API tools faq
paste
Ressy

combofix

Ressy
Feb 10th, 2011
106
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.81 KB | None | 0 0
raw download clone embed print report
  1. ComboFix 11-02-09.05 - Brandon 02/10/2011 13:41:39.1.2 - x86
  2. Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2047.1295 [GMT -5:00]
  3. Running from: c:\users\Brandon\Downloads\stealthykitty.exe
  4. SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
  5. SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  6. .
  7.  
  8. ((((((((((((((((((((((((( Files Created from 2011-01-10 to 2011-02-10 )))))))))))))))))))))))))))))))
  9. .
  10.  
  11. 2011-02-10 18:47 . 2011-02-10 18:47 -------- d-----w- c:\users\m\AppData\Local\temp
  12. 2011-02-10 18:47 . 2011-02-10 18:47 -------- d-----w- c:\users\m.Brandon-PC\AppData\Local\temp
  13. 2011-02-10 18:47 . 2011-02-10 18:47 -------- d-----w- c:\users\Katie\AppData\Local\temp
  14. 2011-02-10 18:47 . 2011-02-10 18:47 -------- d-----w- c:\users\Gwama\AppData\Local\temp
  15. 2011-02-10 18:47 . 2011-02-10 18:47 -------- d-----w- c:\users\Gwama.Brandon-PC\AppData\Local\temp
  16. 2011-02-10 18:47 . 2011-02-10 18:47 -------- d-----w- c:\users\Default\AppData\Local\temp
  17. 2011-02-10 17:55 . 2011-02-10 17:57 -------- d-----w- c:\users\Brandon\AppData\Roaming\mIRC
  18. 2011-02-10 17:55 . 2011-02-10 17:55 -------- d-----w- c:\program files\mIRC
  19. 2011-02-10 08:02 . 2011-02-10 08:05 -------- d-----w- C:\7aced15b3115db2285043d
  20. 2011-02-10 04:42 . 2011-02-10 17:47 -------- d-----w- c:\program files\World of Warcraft
  21. 2011-02-08 13:37 . 2011-02-10 18:31 -------- d-----w- c:\users\Brandon\AppData\Local\Deployment
  22. 2011-02-08 13:37 . 2011-02-08 13:37 -------- d-----w- c:\users\Brandon\AppData\Local\Apps
  23. 2011-01-22 04:09 . 2011-01-22 04:09 -------- d-----w- C:\3fce2e1ffbfb6ae6c38dbc96c08aa071
  24. 2011-01-22 04:09 . 2011-01-22 04:09 -------- d-----w- c:\windows\CheckSur
  25. 2011-01-12 08:01 . 2011-01-12 08:02 -------- d-----w- C:\bbf7e00bcc783e7bb2f7485b
  26.  
  27. .
  28. (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
  29. .
  30. 2010-12-09 18:17 . 2010-12-09 18:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
  31. .
  32.  
  33. ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
  34. .
  35. .
  36. *Note* empty entries & legit default entries are not shown
  37. REGEDIT4
  38.  
  39. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  40. "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
  41. "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
  42. "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
  43.  
  44. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
  45. "AvgUninstallURL"="start http:" [X]
  46.  
  47. c:\users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
  48. CurseClientStartup.ccip [2011-2-8 0]
  49.  
  50. [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
  51. "ConsentPromptBehaviorAdmin"= 5 (0x5)
  52. "ConsentPromptBehaviorUser"= 3 (0x3)
  53. "EnableUIADesktopToggle"= 0 (0x0)
  54. "PromptOnSecureDesktop"= 0 (0x0)
  55.  
  56. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  57. "mixer1"=wdmaud.drv
  58.  
  59. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
  60. @="Service"
  61.  
  62. R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
  63. R3 scsiscan;SCSI Scanner Driver;c:\windows\system32\DRIVERS\scsiscan.sys [2009-07-14 14848]
  64. R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys [2007-06-28 1310720]
  65. R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-01 1343400]
  66. S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-04 64288]
  67. S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
  68. S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-02 1352832]
  69. S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
  70. S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
  71.  
  72. .
  73. .
  74. ------- Supplementary Scan -------
  75. .
  76. uStart Page = hxxp://www.google.com/ig?hl=en
  77. TCP: {A7BA7D5F-072F-458F-9B92-3FF9EAC83AAE} = 8.8.4.4
  78. DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.72.0.cab
  79. DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
  80. FF - ProfilePath - c:\users\Brandon\AppData\Roaming\Mozilla\Firefox\Profiles\u5hww0mx.default\
  81. FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
  82. FF - prefs.js: network.proxy.type - 0
  83. FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
  84. FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
  85. FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Brandon\AppData\Roaming\Move Networks
  86. FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
  87. FF - Ext: ChaCha Guide App Toolbar: chachaguidebar@chacha.com - %profile%\extensions\chachaguidebar@chacha.com
  88. .
  89. .
  90. --------------------- LOCKED REGISTRY KEYS ---------------------
  91.  
  92. [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  93. @Denied: (Full) (Everyone)
  94. .
  95. Completion time: 2011-02-10 13:49:27
  96. ComboFix-quarantined-files.txt 2011-02-10 18:49
  97.  
  98. Pre-Run: 77,100,584,960 bytes free
  99. Post-Run: 77,125,488,640 bytes free
  100.  
  101. - - End Of File - - F405A3F21389C12B1E10454F8F566EFE
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!