ComboFix 12-08-15.01 - Administrator 08/15/2012 13:26:37.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1500 [GMT -6:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\SETE5F.tmp c:\windows\system32\SETE63.tmp c:\windows\system32\SETE6B.tmp . . ((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 ))))))))))))))))))))))))))))))) . . 2012-08-15 18:58 . 2012-08-15 18:58 -------- d-----w- C:\_OTL . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-10 21:46 . 2012-03-31 22:10 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-10 21:46 . 2011-06-28 07:30 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-08 23:47 . 2012-06-08 21:07 21840 ----atw- c:\windows\system32\SIntfNT.dll 2012-08-08 23:47 . 2012-06-08 21:07 17212 ----atw- c:\windows\system32\SIntf32.dll 2012-08-08 23:47 . 2012-06-08 21:07 12067 ----atw- c:\windows\system32\SIntf16.dll 2012-07-03 19:46 . 2012-01-02 21:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-08 20:41 . 2012-06-08 20:41 94208 ----a-w- c:\windows\DIIUnin.exe 2012-06-08 20:41 . 2012-06-08 20:41 2829 ----a-w- c:\windows\DIIUnin.pif 2012-06-08 20:35 . 2012-06-08 20:34 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-11-28 18:01 122512 ----a-w- c:\program files\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MusicManager"="c:\documents and settings\Administrator\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-13 134656] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-13 166912] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-13 135680] "avast"="c:\program files\Avast\avastUI.exe" [2011-11-28 3744552] "RTHDCPL"="RTHDCPL.EXE" [2007-11-01 16342528] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-11-01 151552] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" [2008-04-14 99840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMHelp"= 1 (0x1) "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMMyPictures"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/28/2011 12:52 AM 435032] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/28/2011 12:52 AM 314456] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/28/2011 12:52 AM 20568] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [6/8/2012 2:34 PM 242240] R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [6/28/2011 12:41 AM 6609920] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/7/2012 2:47 PM 113120] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - ASWMBR *Deregistered* - aswMBR . Contents of the 'Scheduled Tasks' folder . 2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-2111687655-1606980848-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 07:05] . 2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-2111687655-1606980848-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-28 07:05] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 TCP: DhcpNameServer = 69.145.248.4 69.146.17.2 69.144.49.29 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a0r6lqg3.default\ . - - - - ORPHANS REMOVED - - - - . AddRemove-UnityWebPlayer - c:\documents and settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-15 13:38 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2012-08-15 13:42:58 ComboFix-quarantined-files.txt 2012-08-15 19:42 . Pre-Run: 46,875,254,784 bytes free Post-Run: 47,856,472,064 bytes free . - - End Of File - - 9D7386D9C3217DB022423A68EB9E2F74