Professional Documents
Culture Documents
Combo Fix File
Combo Fix File
2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2039.1370 [GMT -5:00]
Running from: c:\users\Klaudia\Desktop\username123.exe.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
The following files were disabled during the run:
c:\windows\system32\win32sta.dll
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))
)))))))))))))))))))))))))))))
.
.
c:\windows\system32\win32sta.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-31 )))))))
))))))))))))))))))))))))
.
.
2011-08-30 21:36 . 2011-08-31 03:35
-------d-----wc:\progr
amdata\Avira
2011-08-30 21:25 . 2011-08-30 21:25
-------d--h--wc:\progr
amdata\Common Files
2011-08-30 21:25 . 2011-08-30 21:30
-------d-----wc:\progr
amdata\MFAData
2011-08-30 18:25 . 2011-08-30 18:25
-------d-----wc:\progr
am files\Trend Micro
2011-08-30 16:36 . 2009-04-03 21:00
1310720 ----a-wc:\windows\syste
m32\CNC560C.dll
2011-08-30 16:36 . 2009-04-03 20:59
110592 ----a-wc:\windows\syste
m32\CNC560I.dll
2011-08-30 16:36 . 2009-04-03 20:57
106496 ----a-wc:\windows\syste
m32\CNC560U.dll
2011-08-30 16:36 . 2009-03-19 19:38
303104 ----a-wc:\windows\syste
m32\CNC560L.dll
2011-08-30 15:56 . 2011-08-16 12:48
7152464 ----a-wc:\programdata\M
icrosoft\Windows Defender\Definition Updates\{2A9AEA0C-0175-455F-91A7-2A47932C2E
F8}\mpengine.dll
2011-08-29 06:32 . 2011-08-29 06:57
-------d--h--wc:\windo
ws\msdownld.tmp
2011-08-26 05:11 . 2011-08-26 05:11
-------d--h--wc:\users
\Klaudia\AppData\Local\MicrosoftNT
2011-08-26 05:06 . 2011-08-26 05:06
-------d-----wc:\users
\Klaudia\AppData\Local\Enounce
2011-08-26 05:03 . 2011-08-26 05:03
-------d-----wc:\users
\Klaudia\AppData\Local\Downloaded Installations
2011-08-25 17:35 . 2011-08-25 17:35
-------d-----wc:\progr
am files\VideoLAN
2011-08-25 07:27 . 2011-08-25 07:37
-------d-----wc:\windo
ws\rescache
2011-08-25 02:44 . 2011-08-25 02:44
-------d-----wc:\progr
amdata\MemeoCommon
2011-08-25 02:44 . 2011-08-25 02:44
-------d-----wc:\users
\Klaudia\AppData\Roaming\Memeo
2011-08-25 02:44 . 2011-08-25 02:44
-------d-----wc:\users
\Klaudia\AppData\Roaming\Seagate
2011-08-25 02:43 . 2011-08-25 02:43
-------d-----wc:\progr
am files\Common Files\Memeo
2011-08-25 02:43 . 2011-08-25 02:43
-------d-----wc:\progr
am files\Memeo
2011-08-25 02:41 . 2011-08-25 02:43
-------d-----wc:\progr
am files\Seagate
2011-08-24 15:34 . 2011-07-09 04:30
2048
----a-wc:\windows\syste
m32\tzres.dll
2011-08-20 16:19 . 2011-06-15 09:04
86016 ----a-wc:\windows\syste
m32\odbccu32.dll
2011-08-20 16:19 . 2011-06-15 09:04
81920 ----a-wc:\windows\syste
m32\odbccr32.dll
2011-08-20 16:19 . 2011-06-15 09:04
319488 ----a-wc:\windows\syste
m32\odbcjt32.dll
2011-08-20 16:19 . 2011-06-15 09:04
163840 ----a-wc:\windows\syste
m32\odbctrac.dll
2011-08-20 16:19 . 2011-06-15 09:04
122880 ----a-wc:\windows\syste
m32\odbccp32.dll
2011-08-20 16:19 . 2011-06-15 09:04
94208 ----a-wc:\program files
\Common Files\System\Ole DB\msdaosp.dll
2011-08-20 16:15 . 2011-06-23 04:38
3957120 ----a-wc:\windows\syste
m32\ntkrnlpa.exe
2011-08-20 16:15 . 2011-06-23 04:38
3902336 ----a-wc:\windows\syste
m32\ntoskrnl.exe
2011-08-20 15:59 . 2011-04-29 02:57
311296 ----a-wc:\windows\syste
m32\drivers\srv.sys
2011-08-20 15:59 . 2011-04-29 02:57
309760 ----a-wc:\windows\syste
m32\drivers\srv2.sys
2011-08-20 15:59 . 2011-04-29 02:57
114176 ----a-wc:\windows\syste
m32\drivers\srvnet.sys
2011-08-20 15:59 . 2011-04-25 02:35
338944 ----a-wc:\windows\syste
m32\drivers\afd.sys
2011-08-20 15:59 . 2010-12-18 05:31
571904 ----a-wc:\windows\syste
m32\oleaut32.dll
2011-08-20 15:59 . 2011-05-24 10:35
294912 ----a-wc:\windows\syste
m32\umpnpmgr.dll
2011-08-20 15:57 . 2011-07-16 04:34
290816 ----a-wc:\windows\syste
m32\KernelBase.dll
2011-08-20 15:47 . 2011-01-17 05:38
161792 ----a-wc:\windows\syste
m32\d3d10_1.dll
2011-08-20 15:47 . 2011-04-29 05:08
759296 ----a-wc:\program files
\Common Files\Microsoft Shared\VGX\VGX.dll
2011-08-16 18:46 . 2011-04-09 05:56
123904 ----a-wc:\windows\syste
m32\poqexec.exe
2011-08-16 13:21 . 2011-08-16 13:21
-------d-----wc:\users
\Klaudia\AppData\Roaming\Epson
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))
)))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck ------Note: Unsigned files aren't necessarily malware.
.
[7] 2011-07-16 . 921F8B3FF01501C9934CCB3C270833D7 . 868352 . . [6.1.7601.21772]
. . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.2
1772_none_960c0dc1cdddb3a2\kernel32.dll
[7] 2011-07-16 . 7E99A20C758ABB5AE89C7AEEA3A9AEB2 . 868352 . . [6.1.7600.16850]
. . c:\windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7600.1
6850_none_93afb334b78b3d5c\kernel32.dll
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 18:01]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-25 18:01]
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1770972852-140635212-26
30037756-1000Core.job
- c:\users\Klaudia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 16:5
9]
.
2011-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1770972852-140635212-26
30037756-1000UA.job
- c:\users\Klaudia\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-27 16:5
9]
.
.
------- Supplementary Scan ------.
uStart Page = hxxp://www.nytimes.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Klaudia\AppData\Roaming\Mozilla\Firefox\Profiles\ilg
9q52l.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Moz
illa Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program file
s\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program file
s\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program file
s\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program file
s\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@il
limitux.net
.
.
--------------------- LOCKED REGISTRY KEYS --------------------.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes -----------------------.
c:\windows\system32\AUDIODG.EXE
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceServi
ce.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-08-30 23:32:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-31 04:32
.
Pre-Run: 10,567,090,176 bytes free
Post-Run: 13,888,856,064 bytes free
.
- - End Of File - - C64A1ABF7647F4EB708C2BEFB6A3188A