API tools faq
paste
Advertisement
Guest User

ComboFix Log

a guest
Nov 15th, 2010
295
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.82 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 10-11-14.04 - Uzair 15/11/2010 14:58:02.2.2 - x86
  2. Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2010.1123 [GMT 0:00]
  3. Running from: c:\users\Uzair\Desktop\ComboFix.exe
  4. Command switches used :: c:\users\Uzair\Desktop\CFScript.txt
  5. * Created a new restore point
  6.  
  7. FILE ::
  8. "c:\windows\Brerea.exe"
  9. .
  10.  
  11. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
  12. .
  13.  
  14. c:\windows\Brerea.exe
  15.  
  16. .
  17. ((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
  18. .
  19.  
  20. 2010-11-15 15:12 . 2010-11-15 15:12 -------- d-----w- c:\users\Default\AppData\Local\temp
  21. 2010-11-15 13:06 . 2010-11-15 14:25 -------- d-----w- c:\users\Uzair\AppData\Roaming\DivX
  22. 2010-11-13 23:34 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
  23. 2010-11-13 23:34 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
  24. 2010-11-13 22:18 . 2010-11-13 22:18 -------- d-----w- c:\program files\Veetle
  25. 2010-11-11 17:26 . 2010-11-11 17:26 -------- d-----w- c:\windows\Sun
  26. 2010-11-11 16:17 . 2010-11-11 16:17 105984 --sha-r- c:\windows\system32\msvbvm60O.dll
  27. 2010-11-10 15:38 . 2010-11-10 15:38 180224 ----a-w- c:\windows\system32\WinVd32.sys
  28. 2010-11-10 15:37 . 2010-11-10 15:37 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
  29. 2010-11-10 15:37 . 2010-11-10 15:38 -------- d-----w- c:\program files\Folder Lock 6
  30. 2010-11-09 20:54 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1AAC5FFB-72A4-40F8-99C5-1551F7210ED5}\mpengine.dll
  31. 2010-11-08 07:05 . 2010-11-08 07:05 -------- d-----w- C:\found.001
  32. 2010-11-06 11:44 . 2010-11-06 11:44 -------- d-----w- c:\program files\iPod
  33. 2010-11-06 11:39 . 2010-11-06 11:39 -------- d-----w- c:\program files\Bonjour
  34. 2010-11-03 21:53 . 2010-11-13 21:35 -------- d-----w- c:\users\Uzair\Incomplete
  35. 2010-11-03 21:49 . 2010-11-13 22:06 -------- d-----w- c:\users\Uzair\AppData\Roaming\FrostWire
  36. 2010-11-03 21:47 . 2010-11-03 21:50 -------- d-----w- c:\program files\FrostWire
  37. 2010-10-27 09:41 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
  38. 2010-10-27 09:41 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
  39. 2010-10-27 09:41 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
  40. 2010-10-27 09:41 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
  41. 2010-10-27 09:41 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
  42. 2010-10-16 19:22 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
  43. 2010-10-16 19:22 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
  44. 2010-10-16 19:22 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
  45. 2010-10-16 19:22 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
  46. 2010-10-16 19:18 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
  47.  
  48. .
  49. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  50. .
  51. 2010-10-19 10:41 . 2010-06-27 11:34 222080 ------w- c:\windows\system32\MpSigStub.exe
  52. 2010-09-15 04:50 . 2010-07-06 11:51 472808 ----a-w- c:\windows\system32\deployJava1.dll
  53. 2010-09-08 11:17 . 2010-09-08 11:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
  54. 2010-09-08 11:17 . 2010-09-08 11:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
  55. 2010-08-28 12:35 . 2010-08-28 12:35 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
  56. 2010-08-21 05:32 . 2010-09-15 15:22 316928 ----a-w- c:\windows\system32\spoolsv.exe
  57. 2010-06-27 16:22 . 2010-06-28 11:19 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
  58. .
  59.  
  60. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  61. .
  62. .
  63. *Note* empty entries & legit default entries are not shown
  64. REGEDIT4
  65.  
  66. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
  67. @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
  68. [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
  69. 2009-12-09 01:19 94208 ----a-w- c:\users\Uzair\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
  70.  
  71. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
  72. @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
  73. [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
  74. 2009-12-09 01:19 94208 ----a-w- c:\users\Uzair\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
  75.  
  76. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
  77. @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
  78. [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
  79. 2009-12-09 01:19 94208 ----a-w- c:\users\Uzair\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
  80.  
  81. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  82. "Google Update"="c:\users\Uzair\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-27 136176]
  83. "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
  84. "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
  85. "ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-10-27 133432]
  86.  
  87. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  88. "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-02-26 495708]
  89. "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-27 30192]
  90. "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
  91. "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
  92. "openvpn-gui"="c:\program files\UltraVPN\bin\openvpn-gui.exe" [2010-04-19 370948]
  93. "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
  94. "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
  95. "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
  96. "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
  97. "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]
  98. "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
  99. "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
  100. "Live! Central 2"="c:\program files\Creative\Creative Live! Cam\Live! Central 2\CTLVCentral2.exe" [2009-11-04 426140]
  101. "V0640Mon.exe"="c:\windows\V0640Mon.exe" [2009-09-22 28672]
  102. "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-28 136216]
  103. "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 171032]
  104. "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-28 170520]
  105. "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
  106. "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
  107. "V0640Pin.dll"="V0640Pin.dll" [2009-11-13 45056]
  108. "VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
  109. "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
  110.  
  111. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  112. "ConsentPromptBehaviorAdmin"= 5 (0x5)
  113. "ConsentPromptBehaviorUser"= 3 (0x3)
  114. "EnableUIADesktopToggle"= 0 (0x0)
  115.  
  116. [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
  117. "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
  118.  
  119. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
  120. "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
  121.  
  122. R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
  123. R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-08 136176]
  124. R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]
  125. R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-08-21 143936]
  126. R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-27 30192]
  127. R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
  128. R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
  129. R3 V0640Vid;Creative Live! Cam Socialize (VF0640) Driver;c:\windows\system32\DRIVERS\V0640Vid.sys [2009-12-03 273760]
  130. R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-28 1343400]
  131. R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
  132. R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
  133. R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
  134. S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
  135. S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\aestsrv.exe [2009-03-03 81920]
  136. S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
  137. S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
  138. S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
  139. S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]
  140. S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
  141. S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
  142.  
  143.  
  144. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  145. Akamai REG_MULTI_SZ Akamai
  146. .
  147. Contents of the 'Scheduled Tasks' folder
  148.  
  149. 2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  150. - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-09 21:37]
  151.  
  152. 2010-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  153. - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-09 21:37]
  154.  
  155. 2010-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2285835813-632877105-3558421781-1001Core.job
  156. - c:\users\Uzair\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-27 11:32]
  157.  
  158. 2010-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2285835813-632877105-3558421781-1001UA.job
  159. - c:\users\Uzair\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-27 11:32]
  160. .
  161. .
  162. ------- Supplementary Scan -------
  163. .
  164. uInternet Settings,ProxyOverride = *.local
  165. IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
  166. IE: Free YouTube Download - c:\users\Uzair\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
  167. IE: Free YouTube to Mp3 Converter - c:\users\Uzair\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
  168. DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
  169. FF - ProfilePath - c:\users\Uzair\AppData\Roaming\Mozilla\Firefox\Profiles\vvf95d25.default\
  170. FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
  171. FF - component: c:\users\Uzair\AppData\Roaming\Mozilla\Firefox\Profiles\vvf95d25.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
  172. FF - component: c:\users\Uzair\AppData\Roaming\Mozilla\Firefox\Profiles\vvf95d25.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
  173. FF - component: c:\users\Uzair\AppData\Roaming\Mozilla\Firefox\Profiles\vvf95d25.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
  174.  
  175. ---- FIREFOX POLICIES ----
  176. c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
  177. c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
  178. .
  179. - - - - ORPHANS REMOVED - - - -
  180.  
  181. WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
  182.  
  183.  
  184. .
  185. --------------------- LOCKED REGISTRY KEYS ---------------------
  186.  
  187. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  188. @Denied: (Full) (Everyone)
  189. .
  190. Completion time: 2010-11-15 15:21:06
  191. ComboFix-quarantined-files.txt 2010-11-15 15:21
  192. ComboFix2.txt 2010-11-14 11:42
  193.  
  194. Pre-Run: 28,254,040,064 bytes free
  195. Post-Run: 28,253,114,368 bytes free
  196.  
  197. - - End Of File - - FB3DF6ACE19F8FC599AB48BDC4C13CCC
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!