I ran Combofix last night and found that I was infected with Bootkit Whistler. I have the log I received, so I will post that. Any help I can receive about how to delete this will be greatly appreciated! Thanks!
ComboFix 10-10-01.07 - Jaco 10/03/2010 23:18:24.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1484 [GMT -5:00]
Running from: c:\documents and settings\Jaco\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))
.
2010-10-03 10:56 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-10-03 10:56 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-03 08:06 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-03 08:06 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-03 08:06 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-03 08:06 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-03 08:06 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-03 08:06 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-03 08:06 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-03 08:04 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-03 08:04 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-03 08:04 . 2010-10-03 08:04 -------- d-----w- c:\program files\Alwil Software
2010-10-03 08:04 . 2010-10-03 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-02 04:26 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 04:24 . 2010-10-02 04:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 04:24 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 21:32 . 2010-10-01 21:32 0 ----a-w- c:\documents and settings\Jaco\settings.dat
2010-10-01 03:20 . 2010-10-01 03:20 -------- d-----w- c:\documents and settings\Jaco\Local Settings\Application Data\HP
2010-10-01 03:19 . 2010-10-01 03:19 -------- d-----w- c:\program files\Common Files\HP
2010-10-01 03:19 . 2010-10-01 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-10-01 03:18 . 2010-10-01 03:19 19548 ----a-w- c:\windows\hpqins13.dat
2010-10-01 03:16 . 2010-10-01 03:17 -------- d-----w- c:\documents and settings\Jaco\Application Data\Image Zone Express
2010-10-01 03:09 . 2003-03-10 02:30 237568 ----a-w- c:\windows\system32\HPZc3212.dll
2010-10-01 02:13 . 2010-10-01 02:13 -------- d-----w- c:\documents and settings\Jaco\Application Data\AVG10
2010-10-01 01:30 . 2010-10-01 01:30 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-30 06:50 . 2010-10-01 01:44 -------- d-----w- c:\program files\Common Files\Adobe AIR(2)
2010-09-29 08:17 . 2010-09-29 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2010-09-29 08:17 . 2010-10-03 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-09-29 08:17 . 2010-09-30 17:08 -------- d-----w- c:\windows\system32\drivers\AVG(2)
2010-09-29 08:16 . 2010-09-29 08:16 -------- d-----w- c:\program files\AVG
2010-09-29 08:05 . 2010-09-29 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-09-27 23:41 . 2010-09-27 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Mender
2010-09-27 01:36 . 2010-09-27 01:36 -------- d-----w- c:\program files\BitTorrent
2010-09-27 01:34 . 2010-10-01 01:44 -------- d-----w- c:\documents and settings\Jaco\Application Data\BitTorrent
2010-09-26 04:22 . 2010-09-26 04:22 0 ----a-w- c:\windows\ativpsrm.bin
2010-09-26 03:22 . 2010-09-26 03:22 -------- d-----w- c:\documents and settings\Jaco\Application Data\Tific
2010-09-26 03:22 . 2010-09-26 03:22 -------- d-----w- c:\documents and settings\Jaco\Local Settings\Application Data\Symantec
2010-09-23 04:42 . 2010-09-23 04:42 -------- d-----w- c:\program files\Windows Sidebar
2010-09-20 06:21 . 2010-09-20 06:21 503808 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4c844195-n\msvcp71.dll
2010-09-20 06:21 . 2010-09-20 06:21 499712 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4c844195-n\jmc.dll
2010-09-20 06:21 . 2010-09-20 06:21 348160 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4c844195-n\msvcr71.dll
2010-09-20 06:21 . 2010-09-20 06:21 61440 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6424b9dc-n\decora-sse.dll
2010-09-20 06:21 . 2010-09-20 06:21 12800 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6424b9dc-n\decora-d3d.dll
2010-09-20 06:21 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-20 06:07 . 2010-09-20 19:20 -------- d-----w- c:\documents and settings\Jaco\Application Data\DVD Flick
2010-09-20 06:07 . 2003-01-26 18:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2010-09-20 06:07 . 2010-09-20 06:07 -------- d-----w- c:\program files\DVD Flick
2010-09-20 06:01 . 2010-09-20 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-09-20 05:53 . 2010-09-20 05:53 -------- d-----w- c:\documents and settings\Jaco\Application Data\Ashampoo
2010-09-20 05:53 . 2010-09-20 05:53 -------- d-----w- c:\documents and settings\Jaco\Local Settings\Application Data\ashampoo
2010-09-20 05:53 . 2010-09-20 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-09-13 21:27 . 2010-09-13 21:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-08 06:58 . 2010-09-08 07:10 -------- d-----w- c:\documents and settings\Jaco\Local Settings\Application Data\WMTools Downloaded Files
2010-09-04 07:29 . 2010-09-04 07:29 310208 ----a-w- c:\documents and settings\Jaco\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 10:25 . 2010-04-19 17:41 -------- d-----w- c:\program files\Google
2010-10-03 10:25 . 2007-03-14 03:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-03 05:18 . 2007-06-23 12:23 -------- d-----w- c:\program files\Trend Micro
2010-10-01 08:59 . 2007-03-16 20:52 -------- d-----w- c:\program files\Java
2010-10-01 08:59 . 2010-10-01 08:59 0 ----a-w- c:\windows\system32\REN129.tmp
2010-10-01 08:59 . 2010-10-01 08:59 0 ----a-w- c:\windows\system32\REN128.tmp
2010-10-01 08:59 . 2010-10-01 08:59 0 ----a-w- c:\windows\system32\REN127.tmp
2010-10-01 01:39 . 2007-03-14 20:51 82480 ----a-w- c:\documents and settings\Jaco\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-29 08:17 . 2010-07-18 05:31 -------- d-----w- c:\documents and settings\Jaco\Application Data\Skype
2010-09-29 08:00 . 2010-07-18 05:32 -------- d-----w- c:\documents and settings\Jaco\Application Data\skypePM
2010-09-27 01:45 . 2007-03-16 00:36 -------- d-----w- c:\documents and settings\Jaco\Application Data\Azureus
2010-09-20 06:41 . 2009-02-27 03:22 -------- d-----w- c:\program files\NCH Swift Sound
2010-09-20 06:19 . 2009-02-27 03:23 -------- d-----w- c:\program files\NCH Software
2010-09-17 05:14 . 2010-07-18 05:30 -------- d-----r- c:\program files\Skype
2010-09-16 05:51 . 2010-07-09 02:57 5049 ----a-w- c:\windows\Otijadikujikapa.dat
2010-09-04 07:31 . 2010-04-21 15:58 4177856 ----a-w- c:\documents and settings\Jaco\Application Data\Azureus\plugins\azemp\vuzeplayer.exe
2010-09-04 07:30 . 2010-08-21 00:15 -------- d-----w- c:\program files\iTunes
2010-09-04 07:28 . 2009-01-12 21:03 -------- d-----w- c:\program files\Vuze
2010-08-27 16:24 . 2010-08-27 16:24 63572 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-23 03:29 . 2010-08-23 03:29 55 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\F3053EF74652448F98A5C45703106076\install.bat
2010-08-23 03:29 . 2010-08-23 03:29 323584 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\F3053EF74652448F98A5C45703106076\lib\swt-win32-3232.dll
2010-08-21 00:22 . 2007-04-23 20:40 -------- d-----w- c:\documents and settings\Jaco\Application Data\Apple Computer
2010-08-21 00:16 . 2010-08-21 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-21 00:15 . 2010-08-21 00:15 -------- d-----w- c:\program files\iPod
2010-08-21 00:14 . 2009-03-16 17:11 -------- d-----w- c:\program files\QuickTime
2010-08-21 00:14 . 2007-04-03 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-21 00:13 . 2010-08-21 00:13 -------- d-----w- c:\program files\Apple Software Update
2010-08-21 00:09 . 2009-01-07 05:15 -------- d-----w- c:\program files\Common Files\Apple
2010-07-21 21:30 . 2010-07-21 21:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-18 05:32 . 2010-07-18 05:32 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-11 05:43 . 2010-07-09 02:57 0 ----a-w- c:\windows\Wfatifopaniya.bin
.
((((((((((((((((((((((((((((( SnapShot@2010-10-03_05.46.48 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2007-01-19 17:49 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-12 19:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-07-17 16:03 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WDA-1320]
2007-08-29 21:16 1662976 ----a-w- c:\program files\D-Link\Wireless G WDA-1320\AirGCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Echovoice Gamer Statistics]
2006-11-28 21:52 53248 ----a-w- c:\program files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 05:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 21:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-09-21 09:10 55824 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-09-21 09:10 55824 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 03:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-02-26 08:53 65024 ----a-w- c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"helpsvc"=2 (0x2)
"CCALib8"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"YahooAUService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57441:TCP"= 57441:TCP:Pando Media Booster
"57441:UDP"= 57441:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"6966:TCP"= 6966:TCP:League of Legends Launcher
"6966:UDP"= 6966:UDP:League of Legends Launcher
"6894:TCP"= 6894:TCP:League of Legends Launcher
"6894:UDP"= 6894:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"6915:TCP"= 6915:TCP:League of Legends Launcher
"6915:UDP"= 6915:UDP:League of Legends Launcher
"6967:TCP"= 6967:TCP:League of Legends Launcher
"6967:UDP"= 6967:UDP:League of Legends Launcher
"6927:TCP"= 6927:TCP:League of Legends Launcher
"6927:UDP"= 6927:UDP:League of Legends Launcher
"6968:TCP"= 6968:TCP:League of Legends Launcher
"6968:UDP"= 6968:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"6895:TCP"= 6895:TCP:League of Legends Launcher
"6895:UDP"= 6895:UDP:League of Legends Launcher
"6951:TCP"= 6951:TCP:League of Legends Launcher
"6951:UDP"= 6951:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
"6937:TCP"= 6937:TCP:League of Legends Launcher
"6937:UDP"= 6937:UDP:League of Legends Launcher
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [3/7/2007 11:59 AM 77312]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/3/2010 3:06 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/3/2010 3:06 AM 17744]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12/10/2008 9:48 PM 57376]
S1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys --> c:\windows\system32\DRIVERS\amdtools.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2010 12:41 PM 136176]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [12/10/2008 9:48 PM 547744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe [12/10/2008 9:48 PM 352338]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [11/19/2007 9:23 AM 32000]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/25/2007 6:22 PM 685816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
2008-12-13 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4206817551.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]
2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 17:41]
2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 17:41]
2010-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-179605362-839522115-1004Core.job
- c:\documents and settings\Jaco\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-23 22:02]
2010-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-179605362-839522115-1004UA.job
- c:\documents and settings\Jaco\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-23 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://dsl.sbc.yahoo.com/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Jaco\Application Data\Mozilla\Firefox\Profiles\ol583pcy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\Jaco\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Jaco\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(general.useragent.extra.zencast, Creative ZENcast v2.01.01c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-03 23:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1284)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-03 23:26:13
ComboFix-quarantined-files.txt 2010-10-04 04:26
ComboFix2.txt 2010-10-03 05:52
Pre-Run: 263,489,691,648 bytes free
Post-Run: 263,451,127,808 bytes free
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 00655C73BC3D4058FC67C8F93C498DD0
ComboFix 10-10-01.07 - Jaco 10/03/2010 23:18:24.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1484 [GMT -5:00]
Running from: c:\documents and settings\Jaco\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-09-04 to 2010-10-04 )))))))))))))))))))))))))))))))
.
2010-10-03 10:56 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-10-03 10:56 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-10-03 08:06 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-03 08:06 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-03 08:06 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-03 08:06 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-03 08:06 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-03 08:06 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-03 08:06 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-03 08:04 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-03 08:04 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-03 08:04 . 2010-10-03 08:04 -------- d-----w- c:\program files\Alwil Software
2010-10-03 08:04 . 2010-10-03 08:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-02 04:26 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 04:24 . 2010-10-02 04:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 04:24 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-01 21:32 . 2010-10-01 21:32 0 ----a-w- c:\documents and settings\Jaco\settings.dat
2010-10-01 03:20 . 2010-10-01 03:20 -------- d-----w- c:\documents and settings\Jaco\Local Settings\Application Data\HP
2010-10-01 03:19 . 2010-10-01 03:19 -------- d-----w- c:\program files\Common Files\HP
2010-10-01 03:19 . 2010-10-01 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-10-01 03:18 . 2010-10-01 03:19 19548 ----a-w- c:\windows\hpqins13.dat
2010-10-01 03:16 . 2010-10-01 03:17 -------- d-----w- c:\documents and settings\Jaco\Application Data\Image Zone Express
2010-10-01 03:09 . 2003-03-10 02:30 237568 ----a-w- c:\windows\system32\HPZc3212.dll
2010-10-01 02:13 . 2010-10-01 02:13 -------- d-----w- c:\documents and settings\Jaco\Application Data\AVG10
2010-10-01 01:30 . 2010-10-01 01:30 -------- d-----w- c:\windows\system32\wbem\Repository
2010-09-30 06:50 . 2010-10-01 01:44 -------- d-----w- c:\program files\Common Files\Adobe AIR(2)
2010-09-29 08:17 . 2010-09-29 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2010-09-29 08:17 . 2010-10-03 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2010-09-29 08:17 . 2010-09-30 17:08 -------- d-----w- c:\windows\system32\drivers\AVG(2)
2010-09-29 08:16 . 2010-09-29 08:16 -------- d-----w- c:\program files\AVG
2010-09-29 08:05 . 2010-09-29 08:16 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-09-27 23:41 . 2010-09-27 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Mender
2010-09-27 01:36 . 2010-09-27 01:36 -------- d-----w- c:\program files\BitTorrent
2010-09-27 01:34 . 2010-10-01 01:44 -------- d-----w- c:\documents and settings\Jaco\Application Data\BitTorrent
2010-09-26 04:22 . 2010-09-26 04:22 0 ----a-w- c:\windows\ativpsrm.bin
2010-09-26 03:22 . 2010-09-26 03:22 -------- d-----w- c:\documents and settings\Jaco\Application Data\Tific
2010-09-26 03:22 . 2010-09-26 03:22 -------- d-----w- c:\documents and settings\Jaco\Local Settings\Application Data\Symantec
2010-09-23 04:42 . 2010-09-23 04:42 -------- d-----w- c:\program files\Windows Sidebar
2010-09-20 06:21 . 2010-09-20 06:21 503808 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4c844195-n\msvcp71.dll
2010-09-20 06:21 . 2010-09-20 06:21 499712 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4c844195-n\jmc.dll
2010-09-20 06:21 . 2010-09-20 06:21 348160 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4c844195-n\msvcr71.dll
2010-09-20 06:21 . 2010-09-20 06:21 61440 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6424b9dc-n\decora-sse.dll
2010-09-20 06:21 . 2010-09-20 06:21 12800 ----a-w- c:\documents and settings\Jaco\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6424b9dc-n\decora-d3d.dll
2010-09-20 06:21 . 2010-07-17 10:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-20 06:07 . 2010-09-20 19:20 -------- d-----w- c:\documents and settings\Jaco\Application Data\DVD Flick
2010-09-20 06:07 . 2003-01-26 18:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2010-09-20 06:07 . 2010-09-20 06:07 -------- d-----w- c:\program files\DVD Flick
2010-09-20 06:01 . 2010-09-20 06:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-09-20 05:53 . 2010-09-20 05:53 -------- d-----w- c:\documents and settings\Jaco\Application Data\Ashampoo
2010-09-20 05:53 . 2010-09-20 05:53 -------- d-----w- c:\documents and settings\Jaco\Local Settings\Application Data\ashampoo
2010-09-20 05:53 . 2010-09-20 05:53 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2010-09-13 21:27 . 2010-09-13 21:27 25680 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-08 06:58 . 2010-09-08 07:10 -------- d-----w- c:\documents and settings\Jaco\Local Settings\Application Data\WMTools Downloaded Files
2010-09-04 07:29 . 2010-09-04 07:29 310208 ----a-w- c:\documents and settings\Jaco\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-03 10:25 . 2010-04-19 17:41 -------- d-----w- c:\program files\Google
2010-10-03 10:25 . 2007-03-14 03:35 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-03 05:18 . 2007-06-23 12:23 -------- d-----w- c:\program files\Trend Micro
2010-10-01 08:59 . 2007-03-16 20:52 -------- d-----w- c:\program files\Java
2010-10-01 08:59 . 2010-10-01 08:59 0 ----a-w- c:\windows\system32\REN129.tmp
2010-10-01 08:59 . 2010-10-01 08:59 0 ----a-w- c:\windows\system32\REN128.tmp
2010-10-01 08:59 . 2010-10-01 08:59 0 ----a-w- c:\windows\system32\REN127.tmp
2010-10-01 01:39 . 2007-03-14 20:51 82480 ----a-w- c:\documents and settings\Jaco\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-29 08:17 . 2010-07-18 05:31 -------- d-----w- c:\documents and settings\Jaco\Application Data\Skype
2010-09-29 08:00 . 2010-07-18 05:32 -------- d-----w- c:\documents and settings\Jaco\Application Data\skypePM
2010-09-27 01:45 . 2007-03-16 00:36 -------- d-----w- c:\documents and settings\Jaco\Application Data\Azureus
2010-09-20 06:41 . 2009-02-27 03:22 -------- d-----w- c:\program files\NCH Swift Sound
2010-09-20 06:19 . 2009-02-27 03:23 -------- d-----w- c:\program files\NCH Software
2010-09-17 05:14 . 2010-07-18 05:30 -------- d-----r- c:\program files\Skype
2010-09-16 05:51 . 2010-07-09 02:57 5049 ----a-w- c:\windows\Otijadikujikapa.dat
2010-09-04 07:31 . 2010-04-21 15:58 4177856 ----a-w- c:\documents and settings\Jaco\Application Data\Azureus\plugins\azemp\vuzeplayer.exe
2010-09-04 07:30 . 2010-08-21 00:15 -------- d-----w- c:\program files\iTunes
2010-09-04 07:28 . 2009-01-12 21:03 -------- d-----w- c:\program files\Vuze
2010-08-27 16:24 . 2010-08-27 16:24 63572 ---ha-w- c:\windows\system32\mlfcache.dat
2010-08-23 03:29 . 2010-08-23 03:29 55 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\F3053EF74652448F98A5C45703106076\install.bat
2010-08-23 03:29 . 2010-08-23 03:29 323584 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\F3053EF74652448F98A5C45703106076\lib\swt-win32-3232.dll
2010-08-21 00:22 . 2007-04-23 20:40 -------- d-----w- c:\documents and settings\Jaco\Application Data\Apple Computer
2010-08-21 00:16 . 2010-08-21 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-21 00:15 . 2010-08-21 00:15 -------- d-----w- c:\program files\iPod
2010-08-21 00:14 . 2009-03-16 17:11 -------- d-----w- c:\program files\QuickTime
2010-08-21 00:14 . 2007-04-03 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-08-21 00:13 . 2010-08-21 00:13 -------- d-----w- c:\program files\Apple Software Update
2010-08-21 00:09 . 2009-01-07 05:15 -------- d-----w- c:\program files\Common Files\Apple
2010-07-21 21:30 . 2010-07-21 21:30 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-18 05:32 . 2010-07-18 05:32 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-07-11 05:43 . 2010-07-09 02:57 0 ----a-w- c:\windows\Wfatifopaniya.bin
.
((((((((((((((((((((((((((((( SnapShot@2010-10-03_05.46.48 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"hpqSRMon"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2007-01-19 17:49 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-12 19:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
2007-07-17 16:03 868352 ------w- c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link Wireless G WDA-1320]
2007-08-29 21:16 1662976 ----a-w- c:\program files\D-Link\Wireless G WDA-1320\AirGCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Echovoice Gamer Statistics]
2006-11-28 21:52 53248 ----a-w- c:\program files\Echovoice\Gamer Statistics\G15 Echovoice Gamer Statistics.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 05:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 21:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-09-21 09:10 55824 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
2007-09-21 09:10 55824 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 20:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 03:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-02-26 08:53 65024 ----a-w- c:\windows\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 17:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"helpsvc"=2 (0x2)
"CCALib8"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"YahooAUService"=2 (0x2)
"Bonjour Service"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Riot Games\\League of Legends\\air\\LolClient.exe"=
"c:\\Riot Games\\League of Legends\\game\\League of Legends.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57441:TCP"= 57441:TCP:Pando Media Booster
"57441:UDP"= 57441:UDP:Pando Media Booster
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"6966:TCP"= 6966:TCP:League of Legends Launcher
"6966:UDP"= 6966:UDP:League of Legends Launcher
"6894:TCP"= 6894:TCP:League of Legends Launcher
"6894:UDP"= 6894:UDP:League of Legends Launcher
"6923:TCP"= 6923:TCP:League of Legends Launcher
"6923:UDP"= 6923:UDP:League of Legends Launcher
"6915:TCP"= 6915:TCP:League of Legends Launcher
"6915:UDP"= 6915:UDP:League of Legends Launcher
"6967:TCP"= 6967:TCP:League of Legends Launcher
"6967:UDP"= 6967:UDP:League of Legends Launcher
"6927:TCP"= 6927:TCP:League of Legends Launcher
"6927:UDP"= 6927:UDP:League of Legends Launcher
"6968:TCP"= 6968:TCP:League of Legends Launcher
"6968:UDP"= 6968:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"6895:TCP"= 6895:TCP:League of Legends Launcher
"6895:UDP"= 6895:UDP:League of Legends Launcher
"6951:TCP"= 6951:TCP:League of Legends Launcher
"6951:UDP"= 6951:UDP:League of Legends Launcher
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
"6937:TCP"= 6937:TCP:League of Legends Launcher
"6937:UDP"= 6937:UDP:League of Legends Launcher
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 25680]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [3/7/2007 11:59 AM 77312]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/3/2010 3:06 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/3/2010 3:06 AM 17744]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12/10/2008 9:48 PM 57376]
S1 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\amdtools.sys --> c:\windows\system32\DRIVERS\amdtools.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/19/2010 12:41 PM 136176]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [12/10/2008 9:48 PM 547744]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\D-Link\Wireless G WDA-1320\JSWUtil\jswpsapi.exe [12/10/2008 9:48 PM 352338]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [11/19/2007 9:23 AM 32000]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/25/2007 6:22 PM 685816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-09-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
2008-12-13 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4206817551.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]
2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 17:41]
2010-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 17:41]
2010-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-179605362-839522115-1004Core.job
- c:\documents and settings\Jaco\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-23 22:02]
2010-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-179605362-839522115-1004UA.job
- c:\documents and settings\Jaco\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-23 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://dsl.sbc.yahoo.com/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;localhost
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Jaco\Application Data\Mozilla\Firefox\Profiles\ol583pcy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\Jaco\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\Jaco\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(general.useragent.extra.zencast, Creative ZENcast v2.01.01c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-03 23:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(1284)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-03 23:26:13
ComboFix-quarantined-files.txt 2010-10-04 04:26
ComboFix2.txt 2010-10-03 05:52
Pre-Run: 263,489,691,648 bytes free
Post-Run: 263,451,127,808 bytes free
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 00655C73BC3D4058FC67C8F93C498DD0