Scribd Logo
Upload

Welcome to Scribd!

  • Combo Fix

    Uploaded by

    jackpole
    38 views5 pages

    Original Title

    ComboFix.txt

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    38 views5 pages

    Combo Fix

    Uploaded by

    jackpole

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    ComboFix 10-10-22.04 - Administrator 10/22/2010 21:02:20.1.

    2 - x86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1754 [GMT -7:0
    0]
    Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Administrator\Desktop\CFScrip
    t.txt
    AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7AFC5-F6E02A79969B}
    AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {8
    4B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    (((((((((((((((((((((((((((((((((((((((
    )))))))))))))))))))))))))))))
    .

    Other Deletions

    C:\~.exe
    c:\documents and settings\sanumula\Application Data\Bitrix
    c:\documents and settings\sanumula\Application Data\Bitrix
    708_675671_skey_21-08-2010__10-17-18.zip
    c:\documents and settings\sanumula\Application Data\Bitrix
    c:\documents and settings\sanumula\Application Data\Bitrix
    c:\documents and settings\sanumula\Application Data\Bitrix
    c:\documents and settings\sanumula\Application Data\Bitrix
    c:\windows\system32\drivers\1028_DELL_XPS_Vostro 1500
    c:\windows\system32\drivers\DELL_XPS_Vostro 1500
    C:\zip.exe
    .
    (((((((((((((((((((((((((
    ))))))))))))))))))))))))
    .

    ))))))))))))))))))))

    Security
    Security\21082010_101
    Security\jje.txt
    Security\ljgh.txt
    Security\mcx.txt
    Security\mxd1.txt
    .MRK
    .MRK

    Files Created from 2010-09-23 to 2010-10-23 )))))))

    2010-10-23 02:52 . 2010-10-23 02:52


    ws\system32\GroupPolicy
    2010-10-20 07:20 . 2010-10-20 07:20
    2010-10-19 06:34 . 2010-10-20 06:43
    ents and settings\All Users\Application
    2010-10-19 02:16 . 2010-10-19 02:16
    art.bat
    2010-10-19 02:15 . 2010-10-19 03:39
    am files\UnHackMe
    2010-10-19 01:25 . 2010-10-19 01:25
    ws\system32\wbem\Repository
    2010-10-19 01:24 . 2010-10-19 01:24
    am files\Common Files\Java
    2010-10-19 01:24 . 2010-10-19 01:24
    am files\ErrorTeck
    2010-10-18 04:12 . 2010-10-18 04:12
    am files\IObit
    2010-10-18 03:35 . 2010-10-18 03:35
    m32\PxSecure.dll-7065984
    2010-10-18 02:23 . 2010-10-19 01:24
    am files\Free Window Registry Repair
    2010-10-16 04:22 . 2010-10-19 01:24
    am files\Trojan Remover

    --------

    d--h--w-

    c:\windo

    574
    ----a-wC:\cleanup.bat
    -------d-----wc:\docum
    Data\STOPzilla!
    2
    --shatrc:\windows\winst
    --------

    d-----w-

    c:\progr

    --------

    d-----w-

    c:\windo

    --------

    d-----w-

    c:\progr

    --------

    d-----w-

    c:\progr

    --------

    d-----w-

    c:\progr

    70192

    ----a-w-

    c:\windows\syste

    --------

    d-----w-

    c:\progr

    --------

    d-----w-

    c:\progr

    2010-10-16 03:38 . 2010-10-19 01:24


    -------d-----wc:\docum
    ents and settings\sanumula\Application Data\Simply Super Software
    2010-10-16 03:38 . 2010-10-16 03:38
    -------d-----wc:\docum
    ents and settings\All Users\Application Data\Simply Super Software
    2010-10-10 03:30 . 2010-08-24 21:57
    9344
    ----a-wc:\windows\syste
    m32\drivers\mfeclnk.sys
    2010-10-10 03:30 . 2010-08-24 21:57
    141792 ----a-wc:\windows\syste
    m32\mfevtps.exe
    2010-10-10 03:29 . 2010-08-24 21:57
    95600 ----a-wc:\windows\syste
    m32\drivers\mfeapfk.sys
    2010-10-10 03:29 . 2010-08-24 21:57
    88544 ----a-wc:\windows\syste
    m32\drivers\mfendisk.sys
    2010-10-10 03:29 . 2010-08-24 21:57
    84264 ----a-wc:\windows\syste
    m32\drivers\mferkdet.sys
    2010-10-10 03:29 . 2010-08-24 21:57
    84072 ----a-wc:\windows\syste
    m32\drivers\mfetdi2k.sys
    2010-10-10 03:29 . 2010-08-24 21:57
    55840 ----a-wc:\windows\syste
    m32\drivers\cfwids.sys
    2010-10-10 03:29 . 2010-08-24 21:57
    312904 ----a-wc:\windows\syste
    m32\drivers\mfefirek.sys
    2010-10-06 06:08 . 2010-10-06 06:08
    -------d-----wc:\docum
    ents and settings\Administrator\Local Settings\Application Data\Mozilla
    2010-10-05 21:06 . 2010-10-06 02:06
    -------d-----wc:\docum
    ents and settings\sanumula\Application Data\ErrorTeck
    2010-10-05 21:04 . 2010-10-05 21:05
    -------d-----wc:\docum
    ents and settings\Administrator\Application Data\ErrorTeck
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report
    )))))))))))))))))))))))))))))))
    .
    2010-09-15 04:25 . 2010-09-15 04:25
    0
    ----a-w2010-08-24 21:57 . 2010-01-06 04:12
    52104 ----a-wm32\drivers\mfebopk.sys
    2010-08-24 21:57 . 2010-01-06 04:12
    386712 ----a-wm32\drivers\mfehidk.sys
    2010-08-24 21:57 . 2010-01-06 04:12
    152992 ----a-wm32\drivers\mfeavfk.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points
    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    )))))))))))))))))))))
    C:\~.exe.vir
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste

    )))))))))))))))))))

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2
    010-07-06 2634048]
    "FreeCall"="c:\program files\FreeCall.com\FreeCall\FreeCall.exe" [2010-08-16 107
    88656]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [201001-27 256280]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 1
    28296]

    "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-10 2183


    168]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-17 138008]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-17 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-17 138008]
    "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21
    819200]
    "SigmatelSysTrayApp"="stsystra.exe" [2007-05-07 405504]
    "OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-02-02 36864]
    "ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2009-11-23 378128]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_s
    l.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-0921 932288]
    "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17
    1116920]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-25 142120]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe
    " [2010-02-18 248040]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-1-5
    50688]
    WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-5-27 106560]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiViru
    s]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall
    ]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
    "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\FreeCall.com\\FreeCall\\FreeCall.exe"=
    "c:\\Documents and Settings\\sanumula\\Local Settings\\Application Data\\Google\
    \Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\sanumula\\Local Settings\\Application Data\\Google\
    \Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    "c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [1/5/2010 9:07 PM 519


    84]
    R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [1/5/2010 9:07 PM
    59664]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\
    cmdguard.sys [1/7/2010 11:06 PM 132296]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmd
    hlp.sys [1/7/2010 11:06 PM 25160]
    S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/9/
    2010 8:29 PM 84072]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee
    \SiteAdvisor\McSACore.exe [1/5/2010 9:16 PM 88176]
    S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcaf
    ee\McSvcHost\McSvHost.exe" /McCoreSvc [10/9/2010 8:29 PM 271480]
    S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McS
    vcHost\McSvHost.exe" /McCoreSvc [10/9/2010 8:29 PM 271480]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\Sys
    temCore\mfefire.exe [10/9/2010 8:30 PM 188136]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps
    .exe [10/9/2010 8:30 PM 141792]
    S2 OracleE1LocalTNSListener;OracleE1LocalTNSListener;c:\oracle\E1Local\BIN\TNSLS
    NR --> c:\oracle\E1Local\BIN\TNSLSNR [?]
    S2 OracleServiceE1LOCAL;OracleServiceE1LOCAL;c:\oracle\e1local\bin\ORACLE.EXE E1
    LOCAL --> c:\oracle\e1local\bin\ORACLE.EXE E1LOCAL [?]
    S2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c
    :\program files\ThreatFire\TFService.exe service [?]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10/9/2010 8
    :29 PM 55840]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10/9/
    2010 8:29 PM 312904]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfe
    ndisk.sys [10/9/2010 8:29 PM 88544]
    S3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [10/9/2010 8:2
    9 PM 88544]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/9/
    2010 8:29 PM 84264]
    S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [1/5/2010 9:07 PM
    33552]
    S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visua
    l Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 8:01 AM 279980
    8]
    S4 OracleJobSchedulerE1LOCAL;OracleJobSchedulerE1LOCAL;c:\oracle\e1local\Bin\ext
    job.exe E1LOCAL --> c:\oracle\e1local\Bin\extjob.exe E1LOCAL [?]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    vvdsvc REG_MULTI_SZ
    vvdsvc
    .
    Contents of the 'Scheduled Tasks' folder
    2010-09-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]
    2010-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1284227242-7
    25345543-1004Core.job
    - c:\documents and settings\sanumula\Local Settings\Application Data\Google\Upda
    te\GoogleUpdate.exe [2010-01-28 19:02]
    2010-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1935655697-1284227242-7
    25345543-1004UA.job

    - c:\documents and settings\sanumula\Local Settings\Application Data\Google\Upda


    te\GoogleUpdate.exe [2010-01-28 19:02]
    .
    .
    ------- Supplementary Scan ------.
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/act
    ivex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
    .
    - - - - ORPHANS REMOVED - - - HKCU-Run-SRS Audio Sandbox - c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2010-10-22 21:13
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleE1LocalTNSListener]
    "ImagePath"="c:\oracle\E1Local\BIN\TNSLSNR "
    .
    ------------------------ Other Running Processes -----------------------.
    c:\progra~1\mcafee.com\agent\mcagent.exe
    .
    **************************************************************************
    .
    Completion time: 2010-10-22 21:19:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-23 04:19
    Pre-Run: 199,267,598,336 bytes free
    Post-Run: 199,275,274,240 bytes free
    - - End Of File - - 8FD188B5FB27E7D578F87AE6A64576B6

    You might also like