ComboFix 12-09-16.01 - Chris 09/17/2012 15:39:11.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.306 [GMT -4:00] Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\Chris\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp c:\documents and settings\Chris\Local Settings\Temp\clclean.0001.dir.0000\~df394b.tmp c:\windows\system32\URTTemp c:\windows\system32\URTTemp\fusion.dll c:\windows\system32\URTTemp\mscoree.dll c:\windows\system32\URTTemp\mscoree.dll.local c:\windows\system32\URTTemp\mscorsn.dll c:\windows\system32\URTTemp\mscorwks.dll c:\windows\system32\URTTemp\msvcr71.dll c:\windows\system32\URTTemp\regtlib.exe c:\windows\wt c:\windows\wt\data.wts c:\windows\wt\updater\wt.ini c:\windows\wt\webdriver.dll c:\windows\wt\webdriver\4.1.1\actorobject.dll c:\windows\wt\webdriver\4.1.1\dx5drv.dll c:\windows\wt\webdriver\4.1.1\dx7drv.dll c:\windows\wt\webdriver\4.1.1\objectbundle.dll c:\windows\wt\webdriver\4.1.1\sound.dll c:\windows\wt\webdriver\4.1.1\wdcaps.ded c:\windows\wt\webdriver\4.1.1\wdengine.dll c:\windows\wt\webdriver\4.1.1\webdriver.dll c:\windows\wt\webdriver\4.1.1\wthost.exe c:\windows\wt\webdriver\4.1.1\wthostctl.dll c:\windows\wt\webdriver\4.1.1\wtmulti.dll c:\windows\wt\webdriver\4.1.1\wtmulti.jar c:\windows\wt\webdriver\4.1.1\wtwmplug.ax c:\windows\wt\webdriver\4.1.1\wtwmplug.ini c:\windows\wt\webdriver\jdriver.dll c:\windows\wt\webdriver\rdriver.dll c:\windows\wt\webdriver\wildtangent.jar c:\windows\wt\wt3d.dll c:\windows\wt\wt3d.ini c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas c:\windows\wt\wtupdates\webd\4.1.1\files\actorobject.dll c:\windows\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html c:\windows\wt\wtupdates\webd\4.1.1\files\dx5drv.dll c:\windows\wt\wtupdates\webd\4.1.1\files\dx7drv.dll c:\windows\wt\wtupdates\webd\4.1.1\files\jdriver.dll c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\data.wts c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll c:\windows\wt\wtupdates\webd\4.1.1\files\npWTHost.dll c:\windows\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt c:\windows\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll c:\windows\wt\wtupdates\webd\4.1.1\files\rdriver.dll c:\windows\wt\wtupdates\webd\4.1.1\files\Sound.dll c:\windows\wt\wtupdates\webd\4.1.1\files\update_info\data.wts c:\windows\wt\wtupdates\webd\4.1.1\files\wdcaps.ded c:\windows\wt\wtupdates\webd\4.1.1\files\wdengine.dll c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas c:\windows\wt\wtupdates\webd\4.1.1\files\webdriver.dll c:\windows\wt\wtupdates\webd\4.1.1\files\wildtangent.jar c:\windows\wt\wtupdates\webd\4.1.1\files\wt3d.ini c:\windows\wt\wtupdates\webd\4.1.1\files\WTHost.exe c:\windows\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.dll c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.jar c:\windows\wt\wtupdates\webd\4.1.1\files\wtvh.dll c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll c:\windows\wt\wtupdates\wtupdater\appinfo.dat c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts c:\windows\wt\wtvh.dll . . ((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 ))))))))))))))))))))))))))))))) . . 2012-09-17 19:11 . 2012-09-17 19:12 -------- d-----w- c:\program files\ERUNT 2012-09-16 16:12 . 2012-09-17 19:26 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-09-14 16:17 . 2012-09-14 16:17 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-14 16:17 . 2012-09-14 16:17 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-14 06:52 . 2012-09-14 06:52 -------- d-----w- c:\program files\Common Files\Adobe 2012-09-14 06:50 . 2004-08-04 03:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys 2012-09-14 06:50 . 2004-08-04 03:07 59264 ----a-w- c:\windows\system32\dllcache\usbaudio.sys 2012-09-14 04:51 . 2012-09-14 04:51 1409 ----a-w- c:\windows\QTFont.for 2012-09-14 02:32 . 2012-05-25 17:14 42864 ----a-w- c:\windows\system32\sbbd.exe 2012-09-14 02:32 . 2012-05-25 17:14 101112 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2012-09-14 02:32 . 2012-09-14 03:20 -------- d-----w- C:\VIPRERESCUE 2012-09-14 00:04 . 2012-09-14 00:23 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-09-13 23:52 . 2012-09-13 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-09-13 23:52 . 2012-09-13 23:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-13 23:52 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-13 18:02 . 2012-09-13 18:02 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel 2012-09-13 18:01 . 2012-09-13 23:44 -------- d-----w- c:\documents and settings\Chris 2012-09-13 18:01 . 2006-05-24 15:05 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Corel 2012-09-13 18:01 . 2006-05-24 15:01 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Gtek 2012-09-13 18:01 . 2006-05-24 14:55 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ATI 2012-09-13 17:59 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\hidserv.dll 2012-09-13 17:59 . 2004-08-04 03:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2012-09-13 17:59 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2012-09-13 17:59 . 2004-08-04 04:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2012-09-13 17:58 . 2001-08-17 19:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys 2012-09-13 17:34 . 2012-08-21 09:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-09-13 17:34 . 2012-08-21 09:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-09-13 17:34 . 2012-08-21 09:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-09-13 17:34 . 2012-08-21 09:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-09-13 17:34 . 2012-08-21 09:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-09-13 17:34 . 2012-08-21 09:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-09-13 17:34 . 2012-08-21 09:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-09-13 17:34 . 2012-08-21 09:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-09-13 17:34 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr 2012-09-13 17:34 . 2012-08-21 09:12 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-09-13 17:33 . 2012-09-13 17:33 -------- d-----w- c:\program files\AVAST Software 2012-09-13 17:33 . 2012-09-13 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-09-13 17:10 . 2004-08-04 03:08 26496 ----a-w- c:\windows\system32\dllcache\usbstor.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-17 19:26 . 2012-09-13 17:11 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480] "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576] "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182] "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 397312] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2006-04-06 1032192] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "MBMon"="CTMBHA.DLL" [2006-03-03 1355938] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "VoiceCenter"="c:\program files\Creative\VoiceCenter\AndreaVC.exe" [2006-01-02 1126400] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "BuildBU"="c:\dell\bldbubg.exe" [2004-02-19 61440] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728] "HTAReg"="c:\program files\Creative\Sound Blaster Audigy ADVANCED MB\Product Registration\English\HTAReg.exe" [2005-10-21 512094] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-24 24576] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [9/13/2012 1:34 PM 729752] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/13/2012 1:34 PM 355632] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [9/13/2012 10:32 PM 101112] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/13/2012 1:34 PM 21256] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/13/2012 7:53 PM 399432] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/13/2012 7:52 PM 676936] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/13/2012 7:52 PM 22856] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [9/16/2012 12:12 PM 114144] . Contents of the 'Scheduled Tasks' folder . 2012-09-17 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-09-13 09:12] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/ uInternet Settings,ProxyOverride = Trusted Zone: musicmatch.com\online TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\documents and settings\Chris\Application Data\Mozilla\Firefox\Profiles\z4r2bh9e.default\ . - - - - ORPHANS REMOVED - - - - . AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-17 15:43 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(932) c:\windows\system32\Ati2evxx.dll . Completion time: 2012-09-17 15:44:42 ComboFix-quarantined-files.txt 2012-09-17 19:44 . Pre-Run: 82,566,955,008 bytes free Post-Run: 82,544,959,488 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 1F9D978498DF936E108A18744F6DC49E