tatun
2010-05-20, 01:28
i install "kaspersky internet security 2010"....after installing restart my pogram...but i cant run kaspersky...nor run my pc safe mode...plz help me...below is my combfix log text...:eek:
ComboFix 10-05-19.02 - TATUN 05/20/2010 3:11.2.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.272 [GMT 5.5:30]
Running from: c:\documents and settings\TATUN\Desktop\ComboFix.exe
.
/wow section - STAGE 4
Access is denied.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\winsys.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3360PR
-------\Service_asc3360pr
-------\Legacy_ASC3360PR
-------\Service_asc3360pr
((((((((((((((((((((((((( Files Created from 2010-04-19 to 2010-05-19 )))))))))))))))))))))))))))))))
.
2010-05-19 21:13 . 2010-05-19 21:13 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-19 21:13 . 2010-05-19 21:13 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-19 21:10 . 2010-05-19 21:10 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-19 21:10 . 2010-05-19 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-05-19 21:00 . 2010-05-19 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-05-19 20:30 . 2010-05-19 20:30 -------- d-----w- c:\program files\Support Tools
2010-05-19 20:24 . 2005-09-20 03:01 135168 ----a-r- c:\windows\system32\igfxres.dll
2010-05-19 20:20 . 2004-08-04 05:31 70144 ----a-w- c:\windows\system32\dllcache\pintlphr.exe
2010-05-19 20:19 . 2001-08-23 15:00 45568 ----a-w- c:\windows\system32\dllcache\browscap.dll
2010-05-19 20:14 . 2004-08-03 17:01 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-05-19 20:06 . 2001-08-23 15:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-05-19 20:06 . 2001-08-23 15:00 13312 ----a-w- c:\windows\system32\dllcache\irclass.dll
2010-05-19 20:06 . 2001-08-23 15:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-05-19 20:06 . 2001-08-23 15:00 24661 ----a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-05-16 03:33 . 2010-05-16 03:33 -------- d-----w- c:\program files\RegistryFix7
2010-05-16 01:46 . 2010-05-16 01:46 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2010-05-16 01:46 . 2010-05-16 01:46 -------- d-----w- c:\documents and settings\TATUN\Application Data\TuneUp Software
2010-05-16 01:46 . 2010-05-16 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-05-16 01:35 . 2010-05-16 01:35 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2010-05-15 23:46 . 2010-05-15 23:46 -------- d-sh--w- c:\documents and settings\TATUN\IETldCache
2010-05-15 23:45 . 2010-05-19 21:48 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-15 23:44 . 2010-05-15 23:44 -------- d-----w- c:\documents and settings\TATUN\Application Data\Yahoo!
2010-05-15 23:44 . 2009-01-07 12:51 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-05-15 23:43 . 2010-05-15 23:43 -------- d--h--w- c:\windows\ie8
2010-05-15 23:43 . 2010-05-15 23:43 -------- d--h--w- c:\windows\msdownld.tmp
2010-05-15 21:28 . 2010-05-15 21:28 -------- d-----w- c:\program files\Focus Magic
2010-05-15 21:28 . 2004-03-05 07:22 8876032 ----a-w- c:\windows\system32\FocusMag.dll
2010-05-15 20:11 . 2010-05-15 20:11 -------- d-----w- c:\documents and settings\TATUN\Application Data\PC Suite
2010-05-15 20:11 . 2010-05-15 20:11 -------- d-----w- c:\documents and settings\TATUN\Application Data\Nokia
2010-05-15 20:11 . 2010-05-15 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-05-15 20:11 . 2010-05-15 20:11 -------- d-----w- c:\program files\Common Files\PCSuite
2010-05-15 20:11 . 2010-05-15 20:11 -------- d-----w- c:\program files\Common Files\Nokia
2010-05-15 20:10 . 2010-05-15 20:11 -------- d-----w- c:\program files\DIFX
2010-05-15 20:10 . 2008-08-26 03:56 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-05-15 20:10 . 2010-05-15 20:10 -------- d-----w- c:\program files\PC Connectivity Solution
2010-05-15 20:10 . 2010-05-15 20:10 -------- d-----w- c:\windows\system32\DRVSTORE
2010-05-15 20:10 . 2010-05-15 20:10 -------- d-----w- c:\program files\Nokia
2010-05-15 20:10 . 2009-10-06 06:22 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-05-15 20:10 . 2010-05-07 09:27 34498896 ----a-r- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng.exe
2010-05-15 20:09 . 2010-05-15 20:09 88064 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-05-15 20:09 . 2010-05-15 20:09 86016 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-05-15 20:09 . 2010-05-15 20:09 177152 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-05-15 20:09 . 2010-05-15 20:09 131072 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-05-15 20:09 . 2010-05-15 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-05-15 18:25 . 2010-05-15 18:25 -------- d-----w- C:\FOUND.000
2010-05-13 22:43 . 2010-05-13 22:43 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-13 22:43 . 2010-05-13 22:43 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-13 16:40 . 2010-05-13 16:40 -------- d-----w- c:\documents and settings\TATUN\Local Settings\Application Data\Yahoo
2010-05-13 03:27 . 2010-05-13 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-12 23:52 . 2010-05-12 23:53 -------- d-----w- c:\program files\FileASSASSIN
2010-05-12 22:35 . 2010-05-12 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-05-12 20:57 . 2010-05-12 20:57 -------- d-----w- c:\documents and settings\TATUN\Application Data\IObit
2010-05-11 23:42 . 2010-05-11 23:45 6114 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-05-11 23:36 . 2010-05-11 23:36 -------- d-----w- C:\Downloads
2010-05-11 23:04 . 2010-05-11 23:45 65257 ----a-w- c:\windows\BricoPackUninst.cmd
2010-05-11 23:02 . 2010-05-11 23:02 -------- d-----w- c:\windows\BricoPacks
2010-05-11 22:21 . 2010-05-11 22:21 -------- d-----w- c:\documents and settings\TATUN\Application Data\Malwarebytes
2010-05-11 22:21 . 2010-05-11 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-11 21:32 . 2010-05-11 21:32 -------- d-----w- c:\program files\LClock
2010-05-11 21:28 . 2010-05-11 21:28 -------- d-----w- c:\documents and settings\TATUN\Local Settings\Application Data\CometNetwork
2010-05-11 21:28 . 2010-05-11 21:28 -------- d-----w- c:\documents and settings\TATUN\Application Data\CometNetwork
2010-05-11 21:27 . 2010-05-11 21:27 -------- d-----w- c:\program files\blackmagic
2010-05-11 21:22 . 2010-05-11 21:22 -------- d-----w- c:\program files\Common Files\Nero
2010-05-11 21:21 . 2001-03-08 13:00 24064 ------w- c:\windows\system32\msxml3a.dll
2010-05-11 21:20 . 2010-05-11 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2010-05-11 21:20 . 2010-05-11 21:20 -------- d-----w- c:\program files\Ahead
2010-05-11 21:14 . 2010-05-11 21:14 -------- d-----w- c:\documents and settings\TATUN\Application Data\Media Player Classic
2010-05-11 21:09 . 2010-05-11 21:09 -------- d-----w- c:\program files\Easy GIF Animator
2010-05-11 21:07 . 2010-05-11 21:07 509448 ----a-w- c:\documents and settings\TATUN\Application Data\Real\Update\setup3.10\setup.exe
2010-05-11 21:06 . 2010-05-11 21:06 -------- d-----w- c:\program files\CometBird
2010-05-11 21:05 . 2010-05-11 21:05 -------- d-----w- c:\program files\Photo!
2010-05-11 21:04 . 2010-05-11 21:04 -------- d-----w- c:\program files\Mobile Photo Enhancer
2010-05-11 21:04 . 2010-05-11 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-11 21:04 . 2010-05-11 21:04 -------- d-----w- c:\program files\Yahoo!
2010-05-11 21:03 . 2010-05-11 21:03 -------- d-----w- c:\documents and settings\TATUN\Local Settings\Application Data\Google
2010-05-11 21:03 . 2010-05-11 21:03 -------- d-----w- c:\program files\Google
2010-05-11 21:02 . 2010-05-11 21:02 -------- d-----w- c:\documents and settings\TATUN\Local Settings\Application Data\Stardock
2010-05-11 21:02 . 2010-05-11 21:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\{A850D4D9-871B-4234-908D-21C457767270}
2010-05-11 21:02 . 2008-02-19 23:21 2378928 ----a-w- c:\documents and settings\All Users\Application Data\{A850D4D9-871B-4234-908D-21C457767270}\CursorFX_public.exe
2010-05-11 21:02 . 2010-05-11 21:02 -------- d-----w- c:\program files\Stardock
2010-05-11 21:01 . 2010-05-11 21:01 1032192 ----a-w- c:\documents and settings\TATUN\Application Data\Mozilla\Firefox\Profiles\wkwa8c1y.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2010-05-11 21:01 . 2010-05-11 21:01 -------- d-----w- c:\program files\BitComet
2010-05-11 21:01 . 2010-05-11 21:01 -------- d-----w- c:\documents and settings\TATUN\Application Data\Any Video Converter
2010-05-11 21:01 . 2010-05-11 21:01 -------- d-----w- c:\program files\Any Video Converter
2010-05-11 21:00 . 2010-05-11 21:00 -------- d-----w- c:\program files\Common Files\xing shared
2010-05-11 21:00 . 2010-05-11 21:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-11 21:00 . 2010-05-11 21:00 -------- d-----w- c:\program files\Common Files\Real
2010-05-11 21:00 . 2010-05-11 21:00 -------- d-----w- c:\program files\Real
2010-05-11 20:58 . 2010-05-11 20:58 -------- d-----w- c:\program files\USB Disk Security
2010-05-11 20:52 . 2006-10-26 14:26 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-05-11 20:52 . 2006-10-26 14:26 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-05-11 20:51 . 2010-05-11 20:51 -------- d-----w- c:\program files\Microsoft Works
2010-05-11 20:51 . 2010-05-11 20:51 -------- d-----w- c:\program files\MSBuild
2010-05-11 20:50 . 2010-05-11 21:05 95848 ----a-w- c:\documents and settings\TATUN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-11 20:47 . 2010-05-11 20:47 -------- d-----w- c:\documents and settings\TATUN\Local Settings\Application Data\Microsoft Help
2010-05-11 20:47 . 2010-05-11 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-11 20:46 . 2010-05-11 20:46 -------- d-----r- C:\MSOCache
2010-05-11 20:45 . 2010-05-11 20:45 -------- d--h--w- c:\windows\ShellNew
2010-05-11 20:45 . 2010-05-11 20:45 -------- d-----w- c:\program files\LEAP Office
2010-05-11 20:45 . 2010-05-11 20:45 -------- d-----w- c:\documents and settings\TATUN\WINDOWS
2010-05-11 20:42 . 2010-05-11 20:42 -------- d-----w- c:\documents and settings\TATUN\Local Settings\Application Data\Adobe
2010-05-11 20:41 . 2010-05-11 20:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-11 20:17 . 2004-08-03 17:37 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-19 20:30 . 2010-05-11 19:19 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-19 20:17 . 2010-05-11 19:17 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-11 21:00 . 2010-05-11 20:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-11 20:19 . 2010-05-11 20:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-05-11 20:17 . 2010-05-11 20:17 -------- d-----w- c:\program files\C-Media 3D Audio
2010-05-11 19:57 . 2010-05-11 19:57 0 ----a-w- c:\windows\nsreg.dat
2010-05-11 19:20 . 2010-05-11 19:20 -------- d-----w- c:\program files\microsoft frontpage
2004-08-04 02:26 . 2004-08-04 02:26 160149 --sh--r- c:\windows\system32\tlttjfzh.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-02-19 582472]
"LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 221184]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1594880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 100648]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3813376]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 113776]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-12 183296]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
"c:\\Documents and Settings\\TATUN\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\TATUN\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LClock\\lclock.exe"=
"c:\\Program Files\\PC Connectivity Solution\\Transports\\NclMSBTSrv.exe"=
"c:\\Program Files\\PC Connectivity Solution\\NclInstaller.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10000:TCP"= 10000:TCP:BitComet 10000 TCP
"10000:UDP"= 10000:UDP:BitComet 10000 UDP
"3440:TCP"= 3440:TCP:oybgl
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S2 uqljv;Monitor Manager;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 7:56 AM 14336]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ASC3360PR
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2004-08-04 02:26 99840 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
uSearchAssistant =
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\TATUN\Application Data\Mozilla\Firefox\Profiles\wkwa8c1y.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\TATUN\Application Data\Mozilla\plugins\npgoogletalk.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-CTFMON - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-20 03:19
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\uqljv]
"ServiceDll"="c:\windows\system32\tlttjfzh.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3708)
c:\program files\Stardock\CursorFX\CurXP0.dll
c:\program files\LClock\LC.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDll32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Completion time: 2010-05-20 03:23:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-19 21:53
Pre-Run: 10,143,752,192 bytes free
Post-Run: 10,347,806,720 bytes free
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - EDD8DF7CD64935909B04372B556B642A
ComboFix 10-05-19.02 - TATUN 05/20/2010 3:11.2.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.272 [GMT 5.5:30]
Running from: c:\documents and settings\TATUN\Desktop\ComboFix.exe
.
/wow section - STAGE 4
Access is denied.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\winsys.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASC3360PR
-------\Service_asc3360pr
-------\Legacy_ASC3360PR
-------\Service_asc3360pr
((((((((((((((((((((((((( Files Created from 2010-04-19 to 2010-05-19 )))))))))))))))))))))))))))))))
.
2010-05-19 21:13 . 2010-05-19 21:13 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-19 21:13 . 2010-05-19 21:13 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-05-19 21:10 . 2010-05-19 21:10 -------- d-----w- c:\program files\Kaspersky Lab
2010-05-19 21:10 . 2010-05-19 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-05-19 21:00 . 2010-05-19 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-05-19 20:30 . 2010-05-19 20:30 -------- d-----w- c:\program files\Support Tools
2010-05-19 20:24 . 2005-09-20 03:01 135168 ----a-r- c:\windows\system32\igfxres.dll
2010-05-19 20:20 . 2004-08-04 05:31 70144 ----a-w- c:\windows\system32\dllcache\pintlphr.exe
2010-05-19 20:19 . 2001-08-23 15:00 45568 ----a-w- c:\windows\system32\dllcache\browscap.dll
2010-05-19 20:14 . 2004-08-03 17:01 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-05-19 20:06 . 2001-08-23 15:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-05-19 20:06 . 2001-08-23 15:00 13312 ----a-w- c:\windows\system32\dllcache\irclass.dll
2010-05-19 20:06 . 2001-08-23 15:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-05-19 20:06 . 2001-08-23 15:00 24661 ----a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-05-16 03:33 . 2010-05-16 03:33 -------- d-----w- c:\program files\RegistryFix7
2010-05-16 01:46 . 2010-05-16 01:46 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2010-05-16 01:46 . 2010-05-16 01:46 -------- d-----w- c:\documents and settings\TATUN\Application Data\TuneUp Software
2010-05-16 01:46 . 2010-05-16 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-05-16 01:35 . 2010-05-16 01:35 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2010-05-15 23:46 . 2010-05-15 23:46 -------- d-sh--w- c:\documents and settings\TATUN\IETldCache
2010-05-15 23:45 . 2010-05-19 21:48 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-15 23:44 . 2010-05-15 23:44 -------- d-----w- c:\documents and settings\TATUN\Application Data\Yahoo!
2010-05-15 23:44 . 2009-01-07 12:51 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-05-15 23:43 . 2010-05-15 23:43 -------- d--h--w- c:\windows\ie8
2010-05-15 23:43 . 2010-05-15 23:43 -------- d--h--w- c:\windows\msdownld.tmp
2010-05-15 21:28 . 2010-05-15 21:28 -------- d-----w- c:\program files\Focus Magic
2010-05-15 21:28 . 2004-03-05 07:22 8876032 ----a-w- c:\windows\system32\FocusMag.dll
2010-05-15 20:11 . 2010-05-15 20:11 -------- d-----w- c:\documents and settings\TATUN\Application Data\PC Suite
2010-05-15 20:11 . 2010-05-15 20:11 -------- d-----w- c:\documents and settings\TATUN\Application Data\Nokia
2010-05-15 20:11 . 2010-05-15 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-05-15 20:11 . 2010-05-15 20:11 -------- d-----w- c:\program files\Common Files\PCSuite
2010-05-15 20:11 . 2010-05-15 20:11 -------- d-----w- c:\program files\Common Files\Nokia
2010-05-15 20:10 . 2010-05-15 20:11 -------- d-----w- c:\program files\DIFX
2010-05-15 20:10 . 2008-08-26 03:56 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-05-15 20:10 . 2010-05-15 20:10 -------- d-----w- c:\program files\PC Connectivity Solution
2010-05-15 20:10 . 2010-05-15 20:10 -------- d-----w- c:\windows\system32\DRVSTORE
2010-05-15 20:10 . 2010-05-15 20:10 -------- d-----w- c:\program files\Nokia
2010-05-15 20:10 . 2009-10-06 06:22 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-05-15 20:10 . 2010-05-07 09:27 34498896 ----a-r- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng.exe
2010-05-15 20:09 . 2010-05-15 20:09 88064 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2010-05-15 20:09 . 2010-05-15 20:09 86016 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2010-05-15 20:09 . 2010-05-15 20:09 177152 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2010-05-15 20:09 . 2010-05-15 20:09 131072 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-05-15 20:09 . 2010-05-15 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-05-15 18:25 . 2010-05-15 18:25 -------- d-----w- C:\FOUND.000
2010-05-13 22:43 . 2010-05-13 22:43 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-13 22:43 . 2010-05-13 22:43 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-13 16:40 . 2010-05-13 16:40 -------- d-----w- c:\documents and settings\TATUN\Local Settings\Application Data\Yahoo
2010-05-13 03:27 . 2010-05-13 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-12 23:52 . 2010-05-12 23:53 -------- d-----w- c:\program files\FileASSASSIN
2010-05-12 22:35 . 2010-05-12 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-05-12 20:57 . 2010-05-12 20:57 -------- d-----w- c:\documents and settings\TATUN\Application Data\IObit
2010-05-11 23:42 . 2010-05-11 23:45 6114 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2010-05-11 23:36 . 2010-05-11 23:36 -------- d-----w- C:\Downloads
2010-05-11 23:04 . 2010-05-11 23:45 65257 ----a-w- c:\windows\BricoPackUninst.cmd
2010-05-11 23:02 . 2010-05-11 23:02 -------- d-----w- c:\windows\BricoPacks
2010-05-11 22:21 . 2010-05-11 22:21 -------- d-----w- c:\documents and settings\TATUN\Application Data\Malwarebytes
2010-05-11 22:21 . 2010-05-11 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-11 21:32 . 2010-05-11 21:32 -------- d-----w- c:\program files\LClock
2010-05-11 21:28 . 2010-05-11 21:28 -------- d-----w- c:\documents and settings\TATUN\Local Settings\Application Data\CometNetwork
2010-05-11 21:28 . 2010-05-11 21:28 -------- d-----w- c:\documents and settings\TATUN\Application Data\CometNetwork
2010-05-11 21:27 . 2010-05-11 21:27 -------- d-----w- c:\program files\blackmagic
2010-05-11 21:22 . 2010-05-11 21:22 -------- d-----w- c:\program files\Common Files\Nero
2010-05-11 21:21 . 2001-03-08 13:00 24064 ------w- c:\windows\system32\msxml3a.dll
2010-05-11 21:20 . 2010-05-11 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2010-05-11 21:20 . 2010-05-11 21:20 -------- d-----w- c:\program files\Ahead
2010-05-11 21:14 . 2010-05-11 21:14 -------- d-----w- c:\documents and settings\TATUN\Application Data\Media Player Classic
2010-05-11 21:09 . 2010-05-11 21:09 -------- d-----w- c:\program files\Easy GIF Animator
2010-05-11 21:07 . 2010-05-11 21:07 509448 ----a-w- c:\documents and settings\TATUN\Application Data\Real\Update\setup3.10\setup.exe
2010-05-11 21:06 . 2010-05-11 21:06 -------- d-----w- c:\program files\CometBird
2010-05-11 21:05 . 2010-05-11 21:05 -------- d-----w- c:\program files\Photo!
2010-05-11 21:04 . 2010-05-11 21:04 -------- d-----w- c:\program files\Mobile Photo Enhancer
2010-05-11 21:04 . 2010-05-11 21:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-05-11 21:04 . 2010-05-11 21:04 -------- d-----w- c:\program files\Yahoo!
2010-05-11 21:03 . 2010-05-11 21:03 -------- d-----w- c:\documents and settings\TATUN\Local Settings\Application Data\Google
2010-05-11 21:03 . 2010-05-11 21:03 -------- d-----w- c:\program files\Google
2010-05-11 21:02 . 2010-05-11 21:02 -------- d-----w- c:\documents and settings\TATUN\Local Settings\Application Data\Stardock
2010-05-11 21:02 . 2010-05-11 21:02 -------- d--h--w- c:\documents and settings\All Users\Application Data\{A850D4D9-871B-4234-908D-21C457767270}
2010-05-11 21:02 . 2008-02-19 23:21 2378928 ----a-w- c:\documents and settings\All Users\Application Data\{A850D4D9-871B-4234-908D-21C457767270}\CursorFX_public.exe
2010-05-11 21:02 . 2010-05-11 21:02 -------- d-----w- c:\program files\Stardock
2010-05-11 21:01 . 2010-05-11 21:01 1032192 ----a-w- c:\documents and settings\TATUN\Application Data\Mozilla\Firefox\Profiles\wkwa8c1y.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2010-05-11 21:01 . 2010-05-11 21:01 -------- d-----w- c:\program files\BitComet
2010-05-11 21:01 . 2010-05-11 21:01 -------- d-----w- c:\documents and settings\TATUN\Application Data\Any Video Converter
2010-05-11 21:01 . 2010-05-11 21:01 -------- d-----w- c:\program files\Any Video Converter
2010-05-11 21:00 . 2010-05-11 21:00 -------- d-----w- c:\program files\Common Files\xing shared
2010-05-11 21:00 . 2010-05-11 21:00 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-11 21:00 . 2010-05-11 21:00 -------- d-----w- c:\program files\Common Files\Real
2010-05-11 21:00 . 2010-05-11 21:00 -------- d-----w- c:\program files\Real
2010-05-11 20:58 . 2010-05-11 20:58 -------- d-----w- c:\program files\USB Disk Security
2010-05-11 20:52 . 2006-10-26 14:26 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-05-11 20:52 . 2006-10-26 14:26 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-05-11 20:51 . 2010-05-11 20:51 -------- d-----w- c:\program files\Microsoft Works
2010-05-11 20:51 . 2010-05-11 20:51 -------- d-----w- c:\program files\MSBuild
2010-05-11 20:50 . 2010-05-11 21:05 95848 ----a-w- c:\documents and settings\TATUN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-11 20:47 . 2010-05-11 20:47 -------- d-----w- c:\documents and settings\TATUN\Local Settings\Application Data\Microsoft Help
2010-05-11 20:47 . 2010-05-11 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-11 20:46 . 2010-05-11 20:46 -------- d-----r- C:\MSOCache
2010-05-11 20:45 . 2010-05-11 20:45 -------- d--h--w- c:\windows\ShellNew
2010-05-11 20:45 . 2010-05-11 20:45 -------- d-----w- c:\program files\LEAP Office
2010-05-11 20:45 . 2010-05-11 20:45 -------- d-----w- c:\documents and settings\TATUN\WINDOWS
2010-05-11 20:42 . 2010-05-11 20:42 -------- d-----w- c:\documents and settings\TATUN\Local Settings\Application Data\Adobe
2010-05-11 20:41 . 2010-05-11 20:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-11 20:17 . 2004-08-03 17:37 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-19 20:30 . 2010-05-11 19:19 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-19 20:17 . 2010-05-11 19:17 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-11 21:00 . 2010-05-11 20:19 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-11 20:19 . 2010-05-11 20:19 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-05-11 20:17 . 2010-05-11 20:17 -------- d-----w- c:\program files\C-Media 3D Audio
2010-05-11 19:57 . 2010-05-11 19:57 0 ----a-w- c:\windows\nsreg.dat
2010-05-11 19:20 . 2010-05-11 19:20 -------- d-----w- c:\program files\microsoft frontpage
2004-08-04 02:26 . 2004-08-04 02:26 160149 --sh--r- c:\windows\system32\tlttjfzh.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-02-19 582472]
"LClock"="c:\program files\LClock\lclock.exe" [2004-09-19 221184]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1594880]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 100648]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3813376]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 113776]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-12 183296]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\wscntfy.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\groove.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GrooveMonitor.exe"=
"c:\\Documents and Settings\\TATUN\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\TATUN\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LClock\\lclock.exe"=
"c:\\Program Files\\PC Connectivity Solution\\Transports\\NclMSBTSrv.exe"=
"c:\\Program Files\\PC Connectivity Solution\\NclInstaller.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10000:TCP"= 10000:TCP:BitComet 10000 TCP
"10000:UDP"= 10000:UDP:BitComet 10000 UDP
"3440:TCP"= 3440:TCP:oybgl
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
S2 uqljv;Monitor Manager;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 7:56 AM 14336]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ASC3360PR
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2004-08-04 02:26 99840 ----a-w- c:\windows\system32\advpack.dll
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
uSearchAssistant =
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\TATUN\Application Data\Mozilla\Firefox\Profiles\wkwa8c1y.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\TATUN\Application Data\Mozilla\plugins\npgoogletalk.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
MSConfigStartUp-CTFMON - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-20 03:19
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\uqljv]
"ServiceDll"="c:\windows\system32\tlttjfzh.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3708)
c:\program files\Stardock\CursorFX\CurXP0.dll
c:\program files\LClock\LC.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDll32.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Completion time: 2010-05-20 03:23:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-19 21:53
Pre-Run: 10,143,752,192 bytes free
Post-Run: 10,347,806,720 bytes free
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - EDD8DF7CD64935909B04372B556B642A