ComboFix 09-08-27.A0 - igor 28.08.2009 13:06.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.511.298 [GMT 2:00]
Running from: c:\documents and settings\igor\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 090827-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.
2009-08-27 21:58 . 2009-08-27 22:00 -------- d-----w- c:\documents and settings\igor\Local Settings\Application Data\Adobe
2009-08-27 11:40 . 2009-08-27 11:40 -------- d-----w- c:\program files\TuneUp Utilities 2006
2009-08-27 11:40 . 2009-08-27 11:40 -------- d-----w- c:\documents and settings\igor\Application Data\TuneUp Software
2009-08-27 11:40 . 2009-08-27 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-08-27 11:40 . 2009-08-27 11:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-27 11:11 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-27 11:11 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-27 10:38 . 2009-08-27 10:38 -------- d-----w- c:\program files\Alcohol Soft
2009-08-27 10:36 . 2009-08-27 10:36 -------- d-----w- c:\documents and settings\igor\Local Settings\Application Data\Ahead
2009-08-27 10:29 . 2009-08-27 15:13 -------- d-----w- c:\documents and settings\igor\Application Data\Ahead
2009-08-27 10:28 . 2009-08-27 10:28 -------- d-----w- c:\program files\Nero
2009-08-27 10:12 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-27 10:12 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-27 10:12 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-27 10:12 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-27 01:30 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-27 01:30 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-27 01:30 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-08-27 01:30 . 2009-08-27 01:30 -------- d-----w- c:\program files\Alwil Software
2009-08-27 01:25 . 2009-08-27 01:25 -------- d-----w- c:\windows\Sun
2009-08-27 01:21 . 2009-08-27 01:21 -------- d-----w- c:\program files\TweakNow RegCleaner Pro
2009-08-27 01:19 . 2009-08-27 01:19 -------- d-----w- c:\program files\Java
2009-08-27 01:19 . 2009-08-27 01:19 -------- d-----w- c:\program files\Common Files\Java
2009-08-27 01:19 . 2009-08-27 01:19 -------- d-----w- c:\documents and settings\igor\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142040}
2009-08-27 01:17 . 2009-08-27 01:31 -------- d-----w- c:\program files\Opera
2009-08-27 01:07 . 2009-08-27 01:10 -------- d-----w- C:\kav
2009-08-27 00:45 . 2005-12-15 09:10 86016 ----a-w- c:\windows\system32\SLIPRT.DLL
2009-08-27 00:45 . 2009-08-27 00:45 -------- d-----w- c:\program files\Microsoft VM
2009-08-26 16:52 . 2009-08-26 16:53 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-26 00:11 . 2009-08-26 00:11 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2009-08-26 00:11 . 2009-08-26 00:11 -------- d-----w- c:\windows\system32\Lang
2009-08-25 23:09 . 2009-08-26 12:17 -------- d-----w- c:\documents and settings\igor\Application Data\WIPE
2009-08-25 23:09 . 2007-06-22 01:08 139776 ----a-w- c:\windows\system32\dhSQLite.dll
2009-08-25 23:09 . 2007-06-18 16:57 219136 ----a-w- c:\windows\sqlite3_engine.dll
2009-08-25 18:26 . 2009-08-25 18:26 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-08-25 13:10 . 2009-08-26 12:56 -------- d-----w- c:\documents and settings\igor\Application Data\uTorrent
2009-08-25 09:41 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-08-25 09:41 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2009-08-25 09:41 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2009-08-24 21:33 . 2009-08-24 21:52 -------- d-----w- c:\program files\Matinsoft
2009-08-24 14:44 . 2009-08-27 01:09 4212 ---h--w- c:\windows\system32\zllictbl.dat
2009-08-24 14:41 . 2009-08-27 10:39 -------- d-----w- c:\windows\Internet Logs
2009-08-24 14:15 . 2009-07-28 14:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-24 12:03 . 2009-08-24 12:03 -------- d-----w- c:\documents and settings\igor\DoctorWeb
2009-08-23 20:39 . 2009-08-27 01:07 -------- d-----w- c:\program files\Eset
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 10:30 . 2009-08-23 15:17 -------- d-----w- c:\program files\Common Files\Ahead
2009-08-27 10:15 . 2009-08-23 15:17 -------- d-----w- c:\program files\Ahead
2009-08-27 01:11 . 2009-08-23 15:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-25 15:00 . 2009-08-23 14:50 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-08-24 21:57 . 2009-08-23 14:59 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-23 21:58 . 2009-08-23 14:56 19296 ----a-w- c:\documents and settings\igor\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-23 15:27 . 2009-08-23 15:27 -------- d-----w- c:\program files\The KMPlayer
2009-08-23 15:23 . 2009-08-23 15:23 -------- d-----w- c:\documents and settings\igor\Application Data\Malwarebytes
2009-08-23 15:23 . 2009-08-23 15:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-23 15:23 . 2009-08-23 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-23 15:11 . 2009-08-23 15:11 -------- d-----w- c:\program files\ASUSTeK
2009-08-23 14:51 . 2009-08-23 14:51 -------- d-----w- c:\program files\microsoft frontpage
2009-08-23 14:47 . 2009-08-23 14:47 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-03 11:36 . 2009-08-23 15:23 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-08-23 15:23 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-11-24 94208]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-03-30 5898240]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-03-30 1519616]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27.8.2009 13:11 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.8.2009 13:11 20560]
.
Contents of the 'Scheduled Tasks' folder
2009-08-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-21 20:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-08-28 13:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2009-08-28 13:11
ComboFix-quarantined-files.txt 2009-08-28 11:11
Pre-Run: 27.700.998.144 bytes free
Post-Run: 28.075.237.376 bytes free
138