ComboFix 11-01-03.01 - General 03/01/2011 23:55:24.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.479.163 [GMT 0:00]
Running from: c:\documents and settings\General\desktop\commy.exe
Command switches used :: /stepdel
FW: Online Armor Firewall *Enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\AutoRun.ini
c:\windows\system32\arp.exe
c:\windows\system32\install.exe
c:\windows\system32\SCardSvr.exe
c:\windows\system32\shimg.dll
d:\documents\david\rdplus.net.DUN
.
((((((((((((((((((((((((( Files Created from 2010-12-04 to 2011-01-04 )))))))))))))))))))))))))))))))
.
2011-01-03 22:45 . 2010-12-31 20:00 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-03 22:45 . 2010-12-31 19:59 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-03 22:45 . 2010-12-31 19:56 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-03 22:43 . 2010-12-31 20:06 38848 ----a-w- c:\windows\avastSS.scr
2011-01-03 22:43 . 2010-12-31 20:06 188216 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-03 22:29 . 2010-12-31 19:56 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-03 22:27 . 2010-12-31 19:59 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-01-03 22:27 . 2010-12-31 19:59 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-01-03 22:26 . 2010-12-31 19:56 29264 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-01-03 22:23 . 2011-01-03 22:43 -------- d-----w- c:\program files\Alwil Software
2011-01-03 22:23 . 2011-01-03 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-03 10:23 . 2011-01-03 10:23 -------- d-----w- c:\documents and settings\General\Local Settings\Application Data\Help
2011-01-03 09:50 . 2011-01-03 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2011-01-03 09:50 . 2011-01-03 09:50 -------- d-----w- c:\documents and settings\General\Application Data\OnlineArmor
2011-01-03 09:50 . 2010-07-07 12:25 22600 ----a-w- c:\windows\system32\drivers\OAmon.sys
2011-01-03 09:50 . 2010-07-07 12:25 28232 ----a-w- c:\windows\system32\drivers\OAnet.sys
2011-01-03 09:50 . 2010-07-07 12:25 236104 ----a-w- c:\windows\system32\drivers\OADriver.sys
2011-01-03 09:50 . 2011-01-03 09:50 -------- d-----w- c:\program files\Emsisoft
2011-01-03 01:33 . 2011-01-03 01:33 388096 ----a-r- c:\documents and settings\General\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-01-03 01:33 . 2011-01-03 01:45 -------- d-----w- c:\program files\HJT
2011-01-02 22:27 . 2010-11-12 18:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-01-02 22:27 . 2010-11-12 18:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-02 22:03 . 2011-01-02 22:03 -------- d-----w- c:\documents and settings\General\Application Data\SUPERAntiSpyware.com
2011-01-02 22:03 . 2011-01-02 22:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-01-02 22:02 . 2011-01-02 22:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-01-02 21:48 . 2011-01-02 21:48 -------- d-----w- c:\program files\CCleaner
2011-01-02 18:43 . 2011-01-02 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-02 18:08 . 2011-01-02 18:08 -------- d-----w- c:\documents and settings\General\Application Data\Malwarebytes
2011-01-02 18:08 . 2011-01-02 18:44 -------- d-----w- c:\documents and settings\General\Application Data\VMware
2011-01-02 18:07 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-02 18:07 . 2011-01-02 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-02 18:07 . 2011-01-02 18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-02 18:07 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-16 16:41 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-16 16:40 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2009-01-22 11:24 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 16:34 . 2008-02-27 18:44 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-05 05:05 . 2009-01-22 11:23 667136 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 15:17 . 2009-01-22 11:23 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2009-01-22 11:24 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2009-01-22 11:23 1853312 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe" [2004-03-03 131072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-01-10 4263936]
"nwiz"="nwiz.exe" [2003-01-10 315392]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"@OnlineArmor GUI"="c:\program files\Emsisoft\Online Armor\oaui.exe" [2010-07-07 6854984]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-12-31 3395600]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-07 924488]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\music\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/01/2011 22:45 293968]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [03/01/2011 09:50 236104]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [03/01/2011 09:50 22600]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [03/01/2011 09:50 28232]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/01/2011 22:45 17744]
R2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\oacat.exe [03/01/2011 09:50 1283400]
R2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [03/01/2011 09:50 3364680]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
TCP: {03099802-BE23-40CC-AED5-66231B4EE118} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\General\Application Data\Mozilla\Firefox\Profiles\26jafrot.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter:
[email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
------- File Associations -------
.
.txt=UltraEdit.txt
.
- - - - ORPHANS REMOVED - - - -
Notify-avgrsstarter - avgrsstx.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-01-04 00:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(492)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2011-01-04 00:15:25
ComboFix-quarantined-files.txt 2011-01-04 00:15
Pre-Run: 1,833,848,832 bytes free
Post-Run: 3,556,343,808 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - CE11369B949B2414924CBE44388B9D19