123

ComboFix 11-04-11.03 - aamasha 04/12/2011 15:44:08.1.
2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3536.2650 [GMT 4:00
]
Running from: c:\users\aamasha\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-80
3E83E35902}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2
B}
SP: Trend Micro Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB
4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
.
----- BITS: Possible infected sites -----
.
hxxp://saiwsus.sai.gov.om
.
((((((((((((((((((((((((( Files Created from 2011-03-12 to 2011-04-12 )))))))
))))))))))))))))))))))))
.
.
2011-04-12 11:49 . 2011-04-12 11:49 -------- d-----w- c:\users
\aamasha\AppData\Local\temp
2011-04-12 11:49 . 2011-04-12 11:49 -------- d-----w- c:\users
\Default\AppData\Local\temp
2011-04-12 11:49 . 2011-04-12 11:49 -------- d-----w- c:\users
\yaltoobi\AppData\Local\temp
2011-04-12 03:45 . 2011-04-12 04:04 -------- d-----w- c:\progr
am files\Anti Trojan Elite
2011-04-11 17:56 . 2006-06-19 08:01 69632 ----a-w- c:\windows\syste
m32\ztvcabinet.dll
m32\ztvunrar36.dll
m32\ztvunace26.dll
m32\UNRAR3.dll
m32\unacev2.dll
2011-04-11 17:56 . 2011-04-12 04:05 -------- d-----w- c:\progr
am files\Trojan Remover
2011-04-11 07:51 . 2011-04-12 04:05 -------- d-----w- c:\progr
am files\GridinSoft Trojan Killer
2011-04-09 09:45 . 2011-04-09 09:45 -------- d-----w- c:\users
\aamasha\AppData\Local\Yahoo
2011-04-09 09:36 . 2011-04-11 15:16 -------- d-----w- c:\progr
am files\Common Files\Symantec Shared
2011-04-09 09:07 . 2011-04-09 09:07 -------- d-----w- c:\progr
amdata\Symantec
2011-04-09 09:07 . 2011-04-09 09:07 -------- d-----w- c:\windo
ws\system32\drivers\NSS
2011-04-09 09:07 . 2011-04-09 09:07 -------- d-----w- c:\progr
am files\Norton Security Scan
2011-04-09 09:07 . 2011-04-09 09:07 -------- d-----w- c:\progr
amdata\Norton
2011-04-09 09:07 . 2011-04-09 09:07 -------- d-----w- c:\progr
am files\NortonInstaller
2011-04-08 19:56 . 2011-04-08 19:56 11776 ----a-w- c:\program files
\Mozilla Firefox\plugins\nprjplug.dll
2011-04-08 19:56 . 2011-04-08 19:56 -------- d-----w- c:\progr
am files\Common Files\xing shared
\Mozilla Firefox\plugins\nppl3260.dll
\Mozilla Firefox\plugins\nprpjplug.dll
m32\msvcp71.dll
m32\msvcr71.dll
2011-04-08 19:56 . 2011-04-08 19:56 -------- d-----w- c:\users
\aamasha\AppData\Local\Real
2011-04-07 21:53 . 2011-04-07 21:53 -------- d-----w- c:\progr
amdata\Yahoo! Companion
2011-04-07 21:53 . 2011-04-07 21:53 -------- d-----w- c:\progr
amdata\Yahoo!
2011-04-07 21:53 . 2011-04-07 21:53 -------- d-----w- c:\users
\aamasha\AppData\Roaming\Yahoo!
2011-04-07 21:52 . 2011-04-07 21:53 -------- d-----w- c:\progr
am files\Yahoo!
2011-04-07 21:43 . 2011-04-07 21:44 -------- d-----w- c:\progr
am files\Common Files\Adobe
2011-04-07 20:42 . 2011-04-07 20:42 -------- d-----w- c:\users
\aamasha\AppData\Roaming\Uniblue
2011-04-07 20:42 . 2011-04-07 21:23 -------- dc----w- c:\progr
amdata\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
2011-04-07 20:42 . 2011-04-07 20:42 -------- d-----w- c:\progr
am files\Uniblue
2011-04-07 20:42 . 2011-04-07 20:42 -------- d-----w- c:\users
\aamasha\AppData\Local\PackageAware
m32\FntCache.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2011-03-11 10:39 . 2011-03-11 10:39 19973448 ----a-w- c:\progr
am files\winzip150.exe
\mozilla firefox\components\jar50.dll
\mozilla firefox\components\jsd3250.dll
\mozilla firefox\components\myspell.dll
\mozilla firefox\components\spellchk.dll
\mozilla firefox\components\xpinstal.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files\NCH_EN\tbNCH_.dll" [
2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{37483b40-c254-4a72-bda4-22ee90182c1e}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD24
9D}]
2010-12-09 08:51 3911776 ----a-w- c:\program files\ConduitEngine\C
onduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c
1e}]
2010-12-09 08:51 3911776 ----a-w- c:\program files\NCH_EN\tbNCH_.d
ll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{37483b40-c254-4a72-bda4-22ee90182c1e}"= "c:\program files\NCH_EN\tbNCH_.dll" [
2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\Condui
tEngine.dll" [2010-12-09 3911776]
.
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{37483B40-C254-4A72-BDA4-22EE90182C1E}"= "c:\program files\NCH_EN\tbNCH_.dll" [
2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\Condui
tEngine.dll" [2010-12-09 3911776]
.
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[2011-01-31 39408]
"Anti Trojan Elite"="c:\program files\Anti Trojan Elite\TJEnder.exe" [2011-03-04
4076544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-24 1
40520]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDe
ll2.exe" [2009-07-08 413827]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [20
10-01-26 1020248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_s
l.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-
20 932288]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2011-04-08
273544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SS
Scheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [201
0-05-08 229376]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\Google
Update.exe [2011-01-31 136176]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system
32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2
010-05-27 204800]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program
files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 SNVAD_Drv5;PJ Virtual Audio5 Device Driver;c:\windows\system32\drivers\pjvad5
.sys [2008-01-09 17408]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-07-19 51792]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Sec
urity\TmPfw.exe [2010-08-24 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Secur
ity\TmProxy.exe [2010-08-24 689416]
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\DRIVERS\tmlwf.sy
s [2010-08-24 146448]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2010-07-30 36432]
S2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\DRIVERS\tmwfp.sys [2
010-08-24 283152]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVER
S\CtClsFlt.sys [2009-06-15 143968]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DR
IVERS\e1y6032.sys [2009-07-13 214016]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.
sys [2010-05-27 63616]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows V
ista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 20736
0]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 98099
2]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13
661504]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 07:54]
.
2011-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-31 07:54]
.
2011-04-11 c:\windows\Tasks\Norton Security Scan for aamasha.job
- c:\program files\Norton Security Scan\Engine\3.0.0.103\Nss.exe [2011-04-09 07:
25]
.
.
------- Supplementary Scan -------
.
uStart Page = about::blank
uInternet Settings,ProxyServer = saiisa:8080
uInternet Settings,ProxyOverride = 192.168.*.*;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\Google
ToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: {06C1C135-3357-4191-985D-2B144E3B497F} = 212.72.1.186 212.72.23.4
FF - ProfilePath - c:\users\aamasha\AppData\Roaming\Mozilla\Firefox\Profiles\iuo
35sau.default\
FF - prefs.js: browser.startup.homepage - hxxp://hras/iTrust/html/Index.htm
FF - prefs.js: network.proxy.ftp - saiisa
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - saiisa
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - saiisa
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - saiisa
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - saiisa
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 1
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-
08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
.
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-12 15:50:20
ComboFix-quarantined-files.txt 2011-04-12 11:50
.
Pre-Run: 24,360,546,304 bytes free
Post-Run: 24,514,027,520 bytes free
.
- - End Of File - - 1DCC0CEC9A23272B672C8204379167EC

123

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

123

Uploaded by

Copyright:

Available Formats

ComboFix 11-04-11.03 - aamasha 04/12/2011 15:44:08.1.

You might also like