Oh wow! Now my computer is working again. Here's the log.txt information from the Combo...
ComboFix 10-03-26.02 - Ann 2010-03-27 15:25:08.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2494.2106 [GMT -4:00]
Running from: c:\documents and settings\Ann\Desktop\commy.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\3931f85
c:\documents and settings\All Users\Application Data\3931f85\3768.mof
c:\documents and settings\All Users\Application Data\3931f85\BackUp\Adobe Gamma.lnk
c:\documents and settings\All Users\Application Data\3931f85\BackUp\DING!.lnk
c:\documents and settings\All Users\Application Data\3931f85\BackUp\HP Digital Imaging Monitor.lnk
c:\documents and settings\All Users\Application Data\3931f85\BackUp\HP Image Zone Fast Start.lnk
c:\documents and settings\All Users\Application Data\3931f85\BackUp\OneNote 2007 Screen Clipper and Launcher.lnk
c:\documents and settings\All Users\Application Data\3931f85\sg3931 .exe
c:\documents and settings\All Users\Application Data\3931f85\sg3931.exe
c:\documents and settings\All Users\Application Data\3931f85\SGD.ico
c:\documents and settings\All Users\Application Data\3931f85\SGDSys\vd952342.bd
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Ann\Application Data\Microsoft\dtPaper
c:\documents and settings\Ann\Application Data\Microsoft\dtPaper\1.html
c:\documents and settings\Ann\Application Data\Microsoft\dtPaper\cfg.msg
c:\documents and settings\Ann\Application Data\Microsoft\dtPaper\tmp.bmp
c:\documents and settings\Ann\Application Data\Security Guard
c:\documents and settings\Ann\Application Data\Security Guard\Instructions.ini
c:\documents and settings\Ann\Local Settings\Temporary Internet Files\48bxyab0.jpg
c:\documents and settings\Ann\Local Settings\Temporary Internet Files\6JaYkyb5A.jpg
c:\documents and settings\Ann\Local Settings\Temporary Internet Files\nooAPM.jpg
c:\documents and settings\Ann\Local Settings\Temporary Internet Files\okbPm.jpg
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\app_dll.dll
c:\windows\system32\ctfmon .exe
c:\windows\system32\fuwofapi.dll
c:\windows\system32\jahasike.dll
c:\windows\system32\lofiketo.dll
c:\windows\system32\lzfl50.dll
c:\windows\system32\neganosu.exe
c:\windows\system32\rundll32 .exe
c:\windows\system32\sasisudi.dll
c:\windows\system32\sodimafe.dll
c:\windows\system32\sojefiwi.exe
c:\windows\system32\yaniruzo.exe
c:\windows\system32\zugikime.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\hbrjvqjw.job
c:\windows\Temp\tmp3.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 )))))))))))))))))))))))))))))))
.
2010-03-20 02:52 . 2010-03-20 02:52 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SGPWINJTGTD
2010-03-15 09:18 . 2010-03-15 09:18 4 ----a-w- c:\program files\8728890.dat
2010-03-15 08:04 . 2010-03-15 08:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert
2010-03-15 08:01 . 2010-03-15 08:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-03-15 00:22 . 2010-03-15 00:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2010-03-14 20:19 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 20:19 . 2010-03-27 11:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-14 20:19 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 16:44 . 2010-03-14 16:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-14 16:27 . 2010-03-14 16:28 -------- d-----w- c:\documents and settings\Ann\Application Data\GetRightToGo
2010-03-14 15:34 . 2010-03-14 15:34 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Threat Expert
2010-03-14 15:26 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-14 15:26 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-14 15:26 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-14 15:26 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-03-14 15:26 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-14 15:26 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-14 15:26 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-14 15:25 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-14 15:25 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-14 15:25 . 2010-02-05 13:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-14 15:25 . 2010-03-14 15:26 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-14 15:25 . 2010-03-14 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-03-14 15:12 . 2010-03-14 15:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-03-14 15:12 . 2010-03-14 15:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-03-14 03:29 . 2010-03-14 03:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-03-14 03:18 . 2010-03-14 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-03-14 03:17 . 2010-03-14 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-03-14 03:17 . 2010-03-14 03:17 -------- d-----w- c:\program files\Common Files\iS3
2010-03-14 03:15 . 2010-03-14 03:15 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-03-14 02:43 . 2010-03-24 16:42 -------- d-----w- c:\documents and settings\Ann\Application Data\770F2997F2BFA71D1B8B4463F6319FB4
2010-03-06 17:05 . 2010-03-06 17:05 -------- d-----w- c:\documents and settings\Ann\Application Data\CyberLink
2010-03-06 17:04 . 2010-03-06 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-03-06 17:04 . 2010-03-06 17:04 -------- d-----w- c:\program files\CyberLink
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 19:34 . 2009-01-17 16:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-18 13:13 . 2009-06-10 20:37 -------- d-----w- c:\program files\QuickTime
2010-03-18 13:13 . 2009-01-17 16:19 -------- d-----w- c:\program files\Spyware Doctor
2010-03-18 13:13 . 2009-09-19 18:41 -------- d-----w- c:\program files\Verizon
2010-03-18 13:13 . 2009-06-10 20:42 -------- d-----w- c:\program files\iTunes
2010-03-18 13:13 . 2009-02-27 17:54 -------- d-----w- c:\program files\AIM6
2010-03-18 13:13 . 2009-01-13 00:20 -------- d-----w- c:\program files\Norton 360
2010-03-18 13:13 . 2009-01-13 00:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-14 23:08 . 2010-02-12 11:43 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-14 20:47 . 2009-11-07 23:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-14 20:47 . 2009-11-07 23:36 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-03-14 20:47 . 2010-03-14 20:46 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-03-14 20:46 . 2009-11-07 23:36 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-03-14 20:46 . 2009-05-25 21:21 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-03-14 20:46 . 2009-01-25 03:14 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-14 20:46 . 2009-11-07 23:36 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-03-14 20:46 . 2009-11-07 23:36 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-03-14 20:46 . 2009-06-16 21:21 6330848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-03-14 20:46 . 2010-03-14 20:46 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-03-14 20:12 . 2010-02-12 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-03-14 20:06 . 2008-04-14 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-14 16:44 . 2009-01-20 22:17 -------- d-----w- c:\program files\Lavasoft
2010-03-14 14:51 . 2010-03-14 14:49 2240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-03-14 14:46 . 2009-01-18 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-03-14 02:43 . 2010-03-14 02:43 17920 ----a-w- c:\documents and settings\Ann\Application Data\770F2997F2BFA71D1B8B4463F6319FB4\hookdll.dll
2010-03-14 02:43 . 2010-03-14 02:43 962560 ----a-w- c:\documents and settings\Ann\Application Data\770F2997F2BFA71D1B8B4463F6319FB4\dbf70700 .exe
2010-03-14 02:03 . 2009-01-17 14:44 -------- d-----w- c:\documents and settings\Ann\Application Data\FrostWire
2010-03-11 08:03 . 2009-01-13 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-08 23:21 . 2009-01-13 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-06 17:04 . 2008-12-30 03:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-05 01:21 . 2009-01-13 00:31 -------- d-----w- c:\program files\Google
2010-03-01 12:40 . 2009-10-02 00:23 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-04 15:53 . 2010-03-14 16:44 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 15:53 . 2009-01-20 22:21 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-30 12:38 . 2009-01-13 03:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-27 11:36 . 2009-06-16 21:21 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
1601-01-01 00:03 . 1601-01-01 00:03 70656 --sha-w- c:\windows\system32\bizivata.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\bogogife.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\buloboti.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\fakiyegi.dll
1601-01-01 00:03 . 1601-01-01 00:03 56320 --sha-w- c:\windows\system32\gekininu.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\hanipolu.dll
1601-01-01 00:03 . 1601-01-01 00:03 96768 --sha-w- c:\windows\system32\hogayigi.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\kelahudu.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\lokomoha.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\nodujohu.dll
1601-01-01 00:03 . 1601-01-01 00:03 96768 --sha-w- c:\windows\system32\nuyujivu.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\polufili.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\riwozubi.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\ronilipi.dll
1601-01-01 00:03 . 1601-01-01 00:03 48640 --sha-w- c:\windows\system32\samotaso.dll
1601-01-01 00:03 . 1601-01-01 00:03 65536 --sha-w- c:\windows\system32\sikafemu.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\sudovufu.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\susiwoye.dll
1601-01-01 00:03 . 1601-01-01 00:03 65536 --sha-w- c:\windows\system32\taloziku.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\tayoyeza.dll
1601-01-01 00:03 . 1601-01-01 00:03 173568 --sha-w- c:\windows\system32\tijayoni.exe
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\tisibufu.dll
1601-01-01 00:03 . 1601-01-01 00:03 47616 --sha-w- c:\windows\system32\vigenayu.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{940d0ca2-1da7-4c85-b314-52a878575b57}]
1601-01-01 00:03 65536 --sha-w- c:\windows\system32\sikafemu.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
"Google Update"="c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [N/A]
"Remote System Protection"="c:\windows\system32\lzfl50.dll" [N/A]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-18 818256]
"vigutiture"="sasisudi.dll" [N/A]
"wukiwebit"="c:\windows\system32\zugikime.dll" [N/A]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Remote System Protection"="c:\windows\system32\lzfl50.dll" [N/A]
"Security Guard"="c:\documents and settings\All Users\Application Data\3931f85\SG3931.exe" [N/A]
c:\documents and settings\Ann\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 12:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\CCSVCHST.EXE"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-20 6:21 PM 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-20 5:17 PM 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-14 207280]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-18 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-18 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-18 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-18 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-03-14 112592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1263728]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 3:37 PM 149352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-02-27 1:55 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 8:11 PM 101936]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 9:54 AM 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-17 365280]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
[N/A]
.
Contents of the 'Scheduled Tasks' folder
2010-03-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 09:08]
2010-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]
2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: {77EA3CD6-B134-4CD9-ACD2-0CFC6428F7FD} = 217.23.14.75,4.2.2.1,192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SharedTaskScheduler-{857514da-d991-404d-a452-18b175fcd1db} - (no file)
SharedTaskScheduler-{d0230d96-29f0-4dc5-9739-27a72b4d564b} - c:\windows\system32\totanozi.dll
SharedTaskScheduler-{46985e95-8859-4192-a4c1-273f70dcbb8e} - c:\windows\system32\pudohogu.dll
SharedTaskScheduler-{0a2c744c-0f39-4b4c-a072-4fe199e037a1} - c:\windows\system32\zugikime.dll
SSODL-tewevamez-{857514da-d991-404d-a452-18b175fcd1db} - (no file)
SSODL-nitusajab-{d0230d96-29f0-4dc5-9739-27a72b4d564b} - c:\windows\system32\totanozi.dll
SSODL-dolahamon-{46985e95-8859-4192-a4c1-273f70dcbb8e} - c:\windows\system32\pudohogu.dll
SSODL-jogagizum-{0a2c744c-0f39-4b4c-a072-4fe199e037a1} - c:\windows\system32\zugikime.dll
SafeBoot-klmdb.sys
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-27 15:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1064)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(3832)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\windows\system32\netdde.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-03-27 15:45:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-27 19:45
Pre-Run: 75,872,481,280 bytes free
Post-Run: 75,695,722,496 bytes free
- - End Of File - - 7DDF17709E7C0E227E4C421DAAC986BD
ComboFix 10-03-26.02 - Ann 2010-03-27 15:25:08.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2494.2106 [GMT -4:00]
Running from: c:\documents and settings\Ann\Desktop\commy.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *disabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\3931f85
c:\documents and settings\All Users\Application Data\3931f85\3768.mof
c:\documents and settings\All Users\Application Data\3931f85\BackUp\Adobe Gamma.lnk
c:\documents and settings\All Users\Application Data\3931f85\BackUp\DING!.lnk
c:\documents and settings\All Users\Application Data\3931f85\BackUp\HP Digital Imaging Monitor.lnk
c:\documents and settings\All Users\Application Data\3931f85\BackUp\HP Image Zone Fast Start.lnk
c:\documents and settings\All Users\Application Data\3931f85\BackUp\OneNote 2007 Screen Clipper and Launcher.lnk
c:\documents and settings\All Users\Application Data\3931f85\sg3931 .exe
c:\documents and settings\All Users\Application Data\3931f85\sg3931.exe
c:\documents and settings\All Users\Application Data\3931f85\SGD.ico
c:\documents and settings\All Users\Application Data\3931f85\SGDSys\vd952342.bd
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Ann\Application Data\Microsoft\dtPaper
c:\documents and settings\Ann\Application Data\Microsoft\dtPaper\1.html
c:\documents and settings\Ann\Application Data\Microsoft\dtPaper\cfg.msg
c:\documents and settings\Ann\Application Data\Microsoft\dtPaper\tmp.bmp
c:\documents and settings\Ann\Application Data\Security Guard
c:\documents and settings\Ann\Application Data\Security Guard\Instructions.ini
c:\documents and settings\Ann\Local Settings\Temporary Internet Files\48bxyab0.jpg
c:\documents and settings\Ann\Local Settings\Temporary Internet Files\6JaYkyb5A.jpg
c:\documents and settings\Ann\Local Settings\Temporary Internet Files\nooAPM.jpg
c:\documents and settings\Ann\Local Settings\Temporary Internet Files\okbPm.jpg
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\app_dll.dll
c:\windows\system32\ctfmon .exe
c:\windows\system32\fuwofapi.dll
c:\windows\system32\jahasike.dll
c:\windows\system32\lofiketo.dll
c:\windows\system32\lzfl50.dll
c:\windows\system32\neganosu.exe
c:\windows\system32\rundll32 .exe
c:\windows\system32\sasisudi.dll
c:\windows\system32\sodimafe.dll
c:\windows\system32\sojefiwi.exe
c:\windows\system32\yaniruzo.exe
c:\windows\system32\zugikime.dll
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\hbrjvqjw.job
c:\windows\Temp\tmp3.tmp
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((( Files Created from 2010-02-27 to 2010-03-27 )))))))))))))))))))))))))))))))
.
2010-03-20 02:52 . 2010-03-20 02:52 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SGPWINJTGTD
2010-03-15 09:18 . 2010-03-15 09:18 4 ----a-w- c:\program files\8728890.dat
2010-03-15 08:04 . 2010-03-15 08:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert
2010-03-15 08:01 . 2010-03-15 08:01 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-03-15 00:22 . 2010-03-15 00:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
2010-03-14 20:19 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 20:19 . 2010-03-27 11:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-14 20:19 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 16:44 . 2010-03-14 16:44 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-14 16:27 . 2010-03-14 16:28 -------- d-----w- c:\documents and settings\Ann\Application Data\GetRightToGo
2010-03-14 15:34 . 2010-03-14 15:34 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Threat Expert
2010-03-14 15:26 . 2010-01-21 23:21 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-03-14 15:26 . 2010-01-21 23:21 767952 ----a-w- c:\windows\BDTSupport.dll
2010-03-14 15:26 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-03-14 15:26 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-03-14 15:26 . 2010-01-21 23:21 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-03-14 15:26 . 2010-01-21 23:21 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-03-14 15:26 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-14 15:25 . 2009-10-06 20:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-14 15:25 . 2009-09-23 20:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-14 15:25 . 2010-02-05 13:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-14 15:25 . 2010-03-14 15:26 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-14 15:25 . 2010-03-14 15:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-03-14 15:12 . 2010-03-14 15:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-03-14 15:12 . 2010-03-14 15:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-03-14 03:29 . 2010-03-14 03:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-03-14 03:18 . 2010-03-14 03:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-03-14 03:17 . 2010-03-14 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-03-14 03:17 . 2010-03-14 03:17 -------- d-----w- c:\program files\Common Files\iS3
2010-03-14 03:15 . 2010-03-14 03:15 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-03-14 02:43 . 2010-03-24 16:42 -------- d-----w- c:\documents and settings\Ann\Application Data\770F2997F2BFA71D1B8B4463F6319FB4
2010-03-06 17:05 . 2010-03-06 17:05 -------- d-----w- c:\documents and settings\Ann\Application Data\CyberLink
2010-03-06 17:04 . 2010-03-06 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-03-06 17:04 . 2010-03-06 17:04 -------- d-----w- c:\program files\CyberLink
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-27 19:34 . 2009-01-17 16:19 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-18 13:13 . 2009-06-10 20:37 -------- d-----w- c:\program files\QuickTime
2010-03-18 13:13 . 2009-01-17 16:19 -------- d-----w- c:\program files\Spyware Doctor
2010-03-18 13:13 . 2009-09-19 18:41 -------- d-----w- c:\program files\Verizon
2010-03-18 13:13 . 2009-06-10 20:42 -------- d-----w- c:\program files\iTunes
2010-03-18 13:13 . 2009-02-27 17:54 -------- d-----w- c:\program files\AIM6
2010-03-18 13:13 . 2009-01-13 00:20 -------- d-----w- c:\program files\Norton 360
2010-03-18 13:13 . 2009-01-13 00:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-03-14 23:08 . 2010-02-12 11:43 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-14 20:47 . 2009-11-07 23:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-14 20:47 . 2009-11-07 23:36 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-03-14 20:47 . 2010-03-14 20:46 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-03-14 20:46 . 2009-11-07 23:36 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-03-14 20:46 . 2009-05-25 21:21 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-03-14 20:46 . 2009-01-25 03:14 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-03-14 20:46 . 2009-11-07 23:36 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-03-14 20:46 . 2009-11-07 23:36 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-03-14 20:46 . 2009-06-16 21:21 6330848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-03-14 20:46 . 2010-03-14 20:46 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-03-14 20:12 . 2010-02-12 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-03-14 20:06 . 2008-04-14 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-14 16:44 . 2009-01-20 22:17 -------- d-----w- c:\program files\Lavasoft
2010-03-14 14:51 . 2010-03-14 14:49 2240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-03-14 14:46 . 2009-01-18 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-03-14 02:43 . 2010-03-14 02:43 17920 ----a-w- c:\documents and settings\Ann\Application Data\770F2997F2BFA71D1B8B4463F6319FB4\hookdll.dll
2010-03-14 02:43 . 2010-03-14 02:43 962560 ----a-w- c:\documents and settings\Ann\Application Data\770F2997F2BFA71D1B8B4463F6319FB4\dbf70700 .exe
2010-03-14 02:03 . 2009-01-17 14:44 -------- d-----w- c:\documents and settings\Ann\Application Data\FrostWire
2010-03-11 08:03 . 2009-01-13 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-08 23:21 . 2009-01-13 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-06 17:04 . 2008-12-30 03:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-05 01:21 . 2009-01-13 00:31 -------- d-----w- c:\program files\Google
2010-03-01 12:40 . 2009-10-02 00:23 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-04 15:53 . 2010-03-14 16:44 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 15:53 . 2009-01-20 22:21 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-30 12:38 . 2009-01-13 03:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-27 11:36 . 2009-06-16 21:21 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
1601-01-01 00:03 . 1601-01-01 00:03 70656 --sha-w- c:\windows\system32\bizivata.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\bogogife.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\buloboti.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\fakiyegi.dll
1601-01-01 00:03 . 1601-01-01 00:03 56320 --sha-w- c:\windows\system32\gekininu.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\hanipolu.dll
1601-01-01 00:03 . 1601-01-01 00:03 96768 --sha-w- c:\windows\system32\hogayigi.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\kelahudu.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\lokomoha.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\nodujohu.dll
1601-01-01 00:03 . 1601-01-01 00:03 96768 --sha-w- c:\windows\system32\nuyujivu.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\polufili.dll
1601-01-01 00:03 . 1601-01-01 00:03 41472 --sha-w- c:\windows\system32\riwozubi.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\ronilipi.dll
1601-01-01 00:03 . 1601-01-01 00:03 48640 --sha-w- c:\windows\system32\samotaso.dll
1601-01-01 00:03 . 1601-01-01 00:03 65536 --sha-w- c:\windows\system32\sikafemu.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\sudovufu.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\susiwoye.dll
1601-01-01 00:03 . 1601-01-01 00:03 65536 --sha-w- c:\windows\system32\taloziku.dll
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\tayoyeza.dll
1601-01-01 00:03 . 1601-01-01 00:03 173568 --sha-w- c:\windows\system32\tijayoni.exe
1601-01-01 00:03 . 1601-01-01 00:03 42496 --sha-w- c:\windows\system32\tisibufu.dll
1601-01-01 00:03 . 1601-01-01 00:03 47616 --sha-w- c:\windows\system32\vigenayu.dll
.
Code:
<pre>
c:\program files\AIM6\aim6 .exe
c:\program files\ATI Technologies\ATI.ACE\cli .exe
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\CyberLink\PowerDVD\pdvdserv .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\iTunes\ituneshelper .exe
c:\program files\Lavasoft\Ad-Aware\aawtray .exe
c:\program files\Microsoft\Search Enhancement Pack\Default Manager\defmgr .exe
c:\program files\Nitro PDF\Professional\nitropdfprintermonitor .exe
c:\program files\Norton 360\oscheck .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Spyware Doctor\pctstray .exe
c:\program files\Verizon\mccitrayapp .exe
</pre>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{940d0ca2-1da7-4c85-b314-52a878575b57}]
1601-01-01 00:03 65536 --sha-w- c:\windows\system32\sikafemu.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [N/A]
"Google Update"="c:\documents and settings\Ann\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [N/A]
"Remote System Protection"="c:\windows\system32\lzfl50.dll" [N/A]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-18 818256]
"vigutiture"="sasisudi.dll" [N/A]
"wukiwebit"="c:\windows\system32\zugikime.dll" [N/A]
"Adobe_Reader"="c:\program files\internet explorer\wmpscfgs.exe" [N/A]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Remote System Protection"="c:\windows\system32\lzfl50.dll" [N/A]
"Security Guard"="c:\documents and settings\All Users\Application Data\3931f85\SG3931.exe" [N/A]
c:\documents and settings\Ann\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-18 12:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\CCSVCHST.EXE"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-20 6:21 PM 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-01-20 5:17 PM 28544]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-14 207280]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-18 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-18 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-18 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-18 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-03-14 112592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-02-04 1263728]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 3:37 PM 149352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-02-27 1:55 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-25 8:11 PM 101936]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 9:54 AM 133104]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-01-17 365280]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
[N/A]
.
Contents of the 'Scheduled Tasks' folder
2010-03-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 09:08]
2010-03-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]
2010-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 13:54]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: {77EA3CD6-B134-4CD9-ACD2-0CFC6428F7FD} = 217.23.14.75,4.2.2.1,192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SharedTaskScheduler-{857514da-d991-404d-a452-18b175fcd1db} - (no file)
SharedTaskScheduler-{d0230d96-29f0-4dc5-9739-27a72b4d564b} - c:\windows\system32\totanozi.dll
SharedTaskScheduler-{46985e95-8859-4192-a4c1-273f70dcbb8e} - c:\windows\system32\pudohogu.dll
SharedTaskScheduler-{0a2c744c-0f39-4b4c-a072-4fe199e037a1} - c:\windows\system32\zugikime.dll
SSODL-tewevamez-{857514da-d991-404d-a452-18b175fcd1db} - (no file)
SSODL-nitusajab-{d0230d96-29f0-4dc5-9739-27a72b4d564b} - c:\windows\system32\totanozi.dll
SSODL-dolahamon-{46985e95-8859-4192-a4c1-273f70dcbb8e} - c:\windows\system32\pudohogu.dll
SSODL-jogagizum-{0a2c744c-0f39-4b4c-a072-4fe199e037a1} - c:\windows\system32\zugikime.dll
SafeBoot-klmdb.sys
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-27 15:36
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,93,6e,2e,97,40,8e,4b,83,90,3b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(1064)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'explorer.exe'(3832)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\windows\system32\netdde.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-03-27 15:45:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-27 19:45
Pre-Run: 75,872,481,280 bytes free
Post-Run: 75,695,722,496 bytes free
- - End Of File - - 7DDF17709E7C0E227E4C421DAAC986BD
