ComboFix 09-08-10.06 - Default 08/14/2009 16:47.3.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1412 [GMT -5:00] Running from: c:\documents and settings\Default\Desktop\Combo-Fix.exe AV: avast! antivirus 4.8.1335 [VPS 090814-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Default\Application Data\inst.exe . ((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 ))))))))))))))))))))))))))))))) . 2009-08-14 08:28 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-14 08:28 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-14 08:28 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-14 08:28 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-08-14 08:28 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-14 08:28 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-14 08:28 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-14 08:28 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-14 08:27 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-14 08:27 . 2009-08-14 08:27 -------- d-----w- c:\program files\Alwil Software 2009-08-14 07:47 . 2009-08-14 07:47 -------- d-----w- c:\windows\system32\XPSViewer 2009-08-14 07:47 . 2009-08-14 07:47 -------- d-----w- c:\program files\MSBuild 2009-08-14 07:46 . 2009-08-14 07:46 -------- d-----w- c:\program files\Reference Assemblies 2009-08-14 07:46 . 2009-08-14 07:46 -------- d-----w- C:\722ff486446c4ddfe9dff8 2009-08-14 07:46 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-08-14 07:46 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2009-08-14 07:46 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2009-08-14 07:46 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2009-08-14 07:46 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2009-08-14 07:46 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2009-08-14 07:46 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-08-14 07:18 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-08-14 06:59 . 2009-08-14 06:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-08-14 02:07 . 2009-08-14 02:08 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-08-14 02:07 . 2009-08-14 02:07 -------- d-----w- c:\documents and settings\Default\Application Data\Malwarebytes 2009-08-14 02:07 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-14 02:07 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-14 02:07 . 2009-08-14 02:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-14 02:07 . 2009-08-14 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-14 01:44 . 2009-08-14 01:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer 2009-08-14 01:44 . 2009-08-14 01:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer 2009-08-13 06:53 . 2009-08-13 06:53 -------- d-----w- c:\program files\RogueRemover PRO 2009-08-13 06:51 . 2009-08-13 07:12 -------- d-----w- c:\program files\security programs 2009-08-11 06:57 . 2009-08-13 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-11 06:57 . 2009-08-12 02:35 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-08-11 04:50 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-08-11 04:40 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-08-11 04:40 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe 2009-08-11 04:39 . 2009-08-11 04:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-08-11 04:39 . 2009-08-11 04:39 -------- d-----w- c:\program files\Lavasoft 2009-08-11 04:21 . 2009-08-11 04:40 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864} 2009-08-11 03:54 . 2009-08-11 03:54 -------- d-----w- c:\documents and settings\Default\Application Data\Logs 2009-08-10 19:45 . 2009-08-10 19:45 -------- d-----w- c:\program files\Engelmann Media 2009-08-10 19:45 . 2009-08-10 19:45 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-08-10 19:42 . 2009-08-11 06:34 -------- d-----w- c:\documents and settings\Default\Application Data\GetRightToGo 2009-08-10 04:55 . 2009-08-10 04:55 -------- d-----w- c:\documents and settings\Default\Local Settings\Application Data\WinZip 2009-08-10 04:54 . 2009-08-10 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2009-08-10 04:20 . 2009-08-10 17:12 -------- d-----w- c:\documents and settings\Default\Application Data\ImgBurn 2009-08-10 04:11 . 2009-08-10 04:11 -------- d-----w- c:\program files\ImgBurn 2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll 2009-07-29 04:37 . 2009-07-29 04:37 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2009-07-29 04:37 . 2009-07-29 04:37 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2009-07-19 15:24 . 2009-07-22 00:29 -------- d-----w- c:\documents and settings\Default\Application Data\My Battle for Middle-earth Files 2009-07-19 15:00 . 2009-07-19 16:04 -------- d-----w- C:\LOTRBFME 2009-07-17 19:01 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll 2009-07-17 02:13 . 2009-07-17 02:13 -------- d-----w- c:\windows\system32\wbem\Repository 2009-07-15 23:47 . 2009-07-15 23:47 -------- d-----w- c:\program files\M-Audio Firewire Family 2009-07-15 23:47 . 2009-07-15 23:47 -------- d-----w- c:\program files\M-Audio 2009-07-15 23:32 . 2009-07-15 23:46 -------- d-----w- c:\program files\M-Audio Firewire Family(2) . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-14 08:25 . 2007-03-19 03:43 28552 ----a-w- c:\documents and settings\Default\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-14 07:54 . 2009-02-17 18:28 23716 ---ha-w- c:\windows\system32\mlfcache.dat 2009-08-14 01:44 . 2008-04-28 21:35 6616 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-14 01:30 . 2008-12-24 18:39 -------- d-----w- c:\documents and settings\Default\Application Data\buySAFEShoppingAdvisor 2009-08-13 06:53 . 2009-08-13 06:53 2014 ---h--r- c:\windows\system32\drivers\hosts 2009-08-11 19:54 . 2007-03-20 03:34 -------- d-----w- c:\documents and settings\Default\Application Data\Digidesign 2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 22:13 . 2007-07-08 07:47 -------- d-----w- c:\program files\Starcraft 2009-07-29 04:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:37 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-28 17:21 . 2009-03-03 07:21 256 ----a-w- c:\windows\system32\pool.bin 2009-07-27 02:32 . 2007-12-28 02:06 -------- d-----w- c:\documents and settings\Default\Application Data\Vso 2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-15 23:47 . 2007-03-19 03:22 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-15 23:31 . 2007-03-20 02:28 -------- d-----w- c:\program files\Common Files\InstallShield 2009-07-14 04:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-29 16:12 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll 2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-06-19 21:48 . 2008-09-16 22:25 -------- d-----w- c:\documents and settings\Default\Application Data\Apple Computer 2009-06-18 21:05 . 2009-01-22 20:28 -------- d-----w- c:\program files\Safari 2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe 2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 14:19 . 2007-03-19 02:58 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll 2009-06-02 16:50 . 2009-04-28 19:27 52008 ----a-w- c:\windows\system32\drivers\iLokDrvr.sys 2008-08-22 01:28 . 2008-08-22 01:28 0 ----a-w- c:\program files\temp01 . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-14 68856] "EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "Pando"="c:\program files\Pando Networks\Pando\Pando.exe" [2009-02-19 3913032] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-03-06 236016] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-11-14 61440] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1519616] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-25 525640] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"= "c:\\Program Files\\Starcraft\\StarCraft.exe"= "c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\patchget.dat"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Pando Networks\\Pando\\pando.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "58779:TCP"= 58779:TCP:Pando P2P TCP Listening Port "58779:UDP"= 58779:UDP:Pando P2P UDP Listening Port R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [3/19/2007 10:08 PM 16384] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/10/2009 11:40 PM 64160] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/14/2009 3:28 AM 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/14/2009 3:28 AM 20560] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456] S0 lcbtndev;LaCie button interface;c:\windows\system32\DRIVERS\lcbtndev.sys --> c:\windows\system32\DRIVERS\lcbtndev.sys [?] S3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [4/28/2009 2:27 PM 52008] S3 L6PODLV;PODxt Live Service;c:\windows\system32\drivers\L6PODLV.sys [8/24/2008 5:55 PM 521472] --- Other Services/Drivers In Memory --- *NewlyCreated* - AAVMKER4 *NewlyCreated* - ASWFSBLK *NewlyCreated* - ASWMON2 *NewlyCreated* - ASWRDR *NewlyCreated* - ASWSP *NewlyCreated* - ASWTDI *NewlyCreated* - ASWUPDSV *NewlyCreated* - AVAST!_ANTIVIRUS *NewlyCreated* - AVAST!_MAIL_SCANNER *NewlyCreated* - AVAST!_WEB_SCANNER *Deregistered* - aujasnkj . Contents of the 'Scheduled Tasks' folder 2009-08-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49] 2009-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] . - - - - ORPHANS REMOVED - - - - WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-14 16:49 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-08-14 16:50 ComboFix-quarantined-files.txt 2009-08-14 21:50 ComboFix2.txt 2009-08-14 07:07 Pre-Run: 99,041,411,072 bytes free Post-Run: 99,032,592,384 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOffmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOffmulti(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 207 --- E O F --- 2009-08-14 07:52