ComboFix 11-07-15.03 - Blair 07/16/2011 20:44:18.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.751.416 [GMT -6:00]
Running from: c:\documents and settings\Blair\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-17 to 2011-07-17 )))))))))))))))))))))))))))))))
.
.
2011-07-16 15:32 . 2011-07-07 01:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-16 15:32 . 2011-07-07 01:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-16 15:32 . 2011-07-16 15:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-16 02:56 . 2011-07-16 02:56 -------- d-----w- c:\documents and settings\Blair\Application Data\Malwarebytes
2011-07-16 02:56 . 2011-07-16 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-02 18:50 . 2011-07-02 18:50 -------- d-----w- c:\program files\Common Files\Java
2011-06-26 14:28 . 2011-06-26 14:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-25 14:13 . 2011-06-25 14:13 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-25 14:13 . 2011-06-25 14:13 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-17 13:57 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2011-06-17 13:57 . 2011-04-29 19:07 852480 -c----w- c:\windows\system32\dllcache\vgx.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 10:52 . 2010-08-02 15:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 08:25 . 2010-03-06 06:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31 . 2010-03-06 05:34 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2006-02-28 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 14:47 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-04-25 14:47 . 2006-02-28 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 14:47 . 2006-02-28 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-04-25 12:56 . 2006-02-28 12:00 369664 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37 . 2006-02-28 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
2011-06-25 14:13 . 2011-03-25 14:42 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-16_13.57.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-16 23:43 . 2011-07-16 23:43 16384 c:\windows\Temp\Perflib_Perfdata_430.dat
+ 2011-07-16 23:40 . 2011-07-16 23:41 181292 c:\windows\system32\Restore\rstrlog.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]
@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"
[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]
2010-03-09 10:11 136704 ----a-w- c:\program files\Alwil Software\Avast5\snxPlugins.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"MyGarminAgent"="c:\program files\Garmin\MyGarminAgent\MyGarminAgent.exe" [2010-03-16 337256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-17 01:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [4/26/2010 8:08 PM 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [4/26/2010 8:09 PM 194640]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [4/26/2010 8:09 PM 102352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/26/2010 8:09 PM 294480]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/26/2010 8:09 PM 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/26/2010 8:09 PM 19024]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [3/7/2010 11:24 AM 309008]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 1:41 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/16/2011 9:32 AM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/16/2011 9:32 AM 22712]
S2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [4/26/2010 8:08 PM 119200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 RapportMgmtService;Rapport Management Service;"c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe" --> c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2010-03-07 c:\windows\Tasks\IObit Security 360 Updater.job
- c:\program files\IObit\IObit Security 360\is360updater.exe [2010-03-07 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Blair\Application Data\Mozilla\Firefox\Profiles\nbsa0jmf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-16 21:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(996)
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-07-16 21:10:19
ComboFix-quarantined-files.txt 2011-07-17 03:10
ComboFix2.txt 2011-07-16 14:04
.
Pre-Run: 8,444,579,840 bytes free
Post-Run: 8,434,421,760 bytes free
.
- - End Of File - - 25BDAA76F08573B216FD560F521858B7