F939FECB38C61649111CDBBDFA3E655E
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!