Scribd Logo
Upload

Welcome to Scribd!

  • Combo Fix

    Uploaded by

    Logesh Na
    29 views2 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    29 views2 pages

    Combo Fix

    Uploaded by

    Logesh Na

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    ComboFix 11-11-22.03 - Administrator 11/23/2011 12:06:41.1.

    2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.708 [GMT 5.5:3
    0]
    Running from: \\192.168.1.17\New Folder\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))
    ))))))))))))))))))))))))
    .
    .
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    2011-07-08 07:16 . 2011-11-21 11:53
    142296 ----a-wc:\program files
    \mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
    )))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-01-13 339662
    4]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-10-05 98304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-10-05 114688]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2006-10-05 94208]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2011-11-2
    1 77824]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-0606 937920]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
    edApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Java\\jre1.6.0\\bin\\java.exe"=
    "c:\\Program Files\\Java\\jdk1.6.0\\bin\\java.exe"=
    "c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
    .
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/22/2011 5:53 AM 294608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/22/2011 5:53 A
    M 17744]
    S3 Tomcat6;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 6.0\
    bin\tomcat6.exe [7/22/2008 5:31 AM 57344]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-484061587-682
    003330-500Core.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google
    \Update\GoogleUpdate.exe [2011-11-21 11:30]
    .

    2011-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-484061587-682
    003330-500UA.job
    - c:\documents and settings\Administrator\Local Settings\Application Data\Google
    \Update\GoogleUpdate.exe [2011-11-21 11:30]
    .
    .
    ------- Supplementary Scan ------.
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozi
    lla\Firefox\Profiles\nup0c14h.default\
    FF - prefs.js: network.proxy.type - 0
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
    /www.gmer.net
    Rootkit scan 2011-11-23 12:09
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
    "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-f
    ile=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
    .
    --------------------- DLLs Loaded Under Running Processes --------------------.
    - - - - - - - > 'winlogon.exe'(668)
    c:\windows\system32\igfxdev.dll
    c:\windows\system32\wbem\wbemcomn.dll
    .
    Completion time: 2011-11-23 12:11:01
    ComboFix-quarantined-files.txt 2011-11-23 06:40
    .
    Pre-Run: 55,142,854,656 bytes free
    Post-Run: 55,122,579,456 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional"
    /noexecute=optin /fastdetect
    .
    - - End Of File - - AD952DA180B5F133ADB4B15FA5808083

    You might also like