ComboFix 11-12-21.02 - Imy 12/21/2011 18:27:48.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.3032.1647 [GMT -8:00]
Running from: c:\users\Imy\Desktop\commy.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\system
.
.
((((((((((((((((((((((((( Files Created from 2011-11-22 to 2011-12-22 )))))))))))))))))))))))))))))))
.
.
2011-12-22 02:07 . 2011-12-22 02:08 -------- d-----w- C:\c792c2aa3abf30a253a91c7a9c64c104
2011-12-22 01:59 . 2011-07-13 03:39 6881616 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{83B275A7-CBFD-4EF7-8EB6-AAC2CCE390F2}\mpengine.dll
2011-12-12 23:13 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-12-12 22:27 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5040379D-E944-4883-8EEA-6F4835D61396}\mpengine.dll
2011-12-12 21:49 . 2011-07-13 03:39 6881616 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{050E6237-3C11-4C43-88CC-D8C25BB7DF07}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-14 03:48 . 2010-12-14 03:48 7622112 ----a-w- c:\program files\mbam-setup-1.50.0.0.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9be4cb12-499d-4886-a444-78dce8571dde}]
2009-02-25 18:50 1283368 ----a-w- c:\program files\AOL News Toolbar\aolnewstb.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{142b34db-65ac-47e8-8a7f-026e3ec79fca}"= "c:\program files\AOL News Toolbar\aolnewstb.dll" [2009-02-25 1283368]
.
[HKEY_CLASSES_ROOT\clsid\{142b34db-65ac-47e8-8a7f-026e3ec79fca}]
[HKEY_CLASSES_ROOT\AOLNewsTb.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{770db96d-5ed4-43b0-aa6f-3ecc3def19d2}]
[HKEY_CLASSES_ROOT\AOLNewsTb.AOLToolBand]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{142B34DB-65AC-47E8-8A7F-026E3EC79FCA}"= "c:\program files\AOL News Toolbar\aolnewstb.dll" [2009-02-25 1283368]
.
[HKEY_CLASSES_ROOT\clsid\{142b34db-65ac-47e8-8a7f-026e3ec79fca}]
[HKEY_CLASSES_ROOT\AOLNewsTb.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{770db96d-5ed4-43b0-aa6f-3ecc3def19d2}]
[HKEY_CLASSES_ROOT\AOLNewsTb.AOLToolBand]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [BU]
"SearchEngineProtection"="c:\program files\Gamesbar\SearchEngineProtection.exe" [2010-12-29 591248]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
"EADM"="c:\program files\Origin\Origin.exe" [2011-09-23 27763336]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-08 1516840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-10 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-10 150552]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712]
"Dell DataSafe Online"="c:\program files\Dell DataSafe Online\DataSafeOnline.exe" [2009-04-09 1762032]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [BU]
"NapsterShell"="c:\program files\Napster\napster.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-05-11 483428]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-11 722256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-12-14 352976]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
.
c:\users\Imy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-08-05 22:32 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 MpKsl5a545050;MpKsl5a545050;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02B18001-50B5-462E-810F-8E0DCC9959AE}\MpKsl5a545050.sys [x]
R1 MpKsl7ebc60e8;MpKsl7ebc60e8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0E474926-B9B2-4F4E-A86E-061393939953}\MpKsl7ebc60e8.sys [2011-10-06 28752]
R1 MpKsla3139faf;MpKsla3139faf;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5FED235C-55F2-4A16-8806-64070889F316}\MpKsla3139faf.sys [x]
R1 MpKsld4f9b60e;MpKsld4f9b60e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{19A08DF3-8303-4F13-AA8B-B5B0B1E87DEC}\MpKsld4f9b60e.sys [x]
R1 MpKslfbe5ef84;MpKslfbe5ef84;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{287DA206-4629-45B9-B921-9A5293213D61}\MpKslfbe5ef84.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2008-05-14 309744]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2008-05-14 166384]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-05-14 1120752]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-10 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-23 22104]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-05-11 81920]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2008-01-21 21504]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 19984]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
yksvcs REG_MULTI_SZ yksvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:31]
.
2011-12-22 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:31]
.
2011-12-22 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-10-06 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride =
;*.local
IE: &AOL Email Toolbar Search - c:\programdata\AOL Email Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 192.168.2.1
DPF: {C9DB5AF8-4C14-4A3E-90F8-DB49D6B4866D} - hxxp://racing.youbet.com/wr_9_3/controls/YBUICtrl.cab
FF - ProfilePath - c:\users\Imy\AppData\Roaming\Mozilla\Firefox\Profiles\cdabwtdr.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://start.pogo.iplay.com/?o=shp
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Oberon GamesBar: gamesbar@oberon-media.com - %profile%\extensions\gamesbar@oberon-media.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-21 18:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,42,35,a7,2c,89,e6,49,a4,3c,7a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,74,42,35,a7,2c,89,e6,49,a4,3c,7a,\
.
Completion time: 2011-12-21 18:48:26
ComboFix-quarantined-files.txt 2011-12-22 02:48
ComboFix2.txt 2011-11-14 02:30
.
Pre-Run: 344,245,018,624 bytes free
Post-Run: 344,446,554,112 bytes free
.
- - End Of File - - 858D0E599656415237B5F7AC0445553C