Jotti Results:
c:\4c1727e96774f6efe758776af2\$shtdwn$.reqScan taken on 02 Apr 2009 17:20:48 (GMT)
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
------------------------------------------
Jotti Results:
c:\4c1727e96774f6efe758776af2\mrt.exeActed as though I didn't upload a file. Nothing happened.
Also tried through Virustotal, but got this error:
Bigger than max permited size / Mayor del tamaño máximo permitidoJotti results:
c:\4c1727e96774f6efe758776af2\mrtstub.exeScan taken on 02 Apr 2009 17:25:32 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
--------------------------------------ComboFix 09-04-01.01 - Owner 2009-04-02 12:37:24.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.702.469 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFixx.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_csiscanner
-------\Service_csiscanner
((((((((((((((((((((((((( Files Created from 2009-03-02 to 2009-04-02 )))))))))))))))))))))))))))))))
.
2009-04-01 23:02 . 2009-04-01 23:02 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-04-01 23:02 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 23:02 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-01 20:23 . 2009-04-01 20:23 <DIR> d-------- c:\program files\Windows Installer Clean Up
2009-04-01 20:04 . 2009-04-01 20:04 <DIR> d-------- c:\program files\Viewpoint
2009-04-01 20:04 . 2009-04-01 20:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-01 17:22 . 2009-04-02 10:41 1,100,320 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-04-01 17:22 . 2009-04-02 10:41 221,216 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-04-01 17:22 . 2009-04-02 10:41 9,704 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-04-01 17:22 . 2009-04-02 10:41 1,836 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-04-01 13:54 . 2009-04-01 13:54 1,263 --a------ c:\windows\system32\%LocalXml%
2009-04-01 13:04 . 2009-04-01 13:52 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-04-01 13:04 . 2009-04-01 13:52 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-04-01 13:03 . 2009-04-01 13:03 <DIR> d-------- c:\program files\Kaspersky Lab
2009-04-01 13:03 . 2009-04-02 10:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-01 12:04 . 2009-04-01 11:39 <DIR> d-------- c:\documents and settings\Owner\.housecall6.6
2009-04-01 11:43 . 2009-04-01 11:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-04-01 11:38 . 2009-04-01 11:38 64 --a------ c:\windows\wininit.ini
2009-04-01 09:58 . 2009-04-01 09:58 <DIR> d-------- C:\4c1727e96774f6efe758776af2
2009-04-01 09:51 . 2009-04-01 09:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-01 09:50 . 2009-04-01 23:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-31 12:53 . 2009-03-31 12:53 <DIR> d-------- c:\program files\Trend Micro
2009-03-29 12:20 . 2009-03-29 12:20 2 --a------ C:\-2080303660
2009-03-28 22:27 . 2009-03-28 22:27 <DIR> d-------- c:\documents and settings\Owner\Application Data\iWin
2009-03-28 22:26 . 2009-03-28 22:29 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-27 00:20 . 2009-03-27 00:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\iWin Games
2009-03-19 23:37 . 2004-08-04 12:00 81,920 --a------ c:\windows\system32\ieencode.dll
2009-03-19 23:37 . 2004-08-04 12:00 81,920 --a------ c:\windows\system32\dllcache\ieencode.dll
2009-03-19 23:37 . 2004-08-04 12:00 68,608 --a------ c:\windows\system32\plugin.ocx
2009-03-19 23:37 . 2004-08-04 12:00 68,608 --a------ c:\windows\system32\dllcache\plugin.ocx
2009-03-19 17:35 . 2009-03-19 17:35 <DIR> d-------- c:\program files\Onlinebandit
2009-03-19 07:28 . 2001-08-17 22:36 8,704 --a------ c:\windows\system32\kbdjpn.dll
2009-03-19 07:28 . 2001-08-17 22:36 8,704 --a--c--- c:\windows\system32\dllcache\kbdjpn.dll
2009-03-19 07:28 . 2001-08-17 22:36 8,192 --a------ c:\windows\system32\kbdkor.dll
2009-03-19 07:28 . 2001-08-17 22:36 8,192 --a--c--- c:\windows\system32\dllcache\kbdkor.dll
2009-03-19 07:28 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd106.dll
2009-03-19 07:28 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101c.dll
2009-03-19 07:28 . 2001-08-17 14:55 6,144 --a------ c:\windows\system32\kbd101b.dll
2009-03-19 07:28 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd106.dll
2009-03-19 07:28 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101c.dll
2009-03-19 07:28 . 2001-08-17 14:55 6,144 --a--c--- c:\windows\system32\dllcache\kbd101b.dll
2009-03-19 07:28 . 2001-08-17 14:55 5,632 --a------ c:\windows\system32\kbd103.dll
2009-03-19 07:28 . 2001-08-17 14:55 5,632 --a--c--- c:\windows\system32\dllcache\kbd103.dll
2009-03-16 09:51 . 2009-03-16 09:51 <DIR> d--hs---- c:\windows\system32\config\systemprofile\PrivacIE
2009-03-16 09:43 . 2009-03-16 09:43 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-03-05 22:46 . 2009-03-05 22:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2009-03-05 15:51 . 2009-03-05 15:51 <DIR> d--hs---- c:\documents and settings\Owner\IECompatCache
2009-03-05 15:49 . 2009-03-05 15:49 <DIR> d--hs---- c:\documents and settings\Owner\IETldCache
2009-03-05 15:10 . 2009-01-10 22:00 79,360 --a--c--- c:\windows\system32\dllcache\iecompat.dll
2009-03-02 15:57 . 2009-03-02 15:57 <DIR> d-------- c:\documents and settings\Owner\Application Data\Yahoo!
2009-03-02 15:56 . 2009-03-05 14:36 <DIR> d-------- c:\program files\Yahoo!
2009-03-02 15:56 . 2009-03-02 23:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2009-03-02 12:22 . 2009-03-02 12:22 <DIR> d-------- C:\Installation Files
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 03:23 --------- d-----w c:\program files\MSECache
2009-04-01 20:52 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-21 18:36 --------- d-----w c:\program files\Common Files\AOL
2009-03-20 00:01 --------- d-----w c:\program files\Common Files\Apple
2009-03-06 04:12 --------- d-----w c:\documents and settings\Owner\Application Data\HPAppData
2009-03-05 21:35 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2009-03-02 05:06 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard
2009-02-15 18:07 --------- d-----w c:\program files\Google
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\-2080303660 -- Not a PE file.
MD5: 444bcb3a3fcf8389296c49467f27e1d6
((((((((((((((((((((((((((((( SnapShot@2009-04-01_17.57.52.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-29 19:31:39 213,376 -c--a-w c:\windows\system32\dllcache\ndis.sys
+ 2004-08-04 19:00:00 182,912 -c--a-w c:\windows\system32\dllcache\ndis.sys
- 2009-03-29 19:31:39 213,376 -c--a-w c:\windows\system32\drivers\ndis.sys
+ 2004-08-04 19:00:00 182,912 ----a-w c:\windows\system32\drivers\ndis.sys
+ 2009-04-02 19:40:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_25c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-01 206088]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^run_startmenu.cmd]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd
backup=c:\windows\pss\run_startmenu.cmdCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
--a------ 2004-04-07 12:07 496752 c:\program files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 12:00 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-10-14 22:17 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a------ 2007-08-22 17:31 80896 c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
--a------ 2009-02-20 15:22 4363504 c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 16:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-13 13:42 212992 c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2005-03-09 08:00 966656 c:\windows\creator\remind_xp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 06:43 136600 c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a------ 2004-11-15 16:04 135168 c:\program files\Digital Media Reader\shwiconEM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2004-05-17 19:30 543232 c:\windows\zHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
--a------ 2003-09-19 10:09 36864 c:\windows\ShowWnd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-12-09 12:17 67584 c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2004-08-13 11:48 49152 c:\windows\system32\VTTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2004-08-13 11:48 143360 c:\windows\system32\VTTrayp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\America Online 9.0\\aol.exe"=
"c:\\Program Files\\Onlinebandit\\Start.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.myspace.com/uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-02 10:41:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-02 10:43:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-02 17:43:40
ComboFix2.txt 2009-04-02 16:43:59
ComboFix3.txt 2009-04-02 00:58:32
Pre-Run: 43,847,987,200 bytes free
Post-Run: 43,837,100,032 bytes free
206 --- E O F --- 2009-03-06 13:11:09