farmerjohn1324
Member
ComboFix 14-08-26.02 - Liquid 08/27/2014 20:48:29.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.138 [GMT -7:00]
Running from: c:\documents and settings\Liquid\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Liquid\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\AVG
c:\documents and settings\All Users\Application Data\AVG\AWL\AvgRep.xml
c:\documents and settings\All Users\Application Data\AVG\AWL\Program Statistics\ProgramStatistics.2013.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL\TUProgMan.10.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL\TUProgManagerCache.10.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL\TUTuningIndex.10.2.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL\TUUtilitiesSvc.13.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL2014\TUProgRating.10.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL2014\TUReportData.10.tudb
c:\documents and settings\Liquid\Application Data\AVG
c:\documents and settings\Liquid\Application Data\AVG\AWL2014\Dashboard\IntegratorStates_en-US.xml
c:\documents and settings\Liquid\Local Settings\Application Data\AVG
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\oneclick.log
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\oneclickstarter.log
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\settingcenter.log
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\tuinstallhelper.log
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\tumessages.log
c:\documents and settings\LocalService\Application Data\AVG
c:\documents and settings\LocalService\Local Settings\Application Data\AVG
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGIDSDRIVERL
-------\Legacy_AVGIDSHX
-------\Legacy_AVGIDSSHIM
-------\Legacy_AVGRKX86
-------\Legacy_AVGTDIX
-------\Legacy_UPDATERSVCFOCUSBASE
-------\Service_cerc6
-------\Service_UpdaterSvcfocusbase
.
.
((((((((((((((((((((((((( Files Created from 2014-07-28 to 2014-08-28 )))))))))))))))))))))))))))))))
.
.
2014-08-28 00:07 . 2014-08-28 00:07 -------- d-----w- c:\documents and settings\Liquid\Application Data\Rainmeter
2014-08-28 00:06 . 2014-08-28 00:07 -------- d-----w- c:\program files\Rainmeter
2014-08-27 05:49 . 2014-08-27 05:51 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-27 05:39 . 2014-05-12 14:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-27 05:39 . 2014-05-12 14:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-27 05:39 . 2014-08-27 05:43 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-27 05:39 . 2014-08-27 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-08-27 01:06 . 2014-08-27 01:06 -------- d-----w- c:\windows\ERUNT
2014-08-27 01:04 . 2014-08-27 03:30 -------- d-----w- c:\documents and settings\Administrator
2014-08-26 14:54 . 2014-08-26 14:57 -------- d-----w- c:\program files\ophcrack
2014-08-26 00:17 . 2014-08-26 00:17 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\Temp
2014-08-26 00:02 . 2014-08-26 00:02 -------- d-----w- c:\documents and settings\Liquid\Application Data\AVAST Software
2014-08-25 23:52 . 2014-08-25 23:52 -------- d-----w- c:\windows\jumpshot.com
2014-08-25 23:49 . 2014-08-25 23:47 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-08-25 23:49 . 2014-08-25 23:47 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-25 23:49 . 2014-08-25 23:47 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-25 23:49 . 2014-08-26 02:55 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-25 23:49 . 2014-08-25 23:47 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-25 23:49 . 2014-08-25 23:47 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-25 23:49 . 2014-08-25 23:47 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-25 23:49 . 2014-08-25 23:47 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-08-25 23:48 . 2014-08-25 23:47 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-25 23:47 . 2014-08-25 23:47 43152 ----a-w- c:\windows\avastSS.scr
2014-08-25 23:33 . 2014-08-25 23:33 -------- d-----w- c:\program files\AVAST Software
2014-08-25 22:51 . 2014-08-25 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2014-08-25 20:32 . 2014-08-25 20:41 -------- d-----w- C:\AdwCleaner
2014-08-24 14:37 . 2014-08-25 05:47 -------- d-----w- c:\documents and settings\Liquid\Application Data\vlc
2014-08-24 14:30 . 2014-08-24 14:36 -------- d-----w- c:\program files\WhoCrashed
2014-08-24 14:04 . 2014-08-24 14:04 -------- d-----w- c:\program files\VideoLAN
2014-08-24 01:16 . 2014-08-24 01:18 -------- d-----w- c:\program files\CCleaner
2014-08-23 14:59 . 2014-08-23 14:59 -------- d-----w- c:\windows\system32\MRT
2014-08-23 14:54 . 2014-08-23 14:55 -------- d-----w- C:\ac966342dac78647c83a26741a
2014-08-23 05:08 . 2014-08-23 05:08 -------- d-----w- c:\documents and settings\Liquid\Application Data\TuneUp Software
2014-08-23 04:32 . 2014-08-23 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Insight Software Solutions
2014-08-23 04:32 . 2014-08-23 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Insight Software
2014-08-23 04:30 . 2014-08-23 04:30 -------- d-----w- c:\program files\Common Files\Insight Software Solutions
2014-08-23 04:29 . 2014-08-23 04:33 -------- d-----w- c:\program files\Macro Express3
2014-08-23 02:48 . 2014-08-23 02:48 -------- d-sh--w- c:\documents and settings\Liquid\PrivacIE
2014-08-23 02:18 . 2014-08-23 02:18 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\SmartFTP
2014-08-23 02:09 . 2014-08-23 02:09 -------- d-----w- c:\documents and settings\Liquid\Application Data\SmartFTP
2014-08-23 02:08 . 2014-08-23 02:08 -------- d-----w- c:\program files\SmartFTP Client
2014-08-17 12:02 . 2014-08-24 01:42 -------- d-----w- c:\program files\Google
2014-08-17 11:48 . 2014-08-23 02:50 -------- d-----w- c:\documents and settings\Liquid\Application Data\CoffeeCup Software
2014-08-04 14:49 . 2014-08-04 14:50 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-04 14:47 . 2014-08-04 14:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2014-08-04 14:45 . 2014-08-04 14:47 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\AOL
2014-08-01 08:59 . 2014-08-01 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\BlueStacksSetup
2014-08-01 08:58 . 2014-08-01 08:58 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\Bluestacks
2014-07-30 10:17 . 2014-07-30 10:17 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\Skype
2014-07-30 10:16 . 2014-08-28 03:16 -------- d-----w- c:\documents and settings\Liquid\Application Data\Skype
2014-07-30 10:14 . 2014-07-30 10:14 -------- d-----w- c:\program files\Common Files\Skype
2014-07-30 10:14 . 2014-07-30 10:14 -------- d-----r- c:\program files\Skype
2014-07-30 10:13 . 2014-07-30 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-03 17:25 . 2014-07-03 17:07 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-03 17:25 . 2014-07-03 17:07 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-25 23:46 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-07-25 21650016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2004-03-04 211828]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-26 4085896]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [8/25/2014 4:49 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [8/25/2014 4:49 PM 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/25/2014 4:49 PM 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [8/25/2014 4:49 PM 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [8/25/2014 4:49 PM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [8/25/2014 4:49 PM 67824]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [4/3/2014 8:21 PM 315008]
S3 cpuz134;cpuz134;\??\c:\docume~1\Liquid\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Liquid\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE1200xp.sys [7/3/2014 9:44 AM 1034240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-24 01:42 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-28 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-25 23:46]
.
2014-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-24 01:14]
.
2014-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-24 01:14]
.
2014-08-28 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-07-03 01:59]
.
2014-08-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-07-03 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-27 21:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2332)
c:\windows\system32\WININET.dll
c:\windows\system32\PROPSYS.dll
c:\windows\system32\MSVCP120.dll
c:\windows\system32\MSVCR120.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2014-08-27 21:18:03 - machine was rebooted
ComboFix-quarantined-files.txt 2014-08-28 04:17
ComboFix2.txt 2014-08-27 21:57
.
Pre-Run: 3,859,091,456 bytes free
Post-Run: 3,789,139,968 bytes free
.
- - End Of File - - 249C1C39EBA6AD82F479AF3549874F27
8F558EB6672622401DA993E1E865C861
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.138 [GMT -7:00]
Running from: c:\documents and settings\Liquid\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Liquid\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\AVG
c:\documents and settings\All Users\Application Data\AVG\AWL\AvgRep.xml
c:\documents and settings\All Users\Application Data\AVG\AWL\Program Statistics\ProgramStatistics.2013.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL\TUProgMan.10.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL\TUProgManagerCache.10.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL\TUTuningIndex.10.2.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL\TUUtilitiesSvc.13.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL2014\TUProgRating.10.tudb
c:\documents and settings\All Users\Application Data\AVG\AWL2014\TUReportData.10.tudb
c:\documents and settings\Liquid\Application Data\AVG
c:\documents and settings\Liquid\Application Data\AVG\AWL2014\Dashboard\IntegratorStates_en-US.xml
c:\documents and settings\Liquid\Local Settings\Application Data\AVG
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\oneclick.log
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\oneclickstarter.log
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\settingcenter.log
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\tuinstallhelper.log
c:\documents and settings\Liquid\Local Settings\Application Data\AVG\AWL2014\Log\tumessages.log
c:\documents and settings\LocalService\Application Data\AVG
c:\documents and settings\LocalService\Local Settings\Application Data\AVG
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGIDSDRIVERL
-------\Legacy_AVGIDSHX
-------\Legacy_AVGIDSSHIM
-------\Legacy_AVGRKX86
-------\Legacy_AVGTDIX
-------\Legacy_UPDATERSVCFOCUSBASE
-------\Service_cerc6
-------\Service_UpdaterSvcfocusbase
.
.
((((((((((((((((((((((((( Files Created from 2014-07-28 to 2014-08-28 )))))))))))))))))))))))))))))))
.
.
2014-08-28 00:07 . 2014-08-28 00:07 -------- d-----w- c:\documents and settings\Liquid\Application Data\Rainmeter
2014-08-28 00:06 . 2014-08-28 00:07 -------- d-----w- c:\program files\Rainmeter
2014-08-27 05:49 . 2014-08-27 05:51 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-08-27 05:39 . 2014-05-12 14:26 53208 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-08-27 05:39 . 2014-05-12 14:25 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-08-27 05:39 . 2014-08-27 05:43 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-08-27 05:39 . 2014-08-27 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2014-08-27 01:06 . 2014-08-27 01:06 -------- d-----w- c:\windows\ERUNT
2014-08-27 01:04 . 2014-08-27 03:30 -------- d-----w- c:\documents and settings\Administrator
2014-08-26 14:54 . 2014-08-26 14:57 -------- d-----w- c:\program files\ophcrack
2014-08-26 00:17 . 2014-08-26 00:17 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\Temp
2014-08-26 00:02 . 2014-08-26 00:02 -------- d-----w- c:\documents and settings\Liquid\Application Data\AVAST Software
2014-08-25 23:52 . 2014-08-25 23:52 -------- d-----w- c:\windows\jumpshot.com
2014-08-25 23:49 . 2014-08-25 23:47 57800 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-08-25 23:49 . 2014-08-25 23:47 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-25 23:49 . 2014-08-25 23:47 779536 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-08-25 23:49 . 2014-08-26 02:55 414520 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-25 23:49 . 2014-08-25 23:47 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-25 23:49 . 2014-08-25 23:47 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-25 23:49 . 2014-08-25 23:47 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-25 23:49 . 2014-08-25 23:47 55112 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-08-25 23:48 . 2014-08-25 23:47 276432 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-25 23:47 . 2014-08-25 23:47 43152 ----a-w- c:\windows\avastSS.scr
2014-08-25 23:33 . 2014-08-25 23:33 -------- d-----w- c:\program files\AVAST Software
2014-08-25 22:51 . 2014-08-25 23:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2014-08-25 20:32 . 2014-08-25 20:41 -------- d-----w- C:\AdwCleaner
2014-08-24 14:37 . 2014-08-25 05:47 -------- d-----w- c:\documents and settings\Liquid\Application Data\vlc
2014-08-24 14:30 . 2014-08-24 14:36 -------- d-----w- c:\program files\WhoCrashed
2014-08-24 14:04 . 2014-08-24 14:04 -------- d-----w- c:\program files\VideoLAN
2014-08-24 01:16 . 2014-08-24 01:18 -------- d-----w- c:\program files\CCleaner
2014-08-23 14:59 . 2014-08-23 14:59 -------- d-----w- c:\windows\system32\MRT
2014-08-23 14:54 . 2014-08-23 14:55 -------- d-----w- C:\ac966342dac78647c83a26741a
2014-08-23 05:08 . 2014-08-23 05:08 -------- d-----w- c:\documents and settings\Liquid\Application Data\TuneUp Software
2014-08-23 04:32 . 2014-08-23 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Insight Software Solutions
2014-08-23 04:32 . 2014-08-23 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Insight Software
2014-08-23 04:30 . 2014-08-23 04:30 -------- d-----w- c:\program files\Common Files\Insight Software Solutions
2014-08-23 04:29 . 2014-08-23 04:33 -------- d-----w- c:\program files\Macro Express3
2014-08-23 02:48 . 2014-08-23 02:48 -------- d-sh--w- c:\documents and settings\Liquid\PrivacIE
2014-08-23 02:18 . 2014-08-23 02:18 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\SmartFTP
2014-08-23 02:09 . 2014-08-23 02:09 -------- d-----w- c:\documents and settings\Liquid\Application Data\SmartFTP
2014-08-23 02:08 . 2014-08-23 02:08 -------- d-----w- c:\program files\SmartFTP Client
2014-08-17 12:02 . 2014-08-24 01:42 -------- d-----w- c:\program files\Google
2014-08-17 11:48 . 2014-08-23 02:50 -------- d-----w- c:\documents and settings\Liquid\Application Data\CoffeeCup Software
2014-08-04 14:49 . 2014-08-04 14:50 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-04 14:47 . 2014-08-04 14:47 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2014-08-04 14:45 . 2014-08-04 14:47 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\AOL
2014-08-01 08:59 . 2014-08-01 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\BlueStacksSetup
2014-08-01 08:58 . 2014-08-01 08:58 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\Bluestacks
2014-07-30 10:17 . 2014-07-30 10:17 -------- d-----w- c:\documents and settings\Liquid\Local Settings\Application Data\Skype
2014-07-30 10:16 . 2014-08-28 03:16 -------- d-----w- c:\documents and settings\Liquid\Application Data\Skype
2014-07-30 10:14 . 2014-07-30 10:14 -------- d-----w- c:\program files\Common Files\Skype
2014-07-30 10:14 . 2014-07-30 10:14 -------- d-----r- c:\program files\Skype
2014-07-30 10:13 . 2014-07-30 10:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-03 17:25 . 2014-07-03 17:07 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-03 17:25 . 2014-07-03 17:07 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-25 23:46 578240 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-07-25 21650016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DadApp"="c:\program files\Dell\AccessDirect\dadapp.exe" [2004-03-04 211828]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-26 4085896]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [8/25/2014 4:49 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [8/25/2014 4:49 PM 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/25/2014 4:49 PM 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [8/25/2014 4:49 PM 414520]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [8/25/2014 4:49 PM 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [8/25/2014 4:49 PM 67824]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [4/3/2014 8:21 PM 315008]
S3 cpuz134;cpuz134;\??\c:\docume~1\Liquid\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Liquid\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 Linksys_adapter_H;Linksys Adapter Network Driver;c:\windows\system32\drivers\AE1200xp.sys [7/3/2014 9:44 AM 1034240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-24 01:42 1104200 ----a-w- c:\program files\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-28 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-25 23:46]
.
2014-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-24 01:14]
.
2014-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-24 01:14]
.
2014-08-28 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Logon.job
- c:\windows\system32\xp_eos.exe [2014-07-03 01:59]
.
2014-08-08 c:\windows\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
- c:\windows\system32\xp_eos.exe [2014-07-03 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-08-27 21:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2332)
c:\windows\system32\WININET.dll
c:\windows\system32\PROPSYS.dll
c:\windows\system32\MSVCP120.dll
c:\windows\system32\MSVCR120.dll
c:\program files\SmartFTP Client\en-US\sfShellTools.dll.mui
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2014-08-27 21:18:03 - machine was rebooted
ComboFix-quarantined-files.txt 2014-08-28 04:17
ComboFix2.txt 2014-08-27 21:57
.
Pre-Run: 3,859,091,456 bytes free
Post-Run: 3,789,139,968 bytes free
.
- - End Of File - - 249C1C39EBA6AD82F479AF3549874F27
8F558EB6672622401DA993E1E865C861