API tools faq
paste
View difference between Paste ID: epW0C2Kh and
SHOW: | | - or go back to the newest paste.
1-
1+
ComboFix 10-03-14.01 - goran07 15.03.2010  11:14:20.4.2 - x86

2
Microsoft Windows XP Professional  5.1.2600.3.1250.385.1033.18.3070.2599 [GMT 1:00]

3
Running from: c:\documents and settings\goran07\Desktop\ComboFix.exe

4
Command switches used :: c:\documents and settings\goran07\Desktop\CFScript.txt

5
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

6
 * Resident AV is active

7
8
.

9
The following files were disabled during the run:

10
c:\windows\TEMP\logishrd\LVPrcInj01.dll

11
12
13
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

14
.

15
16
c:\windows\TEMP\logishrd\LVPrcInj01.dll

17
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . failed to delete

18
19
.

20
--------------- FCopy ---------------

21
22
c:\windows\ERDNT\cache\atapi.sys --> c:\windows\system32\drivers\atapi.sys

23
.

24
(((((((((((((((((((((((((   Files Created from 2010-02-15 to 2010-03-15  )))))))))))))))))))))))))))))))

25
.

26
27
2010-03-14 14:50 . 2010-03-14 14:50	--------	d-----w-	C:\_OTL

28
2010-03-13 07:22 . 2010-03-14 15:53	517840	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

29
2010-03-12 12:59 . 2010-03-12 12:59	36864	----a-w-	c:\documents and settings\goran07\Application Data\Autodesk\AutoCAD 2010\R18.0\enu\ContextualTabSelectorRules.dll

30
2010-03-12 12:58 . 2010-03-12 12:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\FLEXnet

31
2010-03-12 12:49 . 2010-03-12 12:49	--------	d-----w-	c:\program files\Common Files\Macrovision Shared

32
2010-03-12 12:47 . 2010-03-12 12:59	--------	d-----w-	c:\documents and settings\goran07\Application Data\Autodesk

33
2010-03-12 12:47 . 2010-03-12 12:50	--------	d-----w-	c:\program files\Common Files\Autodesk Shared

34
2010-03-12 12:47 . 2010-03-12 12:50	--------	d-----w-	c:\program files\AutoCAD 2010

35
2010-03-12 12:47 . 2010-03-12 12:47	--------	d-----w-	c:\documents and settings\goran07\Local Settings\Application Data\Autodesk

36
2010-03-12 12:47 . 2010-03-12 12:47	--------	d-----w-	c:\documents and settings\All Users\Application Data\Autodesk

37
2010-03-09 08:19 . 2010-03-09 08:40	--------	d-----w-	c:\program files\PhotoScape

38
2010-03-08 18:16 . 2010-03-08 18:16	--------	d-----w-	c:\program files\FastStone Image Viewer

39
2010-02-23 09:37 . 2010-02-23 09:37	--------	d-----w-	c:\program files\Lavalys

40
2010-02-22 18:28 . 2010-02-22 18:28	--------	d-----w-	c:\documents and settings\All Users\Application Data\NVIDIA Corporation

41
2010-02-22 18:28 . 2010-02-22 18:28	--------	d-----w-	c:\program files\NVIDIA Corporation

42
2010-02-22 18:27 . 2010-01-12 04:03	61440	----a-w-	c:\windows\system32\OpenCL.dll

43
2010-02-22 18:27 . 2010-01-12 04:03	4077672	----a-w-	c:\windows\system32\nvcuvenc.dll

44
2010-02-22 18:27 . 2010-01-12 04:03	2259560	----a-w-	c:\windows\system32\nvcuvid.dll

45
2010-02-22 18:27 . 2010-01-12 04:03	2283526	----a-w-	c:\windows\system32\nvdata.bin

46
2010-02-22 18:27 . 2010-01-12 04:03	11632640	----a-w-	c:\windows\system32\nvcompiler.dll

47
2010-02-22 18:27 . 2010-02-22 18:27	--------	d-----w-	C:\NVIDIA

48
2010-02-22 16:51 . 2010-02-22 18:35	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard

49
2010-02-22 16:36 . 2010-02-23 07:37	--------	d-----w-	c:\program files\Common Files\BioWare

50
2010-02-22 16:30 . 2010-02-22 17:39	--------	d-----w-	c:\program files\DAEMON Tools Lite

51
2010-02-14 13:02 . 2010-02-17 10:13	--------	d-----w-	c:\program files\Call of Duty

52
2010-02-14 12:23 . 2010-02-22 16:31	--------	d-----w-	c:\program files\DAEMON Tools Toolbar

53
2010-02-14 12:23 . 2010-02-14 12:23	691696	----a-w-	c:\windows\system32\drivers\sptd.sys

54
2010-02-14 12:22 . 2010-02-14 12:36	--------	d-----w-	c:\documents and settings\goran07\Application Data\DAEMON Tools Lite

55
2010-02-14 12:20 . 2010-02-14 12:22	--------	d-----w-	c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

56
2010-02-14 11:45 . 2010-02-14 11:45	--------	d-----w-	c:\documents and settings\goran07\Application Data\DAEMON Tools Pro

57
58
.

59
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

60
.

61
2010-03-12 12:57 . 2009-04-09 20:18	116904	----a-w-	c:\documents and settings\goran07\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

62
2010-03-08 18:59 . 2009-11-29 16:28	--------	d-----w-	c:\program files\Windows Live Safety Center

63
2010-03-08 18:11 . 2009-04-15 17:46	--------	d-----w-	c:\program files\Google

64
2010-03-08 18:02 . 2009-05-09 17:38	--------	d-----w-	c:\documents and settings\goran07\Application Data\FastStone

65
2010-02-24 15:36 . 2009-04-10 18:09	--------	d--h--w-	c:\program files\InstallShield Installation Information

66
2010-02-22 18:28 . 2009-10-25 14:22	--------	d-----w-	c:\program files\AGEIA Technologies

67
2010-02-12 08:56 . 2010-02-12 08:54	--------	d-----w-	c:\program files\3D Driving-School

68
2010-02-10 19:26 . 2010-02-10 19:26	--------	d-----w-	c:\program files\Room Arranger

69
2010-02-10 16:54 . 2010-02-10 16:54	--------	d-----w-	c:\program files\Mobi3D DEMO

70
2010-02-10 16:54 . 2009-04-22 19:30	737280	----a-w-	c:\windows\iun6002.exe

71
2010-02-10 11:17 . 2009-04-15 18:20	--------	d-----w-	c:\program files\Common Files\Adobe

72
2010-02-09 18:41 . 2010-02-09 18:41	--------	d-----w-	c:\documents and settings\goran07\Application Data\Apple Computer

73
2010-02-09 17:31 . 2010-02-09 17:30	--------	d-----w-	c:\program files\QuickTime

74
2010-02-09 17:30 . 2010-02-09 17:30	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple Computer

75
2010-02-09 17:30 . 2010-02-09 17:30	--------	d-----w-	c:\program files\Common Files\Apple

76
2010-02-09 17:30 . 2010-02-09 17:30	--------	d-----w-	c:\program files\Apple Software Update

77
2010-02-09 17:30 . 2010-02-09 17:30	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple

78
2010-02-07 20:44 . 2010-02-07 20:33	--------	d-----w-	c:\documents and settings\goran07\Application Data\foobar2000

79
2010-02-07 20:38 . 2010-02-07 20:38	--------	d-----w-	c:\program files\MP4 Player

80
2010-02-07 20:33 . 2010-02-07 20:33	--------	d-----w-	c:\program files\foobar2000

81
2010-02-02 19:41 . 2009-05-04 19:50	--------	d-----w-	c:\program files\K-Lite Codec Pack

82
2010-02-02 18:13 . 2010-02-02 18:13	--------	d-----w-	c:\program files\ESET

83
2010-02-01 20:03 . 2010-02-01 20:03	--------	d-----w-	c:\program files\SPCA1528

84
2010-01-30 12:05 . 2009-08-20 13:45	--------	d-----w-	c:\program files\AIMP2

85
2010-01-29 20:27 . 2010-01-29 20:27	71168	----a-w-	c:\windows\WinLibrary.EXE

86
2010-01-29 20:27 . 2010-01-29 20:27	560030	----a-w-	c:\windows\Winfuntion.exe

87
2010-01-29 08:31 . 2009-08-20 13:46	--------	d-----w-	c:\documents and settings\goran07\Application Data\AIMP

88
2010-01-15 18:19 . 2009-07-02 18:53	--------	d-----w-	c:\program files\Opera

89
2010-01-12 04:03 . 2009-04-10 18:39	592488	----a-w-	c:\windows\system32\nvudisp.exe

90
2010-01-12 04:03 . 2009-04-10 18:38	14458880	----a-w-	c:\windows\system32\nvoglnt.dll

91
2010-01-12 04:03 . 2009-04-10 18:38	4104192	----a-w-	c:\windows\system32\nvcuda.dll

92
2010-01-12 04:03 . 2009-04-10 18:38	182888	----a-w-	c:\windows\system32\nvcodins.dll

93
2010-01-12 04:03 . 2009-04-10 18:38	182888	----a-w-	c:\windows\system32\nvcod.dll

94
2010-01-12 04:03 . 2009-04-10 18:38	1081344	----a-w-	c:\windows\system32\nvapi.dll

95
2010-01-12 04:03 . 2009-04-09 20:15	6359168	----a-w-	c:\windows\system32\nv4_disp.dll

96
2010-01-12 04:03 . 2009-04-09 20:14	10276768	----a-w-	c:\windows\system32\drivers\nv4_mini.sys

97
2010-01-11 21:17 . 2010-01-11 21:17	278120	----a-w-	c:\windows\system32\nvmccs.dll

98
2010-01-11 21:17 . 2010-01-11 21:17	154216	----a-w-	c:\windows\system32\nvsvc32.exe

99
2010-01-11 21:17 . 2010-01-11 21:17	145000	----a-w-	c:\windows\system32\nvcolor.exe

100
2010-01-11 21:17 . 2010-01-11 21:17	13666408	----a-w-	c:\windows\system32\nvcpl.dll

101
2010-01-11 21:17 . 2010-01-11 21:17	110696	----a-w-	c:\windows\system32\nvmctray.dll

102
2010-01-11 21:17 . 2010-01-11 21:17	81920	----a-w-	c:\windows\system32\nvwddi.dll

103
2010-01-01 20:27 . 2010-01-01 20:27	40	---ha-w-	c:\windows\system32\ezsidmv.dat

104
2009-12-22 18:39 . 2009-12-22 18:39	922112	------w-	c:\windows\system32\imapi2fs.dll

105
2009-12-22 18:39 . 2009-12-22 18:39	426496	------w-	c:\windows\system32\imapi2.dll

106
.

107
108
(((((((((((((((((((((((((((((   SnapShot@2010-03-14_19.07.11   )))))))))))))))))))))))))))))))))))))))))

109
.

110
+ 2010-03-15 10:18 . 2010-03-15 10:18	16384              c:\windows\temp\Perflib_Perfdata_1d0.dat

111
.

112
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

113
.

114
.

115
*Note* empty entries & legit default entries are not shown 

116
REGEDIT4

117
118
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

119
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2009\MemOptimizer.exe" [2008-12-11 155904]

120
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2007-09-19 639488]

121
122
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

123
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]

124
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-16 198160]

125
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

126
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

127
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

128
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 13666408]

129
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-11 110696]

130
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]

131
132
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

133
@="Driver"

134
135
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

136
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background

137
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

138
"RGSC"=e:\g t a instalacija\Rockstar Games Social Club\RGSCLauncher.exe /silent

139
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

140
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

141
142
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

143
"H2O"=c:\program files\SyncroSoft\Pos\H2O\cledx.exe

144
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe"  -osboot

145
146
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

147
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

148
"%windir%\\system32\\sessmgr.exe"=

149
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

150
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

151
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

152
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

153
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

154
"e:\\G T A INSTALACIJA\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

155
"e:\\G T A INSTALACIJA\\Grand Theft Auto IV\\GTAIV.exe"=

156
"e:\\G T A INSTALACIJA\\Rockstar Games Social Club\\RGSCLauncher.exe"=

157
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

158
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

159
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

160
"e:\\programi\\NOVOMATIC Multi-Gaminator 22in1\\game.exe"=

161
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

162
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

163
"c:\\Program Files\\Opera\\opera.exe"=

164
"e:\\Program Files\\Mass Effect 2\\Binaries\\MassEffect2.exe"=

165
"e:\\Program Files\\Mass Effect 2\\MassEffect2Launcher.exe"=

166
"e:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=

167
168
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [7/5/2006 1:46 PM 63352]

169
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 4:11 PM 35328]

170
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2007 8:21 AM 35168]

171
R1 f4cd7848-3e92-4732-80a1-63c7ed58f8ac;f4cd7848-3e92-4732-80a1-63c7ed58f8ac;c:\windows\iprot\f4cd7848-3e92-4732-80a1-63c7ed58f8ac\PhysMem.sys [12/8/2009 1:39 PM 3584]

172
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [12/21/2007 8:21 AM 472280]

173
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [11/25/2009 7:06 PM 33792]

174
S2 Ca1528av;SPCA1528 Video Camera Service;c:\windows\system32\drivers\Ca1528av.sys [2/1/2010 9:03 PM 516480]

175
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/8/2010 5:30 PM 135664]

176
S3 Bulk1528;SPCA1528 Still Camera Service;c:\windows\system32\drivers\Bulk1528.sys [2/1/2010 9:03 PM 11648]

177
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/14/2010 1:23 PM 691696]

178
179
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

180
UxTuneUp

181
.

182
Contents of the 'Scheduled Tasks' folder

183
184
2010-03-15 c:\windows\Tasks\1-Click Maintenance.job

185
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

186
187
2010-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job

188
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

189
190
2010-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

191
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 16:30]

192
193
2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

194
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 16:30]

195
.

196
.

197
------- Supplementary Scan -------

198
.

199
uStart Page = hxxp://search.babylon.com/home

200
mLocal Page = 

201
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

202
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

203
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

204
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

205
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

206
IE: {{4C826F10-D34B-4ba8-B609-1FB8C6482A05} - c:\casino\Europa Casino\casino.exe

207
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

208
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

209
FF - ProfilePath - c:\documents and settings\goran07\Application Data\Mozilla\Firefox\Profiles\6a0uklg8.default\

210
FF - prefs.js: browser.search.defaulturl - 

211
FF - prefs.js: browser.startup.homepage - hxxp://192.168.1.1/index.cgi?active_page=page_home&prev_page=page_login&has_param=1&req_mode=0&mimic_button_field=submit_button_login_submit%3a+..&strip_page_top=0&button_value=

212
FF - component: c:\documents and settings\goran07\Application Data\Mozilla\Firefox\Profiles\6a0uklg8.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll

213
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

214
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll

215
216
---- FIREFOX POLICIES ----

217
FF - user.js: network.http.max-connections-per-server - 6

218
FF - user.js: network.http.max-persistent-connections-per-server - 3

219
FF - user.js: nglayout.initialpaint.delay - 750

220
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

221
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

222
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

223
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

224
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

225
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);

226
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

227
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

228
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

229
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);

230
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);

231
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);

232
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

233
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

234
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);

235
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);

236
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

237
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

238
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

239
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

240
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

241
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

242
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

243
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

244
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

245
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

246
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

247
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

248
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

249
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

250
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

251
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

252
.

253
254
**************************************************************************

255
256
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

257
Rootkit scan 2010-03-15 11:21

258
Windows 5.1.2600 Service Pack 3 NTFS

259
260
scanning hidden processes ...  

261
262
scanning hidden autostart entries ... 

263
264
scanning hidden files ...  

265
266
scan completed successfully

267
hidden files: 0

268
269
**************************************************************************

270
271
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

272
273
device: opened successfully

274
user: MBR read successfully

275
called modules: TUKERNEL.EXE CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync03.sys >>UNKNOWN [0x8AAD28E0]<< 

276
kernel: MBR read successfully

277
detected MBR rootkit hooks:

278
\Driver\Disk -> CLASSPNP.SYS @ 0xf764bf28

279
\Driver\ACPI -> ACPI.sys @ 0xf75aecb8

280
\Driver\atapi -> sfsync03.sys @ 0xf761895c

281
IoDeviceObjectType -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e6686

282
 ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b9

283
\Device\Harddisk0\DR0 -> DeleteProcedure -> TUKERNEL.EXE @ 0x805e6686

284
 ParseProcedure -> TUKERNEL.EXE @ 0x8057b6b9

285
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf787fbb0

286
 PacketIndicateHandler -> NDIS.sys @ 0xf788ca21

287
 SendHandler -> NDIS.sys @ 0xf786a87b

288
user & kernel MBR OK 

289
290
**************************************************************************

291
.

292
--------------------- LOCKED REGISTRY KEYS ---------------------

293
294
[HKEY_USERS\S-1-5-21-515967899-1979792683-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]

295
@Allowed: (Read) (RestrictedCode)

296
@Allowed: (Read) (RestrictedCode)

297
298
[HKEY_USERS\S-1-5-21-515967899-1979792683-839522115-1003\Software\SecuROM\License information*]

299
"datasecu"=hex:d7,c0,b4,20,9d,b8,ac,ba,fd,9e,9b,1e,fb,99,00,32,7b,09,af,78,2b,

300
   c0,8c,e2,c0,c5,35,7a,36,60,bc,a7,3f,a5,9c,63,f6,d1,f0,40,62,29,8d,f4,18,03,\

301
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

302
.

303
--------------------- DLLs Loaded Under Running Processes ---------------------

304
305
- - - - - - - > 'explorer.exe'(7416)

306
c:\windows\TEMP\logishrd\LVPrcInj01.dll

307
c:\windows\system32\msi.dll

308
c:\windows\system32\WPDShServiceObj.dll

309
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll

310
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL

311
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr

312
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr

313
c:\windows\system32\PortableDeviceTypes.dll

314
c:\windows\system32\PortableDeviceApi.dll

315
.

316
------------------------ Other Running Processes ------------------------

317
.

318
c:\windows\system32\nvsvc32.exe

319
c:\program files\Java\jre6\bin\jqs.exe

320
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

321
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

322
c:\windows\system32\PnkBstrA.exe

323
c:\windows\System32\TUProgSt.exe

324
c:\windows\system32\wscntfy.exe

325
c:\windows\RTHDCPL.EXE

326
c:\windows\system32\RUNDLL32.EXE

327
.

328
**************************************************************************

329
.

330
Completion time: 2010-03-15  11:22:57 - machine was rebooted

331
ComboFix-quarantined-files.txt  2010-03-15 10:22

332
ComboFix2.txt  2010-03-14 19:09

333
334
Pre-Run: 17.346.813.952 bytes free

335
Post-Run: 17.301.098.496 bytes free

336
337
- - End Of File - - FE471959DD4154567E34B30A6A614770
        

    


            


                                


        

            



                
    

        Public Pastes
    

    
            

    

                    

        

    





    


    
    
    
    
    
    
    
    




    


    



                

            We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.             OK, I Understand
        

    
                

            

                
                    
                
            

            

                Not a member of Pastebin yet?

                Sign Up, it unlocks many cool features!