Scribd
Upload
106 views

Combo Fix

This document summarizes the results of a security scan run on a Windows XP system. It identifies malware and other issues found, including potentially unwanted programs and browser helper objects. Files and registry entries that were deleted or created between the given dates are also listed. The document provides technical details typically used by IT professionals to understand the state of the system and address any issues found.

Uploaded by

drillsage6443
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
106 views

Combo Fix

This document summarizes the results of a security scan run on a Windows XP system. It identifies malware and other issues found, including potentially unwanted programs and browser helper objects. Files and registry entries that were deleted or created between the given dates are also listed. The document provides technical details typically used by IT professionals to understand the state of the system and address any issues found.

Uploaded by

drillsage6443
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 4

ComboFix 10-07-11.03 - Admin 13/07/2010 15:05:57.1.

2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.990.547 [GMT -5:00]
Running from: f:\documents\Downloads\service\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A
-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
c:\documents and settings\Admin\Application Data\yftza.exe
c:\documents and settings\CyberLeader\Application Data\yftza.exe
c:\program files\pdfforge Toolbar\SearchSettings.dll
.
((((((((((((((((((((((((( Files Created from 2010-06-13 to 2010-07-13 )))))))
))))))))))))))))))))))))
.
2010-07-13 20:00 . 2010-07-13 20:01 -------- d-----w- c:\docum
ents and settings\CyberLeader\Local Settings\Application Data\Microsoft
2010-07-13 20:00 . 2010-07-13 20:01 -------- d-----w- c:\docum
ents and settings\CyberLeader
2010-07-13 19:57 . 2010-07-13 20:01 -------- d-----w- C:\Launc
her
2010-07-13 19:57 . 2006-01-19 09:38 102400 ----a-w- c:\windows\syste
m32\clPrinting.dll
2010-07-13 19:57 . 2005-12-12 09:01 86016 ----a-w- c:\windows\syste
m32\clPringingHelper.dll
2010-07-12 17:09 . 2010-07-12 17:09 -------- d-----w- c:\progr
am files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2010-07-13 20:08 . 2009-09-08 16:45 -------- d-----w- c:\progr
am files\pdfforge Toolbar
2010-07-13 20:02 . 2010-07-13 20:01 -------- d-----w- c:\docum
ents and settings\CyberLeader\Application Data\pdfforge
2010-07-13 20:01 . 2010-07-13 20:01 -------- d-----w- c:\docum
ents and settings\CyberLeader\Application Data\Search Settings
2010-07-13 20:01 . 2010-07-13 20:01 68064 ----a-w- c:\documents and
settings\CyberLeader\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-13 20:01 . 2010-07-13 20:01 -------- d-----w- c:\docum
ents and settings\CyberLeader\Application Data\ATI
2010-07-13 19:02 . 2009-09-08 19:00 68064 ----a-w- c:\documents and
settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-09 08:08 . 2009-09-08 19:46 -------- d-----w- c:\progr
am files\Microsoft Silverlight
2010-05-28 13:45 . 2010-05-28 13:45 503808 ----a-w- c:\documents and
settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-41db48
65-n\msvcp71.dll
2010-05-28 13:45 . 2010-05-28 13:45 499712 ----a-w- c:\documents and
settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-41db48
65-n\jmc.dll
2010-05-28 13:45 . 2010-05-28 13:45 348160 ----a-w- c:\documents and
settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-41db48
65-n\msvcr71.dll
2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\syste
m32\wininet.dll
2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\syste
m32\win32k.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\syste
m32\atmfd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA44
02}]
2009-07-31 07:00 698880 ----a-w- c:\program files\pdfforge Toolba
r\pdfforgeToolbarIE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdf
forgeToolbarIE.dll" [2009-07-31 698880]
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-05-08 10
15808]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-12 408344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_s
l.exe" [2009-02-27 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
[2009-07-15 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-08 14
9280]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-07
-29 1024512]
"Bubble"="c:\program files\Windows SteadyState\Bubble.exe" [2008-05-30 182288]
"Logoff"="c:\program files\Windows SteadyState\SCTUINotify.exe" [2008-05-30 1638
56]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 0 (0x0)
"NoUpdateCheck"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0VCFCHK.exe \??\C: \??\C:\Ca
che.WDP
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VCFSVC]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows St
eadyState]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R0 VCF;VCF;c:\windows\system32\drivers\VCFFltr.SYS [08/09/2009 03:16 PM 268944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVi
r Desktop\sched.exe [08/09/2009 11:07 AM 108289]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\progra
m files\Intel\AMT\UNS.exe [08/09/2009 10:21 AM 2521880]
R2 VCFSVC;VCFSVC;c:\program files\Windows SteadyState\VCFService.exe [30/05/2008
02:41 PM 91152]
R2 Windows SteadyState;Windows SteadyState Service;c:\program files\Windows Stea
dyState\SCTSvc.exe [30/05/2008 02:41 PM 115728]
S0 cerc6;cerc6; [x]
.
Contents of the 'Scheduled Tasks' folder
2010-07-13 c:\windows\Tasks\User_Feed_Synchronization-{6142E2EA-E42B-4B48-BC48-E
541F3E782B5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
2010-07-13 c:\windows\Tasks\User_Feed_Synchronization-{7B7E6A1A-2B29-4F9A-A9C0-C
4607C60722B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
2010-07-13 c:\windows\Tasks\User_Feed_Synchronization-{8FEB7F44-35F2-46CA-803D-5
5D3EBA6CE61}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
2010-07-13 c:\windows\Tasks\User_Feed_Synchronization-{D5507F06-C90E-4664-A882-E
6A00AFD842E}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Fire
fox\Profiles\mkkgejod.default\
FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsetting
s.com\components\SearchSettingsFF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80
e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2010-07-13 15:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(784)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-13 15:10:33
ComboFix-quarantined-files.txt 2010-07-13 20:10
Pre-Run: 31,954,558,976 bytes free
Post-Run: 31,986,712,576 bytes free
- - End Of File - - EA3200FA5D243E6BD656CA86EA632CCC

You might also like