Combo Fix

ComboFix 10-09-20.02 - Administrator 09/21/2010 2:01.3.
2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.351 [GMT 9:00]
Running from: F:\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Outdated) {2C4D4BC6-0793-
4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
C:\dfinstall.log
c:\documents and settings\Administrator\Application Data\Microsoft\Internet Expl
orer\Quick Launch\Total PC Defender.lnk
c:\documents and settings\Administrator\Start Menu\Total PC Defender
c:\documents and settings\Administrator\Start Menu\Total PC Defender\Total PC De
fender.lnk
c:\windows\system\WINSPOOL.DRV
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll
.
((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))
))))))))))))))))))))))))
.
2011-07-13 15:09 . 2010-07-29 21:01 97549 ----a-w- c:\windows\syste
m32\drivers\klick.dat
m32\drivers\klin.dat
2011-07-13 15:07 . 2011-07-13 15:07 -------- d-----w- c:\progr
am files\Kaspersky Lab
2011-07-13 15:07 . 2010-09-20 17:11 -------- d-----w- c:\docum
ents and settings\All Users\Application Data\Kaspersky Lab
2011-07-13 13:36 . 2011-07-13 15:02 -------- d-----w- c:\docum
ents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2011-06-25 13:19 . 2011-06-25 13:19 501936 ----a-w- c:\documents and
settings\All Users\Application Data\Google\Google Toolbar\Update\gtbDE.tmp.exe
2011-05-10 10:28 . 2011-05-10 10:28 -------- d-----w- c:\docum
ents and settings\Administrator\Local Settings\Application Data\WMTools Download
ed Files
2011-04-27 21:10 . 2011-04-27 21:10 56 ---ha-w- c:\windows\syste
m32\ezsidmv.dat
2011-04-27 21:10 . 2010-09-20 16:03 -------- d-----w- c:\docum
ents and settings\Administrator\Application Data\skypePM
2011-04-27 21:07 . 2010-09-20 16:05 -------- d-----w- c:\docum
ents and settings\Administrator\Application Data\Skype
2011-04-27 21:02 . 2011-04-27 21:02 -------- d-----w- c:\progr
am files\Common Files\Skype
2011-04-27 21:02 . 2011-04-27 21:04 -------- d-----r- c:\progr
am files\Skype
2011-04-27 21:01 . 2011-04-27 21:02 -------- d-----w- c:\docum
ents and settings\All Users\Application Data\Skype
2011-04-21 22:50 . 2011-05-16 02:07 -------- d-----w- C:\Downl
oads
2011-04-09 10:35 . 2011-04-09 10:35 -------- d-----w- C:\updfi
les
settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary
Files\rollback\patch\AutoPatches\kav11\11.0.0.232\updater.dll
Files\rollback\patch\AutoPatches\kav11\11.0.0.232\libola.dll
Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\updater.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
2011-07-13 15:04 . 2009-09-03 00:22 -------- d-----w- c:\progr
am files\AVG
2011-07-13 15:04 . 2010-02-02 18:04 -------- d-----w- c:\docum
ents and settings\All Users\Application Data\avg8
2011-07-13 13:32 . 2010-02-01 17:23 -------- d-----w- c:\progr
am files\ESET
2011-07-13 12:09 . 2009-09-03 02:43 -------- d-----w- c:\docum
ents and settings\All Users\Application Data\Nero
2011-07-13 12:09 . 2009-09-03 02:43 -------- d-----w- c:\progr
am files\Common Files\Nero
2011-05-20 19:12 . 2009-09-03 01:33 -------- d-----w- c:\progr
am files\FlashGet
2011-04-27 21:14 . 2009-09-03 01:33 -------- d-----w- c:\progr
am files\Google
Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\libola.dll
settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\avengine.dll
Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-09-01 00:59 . 2010-07-23 05:02 -------- d-----w- c:\docum
ents and settings\All Users\Application Data\CanonIJPLM
2010-08-30 01:09 . 2010-07-23 05:07 -------- d-----w- c:\docum
ents and settings\All Users\Application Data\CanonIJ
2010-08-26 23:34 . 2010-02-01 11:27 -------- d-----w- c:\progr
am files\Smadav
settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\sys_critical_obj.
dll
Files\temporaryFolder\bases\sco\i386\win\sys_critical_obj.dll
2010-08-10 14:06 . 2009-09-03 00:50 -------- d-----w- c:\docum
ents and settings\All Users\Application Data\Microsoft Help
2010-08-04 04:12 . 2010-09-23 00:19 5311 ----a-w- C:\huadio.tmp
2010-08-03 06:10 . 2010-08-03 06:10 -------- d-----w- c:\docum
ents and settings\Administrator\Application Data\ArcSoft
Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\shellex.dll
Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\sbstart.exe
Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\klwtblc.dll
2010-07-23 05:09 . 2010-07-23 05:06 -------- d-----w- c:\docum
ents and settings\Administrator\Application Data\Canon
2010-07-23 05:09 . 2010-07-23 05:09 -------- d--h--w- c:\docum
ents and settings\All Users\Application Data\CanonIJScan
2010-07-23 05:04 . 2010-07-23 05:04 -------- d--h--w- c:\docum
ents and settings\All Users\Application Data\CanonIJEGV
2010-07-23 05:04 . 2010-07-23 05:04 -------- d--h--w- c:\docum
ents and settings\All Users\Application Data\CanonIJSolutionMenu
2010-07-23 05:02 . 2010-07-23 04:56 -------- d-----w- c:\progr
am files\Canon
2010-07-23 05:01 . 2010-07-23 05:01 -------- d-----w- c:\progr
am files\ArcSoft
2010-07-23 05:01 . 2009-09-02 23:53 -------- d--h--w- c:\progr
am files\InstallShield Installation Information
2010-07-23 05:01 . 2009-09-02 23:52 -------- d-----w- c:\progr
am files\Common Files\InstallShield
2010-07-23 05:00 . 2010-07-23 05:00 -------- d-----w- c:\progr
am files\Common Files\CANON
2010-07-23 04:58 . 2010-07-23 04:58 -------- d--h--w- c:\progr
am files\CanonBJ
settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\ksn_client.dll
Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\klwtbbho.dll
Files\temporaryFolder\AutoPatches\kav11\11.0.0.232\esmgr.dll
Files\temporaryFolder\bases\sw2\klavasyswatch.dll
m32\schannel.dll
m32\wininet.dll
m32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
[2010-01-03 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-05 26102056]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files\Smadav\SM?RTP.exe" [?]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-17 141848]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-05-14 298311
68]
"RemoteControl8"="c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-2
0 83240]
"PDVD8LanguageShortcut"="c:\program files\CyberLink\PowerDVD8\Language\Language.
exe" [2007-12-14 50472]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [
2006-10-26 31016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.ex
e" [2006-01-30 98304]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-
11 689488]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
[2010-05-07 344736]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office
\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Flashget"="c:\program files\FlashGet\FlashGet.exe" /min
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_s
l.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiV
irus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz
edApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys
[9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/
2/2009 8:27 PM 19472]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system
32\drivers\viahduaa.sys [9/3/2009 8:59 AM 238080]
S1 kl2;Kl2;c:\windows\system32\drivers\kl2.sys [5/7/2010 12:19 AM 132184]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\Google
Update.exe [1/28/2010 6:47 PM 135664]
.
Contents of the 'Scheduled Tasks' folder
2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 03:34]
2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 09:47]
2011-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 09:47]
2011-07-13 c:\windows\Tasks\User_Feed_Synchronization-{1C2846D2-D259-466E-AFFA-A
73E75E37DE7}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\Google
ToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Total PC Defender - c:\program files\Total PC Defender\Total PC Defende
r.exe
HKLM-Run-Stask - c:\windows\irundll32.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net
Rootkit scan 2010-09-21 02:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1?????????????????
???????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2052111302-1275210071-1801674531-500\Software\Microsoft\Int
ernet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,55,43,d0,37,95,e2,42,aa,42,5f,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,25,55,43,d0,37,95,e2,42,aa,42,5f,\
[HKEY_USERS\S-1-5-21-2052111302-1275210071-1801674531-500\Software\Microsoft\Win
dows\CurrentVersion\Explorer\FileExts\.**-*"\OpenWithList]
@Class="Shell"
dows\CurrentVersion\Explorer\FileExts\.*Ñ*Ü*§ \OpenWithList]
@Class="Shell"
dows\CurrentVersion\Explorer\FileExts\.*X%
%*]
@Class="Shell"
dows\CurrentVersion\Explorer\FileExts\.*X%
%*\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(624)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b1
28700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceS
ervice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-21 02:18:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-20 17:18
Pre-Run: 29,310,525,440 bytes free
Post-Run: 31,687,778,304 bytes free
- - End Of File - - 5313113DE231E73A30CFABEB0A09A031

Combo Fix

Uploaded by

Copyright:

Available Formats

Combo Fix

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Combo Fix

Uploaded by

Copyright:

Available Formats

ComboFix 10-09-20.02 - Administrator 09/21/2010 2:01.3.

You might also like

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.