ComboFix 09-11-26.02 - hp 11/28/2009 0:33.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.219 [GMT 5.5:30]
Running from: c:\documents and settings\hp\desktop\commy.exe
Command switches used :: /stepdel
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\windows\system32\setting.ini
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-10-27 to 2009-11-27 )))))))))))))))))))))))))))))))
.
2009-11-27 18:50 . 2009-11-27 18:51 -------- d-----w- C:\commy
2009-11-26 12:10 . 2009-11-26 12:10 79488 ----a-w- c:\documents and settings\hp\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-27 19:12 . 2009-06-17 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-11-27 19:12 . 2008-11-06 18:49 -------- d-----w- c:\program files\DNA
2009-11-27 19:12 . 2008-11-06 18:49 -------- d-----w- c:\documents and settings\hp\Application Data\DNA
2009-11-27 19:10 . 2009-06-17 15:22 548896 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-11-27 19:10 . 2009-06-17 15:22 4004 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-11-27 19:10 . 2009-06-17 15:22 2225696 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-27 19:10 . 2009-06-17 15:22 19516 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-11-26 11:48 . 2009-06-17 15:23 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-11-26 11:48 . 2009-06-17 15:23 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-11-26 11:19 . 2009-03-15 18:38 4045527 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 09:24 . 2009-01-16 16:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 09:23 . 2009-01-16 16:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2008-11-02 18:35 . 2008-11-02 18:35 14566424 ----a-w- c:\program files\vlc-0.9.4-win32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [1980-01-10 323392]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-05-15 95536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-28 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-16 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-16 126976]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-09-07 213054]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-11-01 290816]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-02 122939]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-11-12 790528]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2004-10-26 184320]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-15 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
c:\documents and settings\hp\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
WordWeb.lnk - d:\wordweb\wweb32.exe [2008-12-6 42168]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2004-10-26 569405]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-10-29 184320]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-10-31 122880]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\hp\\My Documents\\Age of Emp\\empires2.EXE"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [5/3/2004 9:56 PM 80384]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
.
Contents of the 'Scheduled Tasks' folder
2009-11-27 c:\windows\Tasks\User_Feed_Synchronization-{31717168-8B0F-471E-B864-C132C14F5480}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 23:01]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8uSearchURL,(Default) =
hxxp://www.google.com/search?q=%sIE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {7C3AA0EE-5089-4B3B-A913-1E31C4D9BDEC} = 125.22.47.125,202.56.250.5
.
- - - - ORPHANS REMOVED - - - -
AddRemove-HijackThis - c:\documents and settings\hp\My Documents\installations\HijackThis.exe
AddRemove-{91810AFC-A4F8-4EBA-A5AA-B198BBC81144} - c:\program files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe REMOVEALL
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-28 00:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????2?1?4?0??????? ???B???????????????B? ??????
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3200)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\HPQ\SHARED\HPQWMI.exe
.
**************************************************************************
.
Completion time: 2009-11-28 00:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-27 19:16
Pre-Run: 3,310,895,104 bytes free
Post-Run: 3,203,182,592 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - D89E095D30CF6370F42EE067CEB191F2