ComboFix 10-01-31.05 - pc 02/01/2010 15:02:29.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.957.558 [GMT 1:00]
Running from: c:\documents and settings\pc\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100131-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\pc\RavMonLog
c:\recycler\S-1-5-21-4452432571-1359283844-355285569-2363
c:\recycler\S-1-5-21-6447609684-6125181263-496867207-2251
c:\recycler\S-1-5-21-6765914371-8869209286-718175895-5426
c:\recycler\S-1-5-21-7854750040-9194512387-477392542-4486
c:\windows\system32\AutoRun.inf
.
((((((((((((((((((((((((( Files Created from 2010-01-01 to 2010-02-01 )))))))))))))))))))))))))))))))
.
2010-01-28 12:43 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-28 12:43 . 2010-01-28 12:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 12:43 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-28 12:05 . 2010-01-28 12:05 -------- d-----w- c:\windows\Time Stopper
2010-01-23 09:52 . 2010-01-23 09:59 -------- d-----w- c:\documents and settings\pc\xpsun
2010-01-23 09:52 . 2010-01-23 09:52 57856 ----a-w- c:\documents and settings\pc\Application Data\Sun\Java\Deployment\cache\6.0\47\1247e16f-2f00600d-1.1--n\ShellLink_x64.dll
2010-01-23 09:52 . 2010-01-23 09:52 53248 ----a-w- c:\documents and settings\pc\Application Data\Sun\Java\Deployment\cache\6.0\47\1247e16f-2f00600d-1.1--n\ShellLink.dll
2010-01-15 10:44 . 2010-01-15 10:44 -------- d-----w- c:\documents and settings\pc\Local Settings\Application Data\Yahoo!
2010-01-13 08:37 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-06 09:21 . 2010-01-06 09:42 -------- d-----w- c:\documents and settings\pc\Application Data\TeamViewer
2010-01-06 09:21 . 2010-01-16 10:08 -------- d-----w- c:\program files\TeamViewer
2010-01-06 09:21 . 2010-01-06 09:21 -------- d-----w- c:\documents and settings\pc\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 11:59 . 2009-04-09 08:50 -------- d-----w- c:\documents and settings\pc\Application Data\Skype
2010-01-23 11:00 . 2009-11-13 13:31 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-22 09:33 . 2009-12-28 20:24 -------- d-----w- c:\documents and settings\pc\Application Data\SolidDocuments
2010-01-06 09:18 . 2009-11-13 12:39 -------- d-----w- c:\program files\JDownloader
2010-01-05 10:00 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-28 20:21 . 2009-12-28 20:21 -------- d-----w- c:\program files\SolidDocuments
2009-12-28 20:21 . 2009-12-28 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SolidDocuments
2009-12-22 10:57 . 2009-12-22 10:52 -------- d-----w- c:\documents and settings\pc\Application Data\eBookPro6
2009-12-11 20:43 . 2009-12-11 20:43 -------- d-----w- c:\program files\MSXML 4.0
2009-12-04 11:58 . 2009-01-27 17:04 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-04 11:55 . 2009-12-04 11:55 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-12-03 18:11 . 2009-01-23 13:37 -------- d-----w- c:\documents and settings\pc\Application Data\HPAppData
2009-11-24 23:54 . 2009-07-27 11:46 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-07-27 11:46 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-07-27 11:46 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-07-27 11:46 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-07-27 11:46 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-07-27 11:46 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-07-27 11:46 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-07-27 11:46 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-07-27 11:46 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 10:48 . 2009-11-27 17:37 872960 ----a-w- c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\dgja7oqw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 10:48 . 2009-11-27 17:37 43008 ----a-w- c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\dgja7oqw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 10:48 . 2009-11-27 17:37 340480 ----a-w- c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\dgja7oqw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 10:48 . 2009-11-27 17:37 346624 ----a-w- c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\dgja7oqw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TouchPadHotKey"="c:\program files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe" [2007-06-26 360448]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Utility Tray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^pc^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\pc\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 16:43 69632 ------r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 20:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-08 19:09 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-04 23:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-08-10 13:21 16384000 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
2007-08-03 14:07 53248 ----a-r- c:\windows\system32\SiSPower.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-11-22 15:31 630784 ----a-r- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-05-10 17:22 864256 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SCPDFV4ReadSpool"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\v8200\\DMMultiView\\MultiView.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"17477:TCP"= 17477:TCP:NortonAV
"13606:TCP"= 13606:TCP:NortonAV
"12759:TCP"= 12759:TCP:NortonAV
"13895:TCP"= 13895:TCP:NortonAV
"12749:TCP"= 12749:TCP:NortonAV
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/27/2009 2:46 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [7/27/2009 12:46 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [7/27/2009 12:46 PM 20560]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [9/15/2008 11:34 AM 20504]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 12:17 PM 1181328]
S4 SCPDFV4ReadSpool;SolidConverterPDFv4ReadSpool;c:\windows\Installer\MSI4C4.tmp [12/28/2009 9:21 PM 189688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-02-01 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:58]
2010-01-29 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:58]
2010-01-28 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:58]
2010-01-29 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:58]
2010-02-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 17:58]
2009-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {7BA7E7FE-A80E-4C29-AEBE-6C37C4C3202C} = 195.66.160.1,195.66.160.2
FF - ProfilePath - c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\dgja7oqw.default\
FF - prefs.js: browser.startup.homepage - hxxps://webmax.t-com.me/?_task=mail&_action=today
FF - component: c:\documents and settings\pc\Application Data\Mozilla\Firefox\Profiles\dgja7oqw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\pc\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-amva - c:\windows\system32\amvo.exe
AddRemove-DivX Plus DirectShow Filters - c:\program files\DivX\DivXDSFiltersUninstall.exe
AddRemove-HijackThis - c:\documents and settings\pc\Desktop\1234\HijackThis.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - c:\program files\DivX\DivXWebPlayerUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-02-01 15:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFV4ReadSpool]
"ImagePath"="c:\windows\Installer\MSI4C4.tmp"
.
Completion time: 2010-02-01 15:09:46
ComboFix-quarantined-files.txt 2010-02-01 14:09
Pre-Run: 48,748,695,552 bytes free
Post-Run: 50,056,720,384 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - AF41D9E7D6730530C3A8C624F7698137