ComboFix 11-06-27.04 - Deb 06/28/2011 7:57.1.1 - x86 Running from: c:\documents and settings\Deb\My Documents\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\Toolbar4 c:\documents and settings\Deb\Application Data\Adobe\plugs c:\documents and settings\Deb\Application Data\Adobe\shed c:\documents and settings\Deb\Application Data\Adobe\shed\thr1.chm c:\program files\Search Toolbar c:\program files\Search Toolbar\basis.xml c:\program files\Search Toolbar\bg.bmp c:\program files\Search Toolbar\bing_logo.png c:\program files\Search Toolbar\celebrity.png c:\program files\Search Toolbar\drop_images.png c:\program files\Search Toolbar\drop_maps.png c:\program files\Search Toolbar\drop_news.png c:\program files\Search Toolbar\drop_videos.png c:\program files\Search Toolbar\drop_web.png c:\program files\Search Toolbar\facebook.png c:\program files\Search Toolbar\favicon.png c:\program files\Search Toolbar\games.png c:\program files\Search Toolbar\hotmail.png c:\program files\Search Toolbar\icon.ico c:\program files\Search Toolbar\images.png c:\program files\Search Toolbar\include.xml c:\program files\Search Toolbar\info.txt c:\program files\Search Toolbar\lifestyle.png c:\program files\Search Toolbar\maps.png c:\program files\Search Toolbar\messenger.png c:\program files\Search Toolbar\msn.png c:\program files\Search Toolbar\news.png c:\program files\Search Toolbar\SearchToolbar.dll c:\program files\Search Toolbar\SearchToolbarUninstall.exe c:\program files\Search Toolbar\tbcore3.dll c:\program files\Search Toolbar\tbhelper.dll c:\program files\Search Toolbar\twitter.png c:\program files\Search Toolbar\uninstall.exe c:\program files\Search Toolbar\update.exe c:\program files\Search Toolbar\version.txt c:\program files\Search Toolbar\video.png c:\program files\Search Toolbar\videos.png c:\program files\Search Toolbar\weather.png c:\program files\Search Toolbar\web.png . . ((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-28 ))))))))))))))))))))))))))))))) . . 2011-06-25 00:35 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-23 01:18 . 2011-06-23 01:18 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe 2011-06-23 01:18 . 2011-06-23 01:18 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll 2011-06-05 10:58 . 2011-06-17 11:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-29 15:09 . 2011-05-29 15:09 -------- d-----w- c:\documents and settings\Deb\Local Settings\Application Data\Chat Republic Games . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-10 12:10 . 2011-02-25 20:10 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2011-02-25 20:10 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:03 . 2011-02-25 20:10 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-10 12:03 . 2011-02-25 20:10 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2011-02-25 20:10 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 12:02 . 2011-02-25 20:10 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-05-10 12:02 . 2011-02-25 20:10 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-05-10 11:59 . 2011-02-25 20:10 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2011-02-25 20:10 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-05-10 11:59 . 2011-02-25 20:10 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-05-02 15:31 . 2009-07-20 05:19 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19 . 2004-08-04 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-08-04 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:10 . 2009-07-30 12:12 398760 ----a-r- c:\windows\system32\cpnprt2.cid 2011-04-25 12:01 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2004-08-04 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2010-03-31 14:09 . 2010-03-31 14:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll 2010-04-08 16:36 . 2010-04-08 16:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "avg8wd"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= . S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312] S2 aswFsBlk;aswFsBlk; [x] . . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 192.168.1.1 FF - ProfilePath - c:\documents and settings\Deb\Application Data\Mozilla\Firefox\Profiles\hokbtcs4.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=18&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ FF - prefs.js: keyword.URL - hxxp://bing.zugotoolbar.com/s/?iesrc=IE-Address&site=Bing&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF FF - Ext: Search Toolbar: {896642E4-C556-4ED3-85D1-9AC431603E7D} - %profile%\extensions\{896642E4-C556-4ED3-85D1-9AC431603E7D} FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} . - - - - ORPHANS REMOVED - - - - . Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe AddRemove-RadialpointClientGateway_is1 - c:\program files\Verizon\VSP\unins000.exe AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-28 08:08 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(644) c:\windows\system32\Iac25_32.ax c:\windows\system32\l3codeca.acm . Completion time: 2011-06-28 08:12:55 ComboFix-quarantined-files.txt 2011-06-28 12:12 . Pre-Run: 4,405,149,696 bytes free Post-Run: 5,231,403,008 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - BC846545B578EA5EA6696F1B02E55770