ComboFix 11-06-22.02 - chris zurowski 06/22/2011 16:06:19.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.254.4 [GMT -4:00]
Running from: c:\documents and settings\chris zurowski\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\aidin\Application Data\Mozilla\Firefox\Profiles\7mdlruxk.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}
c:\documents and settings\aidin\Application Data\Mozilla\Firefox\Profiles\7mdlruxk.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\chrome.manifest
c:\documents and settings\aidin\Application Data\Mozilla\Firefox\Profiles\7mdlruxk.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\chrome\xulcache.jar
c:\documents and settings\aidin\Application Data\Mozilla\Firefox\Profiles\7mdlruxk.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\defaults\preferences\xulcache.js
c:\documents and settings\aidin\Application Data\Mozilla\Firefox\Profiles\7mdlruxk.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\install.rdf
c:\documents and settings\chris zurowski\Application Data\Mozilla\Firefox\Profiles\91n9x25e.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}
c:\documents and settings\chris zurowski\Application Data\Mozilla\Firefox\Profiles\91n9x25e.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\chrome.manifest
c:\documents and settings\chris zurowski\Application Data\Mozilla\Firefox\Profiles\91n9x25e.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\chrome\xulcache.jar
c:\documents and settings\chris zurowski\Application Data\Mozilla\Firefox\Profiles\91n9x25e.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\defaults\preferences\xulcache.js
c:\documents and settings\chris zurowski\Application Data\Mozilla\Firefox\Profiles\91n9x25e.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\install.rdf
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\xavltxta.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\xavltxta.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\chrome.manifest
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\xavltxta.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\chrome\xulcache.jar
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\xavltxta.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\defaults\preferences\xulcache.js
c:\documents and settings\Guest\Application Data\Mozilla\Firefox\Profiles\xavltxta.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\install.rdf
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\mxkdfz77.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\mxkdfz77.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\chrome.manifest
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\mxkdfz77.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\chrome\xulcache.jar
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\mxkdfz77.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\defaults\preferences\xulcache.js
c:\documents and settings\LocalService\Application Data\Mozilla\Firefox\Profiles\mxkdfz77.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\install.rdf
c:\documents and settings\mom and steve\Application Data\Mozilla\Firefox\Profiles\doxju2rb.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}
c:\documents and settings\mom and steve\Application Data\Mozilla\Firefox\Profiles\doxju2rb.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\chrome.manifest
c:\documents and settings\mom and steve\Application Data\Mozilla\Firefox\Profiles\doxju2rb.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\chrome\xulcache.jar
c:\documents and settings\mom and steve\Application Data\Mozilla\Firefox\Profiles\doxju2rb.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\defaults\preferences\xulcache.js
c:\documents and settings\mom and steve\Application Data\Mozilla\Firefox\Profiles\doxju2rb.default\extensions\{57c69cd5-e526-4be7-a7eb-6985d8b828db}\install.rdf
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf
c:\windows\system32\259459213
c:\windows\system32\259459213\frt0.rar
c:\windows\system32\259459213\frt0.rar.ver
c:\windows\system32\259459213\frt1.rar
c:\windows\system32\259459213\frt1.rar.ver
c:\windows\system32\259459213\frt10.rar
c:\windows\system32\259459213\frt10.rar.ver
c:\windows\system32\259459213\frt11.rar
c:\windows\system32\259459213\frt11.rar.ver
c:\windows\system32\259459213\frt12.rar
c:\windows\system32\259459213\frt12.rar.ver
c:\windows\system32\259459213\frt13.rar
c:\windows\system32\259459213\frt13.rar.ver
c:\windows\system32\259459213\frt14.rar
c:\windows\system32\259459213\frt14.rar.ver
c:\windows\system32\259459213\frt15.rar
c:\windows\system32\259459213\frt15.rar.ver
c:\windows\system32\259459213\frt2.rar
c:\windows\system32\259459213\frt2.rar.ver
c:\windows\system32\259459213\frt3.rar
c:\windows\system32\259459213\frt3.rar.ver
c:\windows\system32\259459213\frt4.rar
c:\windows\system32\259459213\frt4.rar.ver
c:\windows\system32\259459213\frt5.rar
c:\windows\system32\259459213\frt5.rar.ver
c:\windows\system32\259459213\frt6.rar
c:\windows\system32\259459213\frt6.rar.ver
c:\windows\system32\259459213\frt7.rar
c:\windows\system32\259459213\frt7.rar.ver
c:\windows\system32\259459213\frt8.rar
c:\windows\system32\259459213\frt8.rar.ver
c:\windows\system32\259459213\frt9.rar
c:\windows\system32\259459213\frt9.rar.ver
c:\windows\system32\585300597
c:\windows\system32\585300597\new.i0.kwd
c:\windows\system32\585300597\new.i1.kwd
c:\windows\system32\585300597\new.i2.kwd
c:\windows\system32\585300597\new.i3.kwd
c:\windows\system32\585300597\new.i4.kwd
c:\windows\system32\585300597\new.i5.kwd
c:\windows\system32\585300597\new.i6.kwd
c:\windows\system32\585300597\new.i7
c:\windows\system32\585300597\new.i7.kwd
c:\windows\system32\ssembl~1
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_USRINITVERIF
.
.
((((((((((((((((((((((((( Files Created from 2011-05-22 to 2011-06-22 )))))))))))))))))))))))))))))))
.
.
2011-06-22 17:32 . 2011-06-22 17:32 -------- d-----w- c:\program files\ESET
2011-06-22 02:57 . 2011-06-22 02:57 -------- d-----w- C:\_OTM
2011-06-22 02:45 . 2011-06-22 02:45 -------- d-----w- c:\program files\ERUNT
2011-06-21 15:15 . 2011-06-21 15:15 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-06-21 15:15 . 2011-06-21 15:15 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-06-21 15:15 . 2011-06-21 15:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-18 14:53 . 2011-06-18 14:53 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-06-18 14:53 . 2011-06-18 14:53 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-06-18 14:53 . 2011-06-18 14:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-06-18 14:53 . 2011-06-18 14:53 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-06-18 14:53 . 2011-06-18 14:53 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-06-18 14:53 . 2011-06-18 14:53 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-06-18 14:53 . 2011-06-18 14:53 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-06-18 14:53 . 2011-06-18 14:53 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-06-14 03:12 . 2011-06-14 03:12 388096 ----a-r- c:\documents and settings\chris zurowski\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-14 03:11 . 2011-06-14 03:11 -------- d-----w- c:\program files\Trend Micro
2011-06-12 15:04 . 2011-06-12 15:04 -------- d-----w- c:\documents and settings\chris zurowski\Application Data\Malwarebytes
2011-06-12 15:01 . 2011-05-29 13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-12 15:01 . 2011-06-12 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-12 15:01 . 2011-05-29 13:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-12 15:01 . 2011-06-12 15:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-11 17:14 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-11 17:14 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-11 17:14 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-11 17:14 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-11 17:14 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-11 17:14 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-06-11 17:14 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-06-11 17:14 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-06-11 17:13 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-11 17:13 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-11 17:13 . 2011-06-11 17:13 -------- d-----w- c:\program files\AVAST Software
2011-06-11 17:13 . 2011-06-11 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-06-07 20:04 . 2011-06-07 20:04 -------- d-----w- c:\documents and settings\chris zurowski\Local Settings\Application Data\Western Digital
2011-06-07 05:50 . 2011-06-07 05:50 -------- d-----w- c:\windows\system32\XPSViewer
2011-06-07 05:50 . 2011-06-07 05:50 -------- d-----w- c:\program files\MSBuild
2011-06-07 05:50 . 2011-06-07 05:50 -------- d-----w- c:\program files\Reference Assemblies
2011-06-07 05:50 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-07 05:49 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-06-07 05:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-06-07 05:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-06-07 05:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-06-07 05:49 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-06-07 05:49 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-06-07 05:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-06-07 05:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2011-06-06 21:00 . 2011-06-06 21:00 -------- d-----w- c:\documents and settings\chris zurowski\Local Settings\Application Data\Temp
2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 16:55 . 2011-06-06 16:55 183696 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2011-06-05 16:44 . 2011-06-05 16:44 -------- d-----w- c:\documents and settings\aidin\Local Settings\Application Data\Mozilla Firefox
2011-06-05 16:21 . 2011-06-05 16:21 14744 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2011-06-05 16:21 . 2011-06-05 16:21 14744 ----a-w- c:\documents and settings\aidin\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2011-06-05 15:51 . 2011-06-05 15:51 -------- d-s---w- c:\documents and settings\mom and steve\UserData
2011-06-05 14:19 . 2011-06-05 14:19 -------- d-----w- c:\windows\ServicePackFiles
2011-06-05 13:04 . 2011-06-05 13:39 -------- d-----w- c:\windows\system32\CatRoot_bak
2011-06-05 03:43 . 2008-10-15 16:57 332800 ------w- c:\windows\system32\dllcache\netapi32.dll
2011-06-05 03:40 . 2011-06-05 03:40 -------- d-----w- c:\program files\MSXML 6.0
2011-06-05 03:36 . 2009-12-31 16:14 352640 ------w- c:\windows\system32\dllcache\srv.sys
2011-06-05 03:32 . 2010-02-24 12:31 454016 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2011-06-05 03:21 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-06-05 03:21 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2011-06-05 02:10 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe
2011-06-05 02:04 . 2009-10-15 17:21 82432 ------w- c:\windows\system32\dllcache\fontsub.dll
2011-06-05 01:53 . 2009-07-31 04:57 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-18 14:53 . 2011-06-18 14:53 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-05-17 15:38 203776 --sh--w- c:\windows\SYSTEM32\unrar.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R1 aswSnx;aswSnx;c:\windows\SYSTEM32\DRIVERS\aswSnx.sys [06/11/2011 1:14 PM 441176]
R1 aswSP;aswSP;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [06/11/2011 1:14 PM 307928]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [06/11/2011 1:14 PM 19544]
R3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;c:\windows\SYSTEM32\DRIVERS\m4301A.sys [04/03/2011 1:43 PM 116192]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys [06/12/2011 11:01 AM 39984]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\SYSTEM32\DRIVERS\wdcsam.sys [02/13/2009 3:02 PM 11520]
S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);c:\windows\SYSTEM32\DRIVERS\ZD1201U.sys [03/11/2006 5:27 PM 38656]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3477593384-2160461186-3016248450-1006.job
- c:\documents and settings\chris zurowski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-25 17:46]
.
.
------- Supplementary Scan -------
.
IE: &AIM Search
IE: E&xport to Microsoft Excel
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\documents and settings\chris zurowski\Application Data\Mozilla\Firefox\Profiles\91n9x25e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/sli ... ie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/sli ... rab&query=
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1 - c:\program files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-22 16:25
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-06-22 16:36:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-22 20:36
.
Pre-Run: 24,332,742,656 bytes free
Post-Run: 24,174,329,856 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 45B6F9C3602DCF47D44F0B1FAA9D74B7