ComboFix 12-04-11.03 - Owner 04/11/2012 17:44:36.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1509.1116 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *Disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Owner\WINDOWS
c:\program files\keygen.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\dllcache\dlimport.exe
c:\windows\wallpg.exe
K:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-03-11 to 2012-04-11 )))))))))))))))))))))))))))))))
.
.
2012-04-11 20:56 . 2012-02-10 18:33 42152 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2012-04-11 20:56 . 2012-02-10 18:33 29464 ----a-w- c:\windows\system32\drivers\OAnet.sys
2012-04-11 20:56 . 2012-02-10 18:33 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys
2012-04-11 20:56 . 2012-02-10 18:33 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys
2012-04-11 00:38 . 2012-04-11 00:38 -------- d-----w- C:\Downloads
2012-04-10 23:45 . 2012-04-11 21:34 -------- d-----w- c:\documents and settings\Owner\Tracing
2012-04-10 23:44 . 2012-04-10 23:44 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-10 23:44 . 2010-04-28 11:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2012-04-10 23:39 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-04-10 19:06 . 2012-04-10 19:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-04-10 19:05 . 2012-04-10 23:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google
2012-04-10 19:04 . 2012-03-06 23:03 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-10 19:04 . 2012-03-06 23:01 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-10 19:04 . 2012-03-06 23:02 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-04-10 19:04 . 2012-03-06 23:01 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-10 19:04 . 2012-03-06 23:03 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-10 19:04 . 2012-03-06 23:01 95704 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-04-10 19:04 . 2012-03-06 23:01 89048 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-04-10 19:04 . 2012-03-06 22:58 24920 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-04-10 19:04 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-10 19:04 . 2012-03-06 23:15 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-10 18:51 . 2012-04-10 18:51 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2012-04-10 18:50 . 2012-04-10 18:50 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2012-04-10 18:44 . 2012-04-10 18:44 -------- dc-h--w- c:\windows\ie8
2012-04-10 18:35 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-04-10 18:24 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-04-10 18:17 . 2012-04-10 18:17 -------- d-----w- c:\windows\system32\scripting
2012-04-10 18:17 . 2012-04-10 18:17 -------- d-----w- c:\windows\l2schemas
2012-04-10 18:17 . 2012-04-10 18:17 -------- d-----w- c:\windows\system32\en
2012-04-10 18:17 . 2012-04-10 18:17 -------- d-----w- c:\windows\system32\bits
2012-04-10 18:11 . 2012-04-10 18:11 -------- d-----w- c:\windows\EHome
2012-04-10 17:53 . 2004-08-04 02:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2012-04-10 17:39 . 2012-04-10 18:16 -------- d-----w- c:\windows\ServicePackFiles
2012-04-10 17:38 . 2012-04-10 18:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
2012-04-10 17:29 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-04-10 17:28 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-04-10 17:23 . 2009-01-07 22:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2012-04-10 17:23 . 2012-04-10 18:54 -------- d--h--w- c:\windows\$hf_mig$
2012-04-10 17:20 . 2012-04-10 17:20 -------- d-sh--w- c:\documents and settings\Owner\UserData
2012-04-10 14:10 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-10 13:29 . 1998-10-10 00:53 33696 ----a-w- c:\windows\system32\drivers\fastpara.sys
2012-04-10 02:58 . 2001-08-17 22:36 61500 ----a-w- c:\windows\system32\usrcntra.dll
2012-04-10 02:57 . 2008-04-13 18:56 12288 ----a-w- c:\windows\system32\drivers\tunmp.sys
2012-04-10 02:56 . 2008-04-14 00:11 47104 ----a-w- c:\windows\system32\cnbjmon.dll
2012-04-10 02:54 . 2009-10-21 05:38 75776 ----a-w- c:\windows\system32\strmfilt.dll
2012-04-10 02:53 . 2008-04-14 00:12 76800 ----a-w- c:\windows\system32\nslookup.exe
2012-04-10 02:52 . 2010-06-15 16:17 143422 ----a-w- c:\windows\system32\l3codecx.ax
2012-04-10 02:50 . 2008-04-14 00:12 83456 ----a-w- c:\windows\system32\dpvsetup.exe
2012-04-10 02:49 . 2008-04-14 00:08 114688 ----a-w- c:\windows\system32\asctrls.ocx
2012-04-10 02:07 . 2012-04-11 21:47 -------- d-----r- C:\Program Files
2012-04-10 01:58 . 2012-04-11 21:47 -------- dcsh--r- c:\windows\system32\dllcache
2012-04-10 01:56 . 2012-04-10 15:09 -------- d-----w- C:\My Backup -- 12-04-09 0656PM
2012-04-10 00:17 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-04-10 00:15 . 2012-04-10 00:15 -------- d-----w- C:\SYSPREP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-10 23:42 . 2004-10-16 06:45 73728 ----a-w- c:\windows\ALCFDRTM.VER
2012-02-28 18:50 . 2012-02-28 18:50 81920 ------w- c:\windows\system32\ieencode.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gestionnaire Antidote.exe"="c:\program files\Druide\Antidote\Gestionnaire Antidote.exe" [2007-04-16 534200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-01 118784]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 61952]
"SoundMan"="SOUNDMAN.EXE" [2004-08-25 77824]
"AlcWzrd"="ALCWZRD.EXE" [2004-08-25 2552320]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-03-12 135168]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"@OnlineArmor GUI"="c:\program files\Online Armor\OAui.exe" [2012-02-10 2645440]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2004-10-14 1742384]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\ONLINE~2\oaevent.dll" [2012-02-10 359352]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/10/2012 3:04 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/10/2012 3:04 PM 337880]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [4/11/2012 4:56 PM 205864]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/11/2012 4:56 PM 25192]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/11/2012 4:56 PM 29464]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/10/2012 3:04 PM 20696]
R2 FastPara;FastPara;c:\windows\system32\drivers\fastpara.sys [4/10/2012 9:29 AM 33696]
R2 OAcat;Online Armor Helper Service;c:\program files\Online Armor\oacat.exe [4/11/2012 4:56 PM 208472]
S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [4/11/2012 4:56 PM 42152]
S2 SvcOnlineArmor;Online Armor;c:\program files\Online Armor\oasrv.exe [4/11/2012 4:56 PM 4369208]
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-10 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2012-04-10 00:12]
.
2012-04-10 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2012-04-10 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.metacrawler.com/
TCP: DhcpNameServer = 24.200.241.37 24.202.72.13 24.200.0.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-America Online us - c:\program files\Common Files\aolshare\Aolunins_us.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2012-04-11 17:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-04-11 17:51:38
ComboFix-quarantined-files.txt 2012-04-11 21:51
.
Pre-Run: 187,644,379,136 bytes free
Post-Run: 187,771,375,616 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft Windows XP Home Edition" /fastdetect
.
- - End Of File - - 7E1AD0D9655F971648D5DC6AC0150CE9
do have question how can i get rid of whats left of the c:backup (2-3 files that wont delete)
and is it true I should use the admin account cause thats the one I always use (kida ahve limited account)
also can i delet the log an dbak file?thanks!