Scribd Logo
Upload

Welcome to Scribd!

  • Combo Fix

    Uploaded by

    drillsage6443
    70 views4 pages
    This document summarizes the results of a security scan run on a Windows XP system. It identifies malware and other issues found, including potentially unwanted programs and browser helper objects. Files and registry entries that were deleted or created between the given dates are also listed. The document provides technical details typically used by IT professionals to understand the state of the system and address any issues found.

    Original Description:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes the results of a security scan run on a Windows XP system. It identifies malware and other issues found, including potentially unwanted programs and browser helper objects. Files and registry entries that were deleted or created between the given dates are also listed. The document provides technical details typically used by IT professionals to understand the state of the system and address any issues found.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    70 views4 pages

    Combo Fix

    Uploaded by

    drillsage6443
    This document summarizes the results of a security scan run on a Windows XP system. It identifies malware and other issues found, including potentially unwanted programs and browser helper objects. Files and registry entries that were deleted or created between the given dates are also listed. The document provides technical details typically used by IT professionals to understand the state of the system and address any issues found.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as txt, pdf, or txt
    of 4

    ComboFix 10-07-11.03 - Admin 13/07/2010 15:05:57.1.

    2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.990.547 [GMT -5:00]
    Running from: f:\documents\Downloads\service\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A
    -A743-FDD3350758C7}
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    c:\documents and settings\Admin\Application Data\yftza.exe
    c:\documents and settings\CyberLeader\Application Data\yftza.exe
    c:\program files\pdfforge Toolbar\SearchSettings.dll
    .
    ((((((((((((((((((((((((( Files Created from 2010-06-13 to 2010-07-13 )))))))
    ))))))))))))))))))))))))
    .
    2010-07-13 20:00 . 2010-07-13 20:01 -------- d-----w- c:\docum
    ents and settings\CyberLeader\Local Settings\Application Data\Microsoft
    2010-07-13 20:00 . 2010-07-13 20:01 -------- d-----w- c:\docum
    ents and settings\CyberLeader
    2010-07-13 19:57 . 2010-07-13 20:01 -------- d-----w- C:\Launc
    her
    2010-07-13 19:57 . 2006-01-19 09:38 102400 ----a-w- c:\windows\syste
    m32\clPrinting.dll
    2010-07-13 19:57 . 2005-12-12 09:01 86016 ----a-w- c:\windows\syste
    m32\clPringingHelper.dll
    2010-07-12 17:09 . 2010-07-12 17:09 -------- d-----w- c:\progr
    am files\MSECache
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    2010-07-13 20:08 . 2009-09-08 16:45 -------- d-----w- c:\progr
    am files\pdfforge Toolbar
    2010-07-13 20:02 . 2010-07-13 20:01 -------- d-----w- c:\docum
    ents and settings\CyberLeader\Application Data\pdfforge
    2010-07-13 20:01 . 2010-07-13 20:01 -------- d-----w- c:\docum
    ents and settings\CyberLeader\Application Data\Search Settings
    2010-07-13 20:01 . 2010-07-13 20:01 68064 ----a-w- c:\documents and
    settings\CyberLeader\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-07-13 20:01 . 2010-07-13 20:01 -------- d-----w- c:\docum
    ents and settings\CyberLeader\Application Data\ATI
    2010-07-13 19:02 . 2009-09-08 19:00 68064 ----a-w- c:\documents and
    settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-06-09 08:08 . 2009-09-08 19:46 -------- d-----w- c:\progr
    am files\Microsoft Silverlight
    2010-05-28 13:45 . 2010-05-28 13:45 503808 ----a-w- c:\documents and
    settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-41db48
    65-n\msvcp71.dll
    2010-05-28 13:45 . 2010-05-28 13:45 499712 ----a-w- c:\documents and
    settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-41db48
    65-n\jmc.dll
    2010-05-28 13:45 . 2010-05-28 13:45 348160 ----a-w- c:\documents and
    settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-41db48
    65-n\msvcr71.dll
    2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:\windows\syste
    m32\wininet.dll
    2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:\windows\syste
    m32\win32k.sys
    2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:\windows\syste
    m32\atmfd.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA44
    02}]
    2009-07-31 07:00 698880 ----a-w- c:\program files\pdfforge Toolba
    r\pdfforgeToolbarIE.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\pdf
    forgeToolbarIE.dll" [2009-07-31 698880]
    [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-05-08 10
    15808]
    "atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-12 408344]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_s
    l.exe" [2009-02-27 35696]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    [2009-07-15 98304]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-08 14
    9280]
    "SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-07
    -29 1024512]
    "Bubble"="c:\program files\Windows SteadyState\Bubble.exe" [2008-05-30 182288]
    "Logoff"="c:\program files\Windows SteadyState\SCTUINotify.exe" [2008-05-30 1638
    56]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "HideFastUserSwitching"= 1 (0x1)
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFileUrl"= 0 (0x0)
    "NoUpdateCheck"= 0 (0x0)
    "NoExpandedNewMenu"= 0 (0x0)
    [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
    "NoAutoUpdate"= 1 (0x1)
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0VCFCHK.exe \??\C: \??\C:\Ca
    che.WDP
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VCFSVC]
    @="Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows St
    eadyState]
    @="Service"
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    R0 VCF;VCF;c:\windows\system32\drivers\VCFFltr.SYS [08/09/2009 03:16 PM 268944]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVi
    r Desktop\sched.exe [08/09/2009 11:07 AM 108289]
    R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\progra
    m files\Intel\AMT\UNS.exe [08/09/2009 10:21 AM 2521880]
    R2 VCFSVC;VCFSVC;c:\program files\Windows SteadyState\VCFService.exe [30/05/2008
    02:41 PM 91152]
    R2 Windows SteadyState;Windows SteadyState Service;c:\program files\Windows Stea
    dyState\SCTSvc.exe [30/05/2008 02:41 PM 115728]
    S0 cerc6;cerc6; [x]
    .
    Contents of the 'Scheduled Tasks' folder
    2010-07-13 c:\windows\Tasks\User_Feed_Synchronization-{6142E2EA-E42B-4B48-BC48-E
    541F3E782B5}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    2010-07-13 c:\windows\Tasks\User_Feed_Synchronization-{7B7E6A1A-2B29-4F9A-A9C0-C
    4607C60722B}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    2010-07-13 c:\windows\Tasks\User_Feed_Synchronization-{8FEB7F44-35F2-46CA-803D-5
    5D3EBA6CE61}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    2010-07-13 c:\windows\Tasks\User_Feed_Synchronization-{D5507F06-C90E-4664-A882-E
    6A00AFD842E}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Fire
    fox\Profiles\mkkgejod.default\
    FF - component: c:\program files\Mozilla Firefox\extensions\search@searchsetting
    s.com\components\SearchSettingsFF.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80
    e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation
    Foundation\DotNetAssistantExtension\
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2010-07-13 15:08
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'winlogon.exe'(784)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2010-07-13 15:10:33
    ComboFix-quarantined-files.txt 2010-07-13 20:10
    Pre-Run: 31,954,558,976 bytes free
    Post-Run: 31,986,712,576 bytes free
    - - End Of File - - EA3200FA5D243E6BD656CA86EA632CCC

    You might also like