my home computer wont connect to internet please help. ive included combofix and malewarbytes log files. Thanks.
combofix: ComboFix 10-10-01.06 - chris 10/02/2010 10:53:40.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3191.2244 [GMT -4:00]
Running from: c:\documents and settings\chris\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Movavi
c:\documents and settings\All Users\Application Data\Movavi\iCopy.ini
c:\documents and settings\chris\Application Data\Etofo\riax.exe
c:\windows\system32\11478.exe
c:\windows\system32\11538.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\14771.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17035.exe
c:\windows\system32\17421.exe
c:\windows\system32\18467.exe
c:\windows\system32\1869.exe
c:\windows\system32\18716.exe
c:\windows\system32\19169.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\21726.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\25667.exe
c:\windows\system32\26299.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\41.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\9894.exe
c:\windows\system32\9961.exe
c:\windows\Tasks\rzajtvfd.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IAS
-------\Legacy_WINSTS
((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))
.
2010-10-02 14:18 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 14:18 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 14:10 . 2010-10-02 14:10 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-02 13:19 . 2010-10-02 13:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-10-02 13:19 . 2009-10-23 07:00 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2010-10-02 13:19 . 2010-10-02 13:47 -------- d-s---w- c:\documents and settings\Administrator
2010-10-01 00:46 . 2010-10-01 00:46 -------- d-----w- c:\program files\iPod
2010-10-01 00:42 . 2010-10-01 00:42 -------- d-----w- c:\program files\QuickTime
2010-10-01 00:40 . 2010-10-01 00:40 -------- d-----w- c:\program files\Bonjour
2010-10-01 00:38 . 2010-10-01 00:38 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-10-01 00:33 . 2010-10-01 00:33 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.18.5\SetupAdmin.exe
2010-09-04 19:42 . 2010-09-04 19:42 -------- d-----w- c:\program files\Trihedral
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 17:39 . 2009-12-15 00:04 -------- d-----w- c:\documents and settings\chris\Application Data\Skype
2010-10-02 15:00 . 2009-09-24 01:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-10-02 14:46 . 2010-01-09 20:41 -------- d-----w- c:\program files\Spyware Doctor
2010-10-02 14:36 . 2009-10-21 23:46 -------- d-----w- c:\program files\NCH Software
2010-10-02 14:32 . 2009-10-29 22:23 -------- d-----w- c:\program files\Common Files\Factoid
2010-10-02 14:21 . 2009-09-23 01:37 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-10-02 14:18 . 2010-01-09 20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 13:47 . 2009-09-24 01:06 -------- d-----w- c:\documents and settings\chris\Application Data\uTorrent
2010-10-02 13:36 . 2009-09-24 01:01 -------- d-----w- c:\documents and settings\chris\Application Data\skypePM
2010-10-01 00:47 . 2010-06-22 00:58 -------- d-----w- c:\program files\iTunes
2010-10-01 00:46 . 2009-09-23 01:38 -------- d-----w- c:\program files\Common Files\Apple
2010-10-01 00:36 . 2009-09-23 01:37 -------- d-----w- c:\program files\Safari
2010-10-01 00:14 . 2009-12-05 14:43 -------- d-----w- c:\program files\Paint Shop Pro 5
2010-09-25 17:40 . 2009-09-24 01:07 -------- d-----w- c:\program files\uTorrent
2010-09-11 19:41 . 2010-04-09 20:59 -------- d-----w- c:\documents and settings\chris\Application Data\GRLevel3
2010-08-31 16:11 . 2010-08-31 16:11 3401880 ----a-w- c:\documents and settings\chris\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 15:55 . 2010-08-31 15:55 275096 ----a-w- c:\documents and settings\chris\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 15:39 . 2010-08-31 15:39 3734536 ----a-w- c:\documents and settings\chris\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll
2010-08-31 00:02 . 2010-06-02 17:30 -------- d-----w- c:\documents and settings\chris\Application Data\Ohekg
2010-08-23 04:00 . 2010-03-23 10:23 -------- d-----w- c:\documents and settings\chris\Application Data\Etofo
2010-08-21 20:21 . 2010-08-21 20:21 -------- d-----w- c:\program files\Common Files\Java
2010-08-21 20:21 . 2010-04-06 22:50 -------- d-----w- c:\program files\Java
2010-08-09 01:26 . 2010-08-09 01:26 503808 ----a-w- c:\documents and settings\chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3e0c89ce-n\msvcp71.dll
2010-08-09 01:26 . 2010-08-09 01:26 499712 ----a-w- c:\documents and settings\chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3e0c89ce-n\jmc.dll
2010-08-09 01:26 . 2010-08-09 01:26 61440 ----a-w- c:\documents and settings\chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5257f033-n\decora-sse.dll
2010-08-09 01:26 . 2010-08-09 01:26 12800 ----a-w- c:\documents and settings\chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5257f033-n\decora-d3d.dll
2010-08-09 01:26 . 2010-08-09 01:26 348160 ----a-w- c:\documents and settings\chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3e0c89ce-n\msvcr71.dll
2010-07-27 22:44 . 2010-07-27 22:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:44 . 2010-07-27 22:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-17 09:00 . 2010-08-21 20:21 423656 ----a-w- c:\windows\system32\deployJava1.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"Google Update"="c:\documents and settings\chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-14 136176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-10 2048352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2008-04-18 520192]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2007-01-29 507904]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
c:\documents and settings\chris\Start Menu\Programs\Startup\
Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2009-2-14 337264]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-11-14 98304]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-1-14 525664]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-23 01:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\N:\0autocheck autochk *
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Documents and Settings\\chris\\Desktop\\f0recast-1.0.2.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19164:TCP"= 19164:TCP:utorrent
"62293:TCP"= 62293:TCP:u torrent
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/9/2010 4:41 PM 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/22/2009 9:18 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/22/2009 9:18 PM 108552]
R2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [1/8/2010 5:51 PM 467968]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/22/2009 9:18 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/22/2009 9:18 PM 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1/9/2010 4:47 PM 112592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/9/2010 6:20 PM 135664]
S2 Iprip;Network Security;c:\windows\System32\svchost.exe -k netsvcs [8/29/2002 8:00 AM 14336]
S3 ndisdrv;ndisdrv;\??\c:\windows\system32\ndisdrv.sys --> c:\windows\system32\ndisdrv.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [9/22/2009 9:38 PM 17408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/9/2010 4:41 PM 359624]
S3 USA19W;USA19W;c:\windows\system32\drivers\usa19w2k.sys [11/26/2009 8:31 PM 292920]
S3 USA19w2KP;Keyspan High Speed USB Serial Adapter Port Driver;c:\windows\system32\drivers\usa19w2kp.sys [11/26/2009 8:31 PM 40848]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/14/2010 5:47 PM 11520]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 17:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 22:20]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 22:20]
2010-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-220523388-725345543-1003Core.job
- c:\documents and settings\chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-18 23:44]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-220523388-725345543-1003UA.job
- c:\documents and settings\chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-18 23:44]
2010-10-02 c:\windows\Tasks\zuluSevenDays.job
- c:\program files\NCH Software\Zulu\zulu.exe [2010-10-02 14:36]
2010-10-02 c:\windows\Tasks\zuluShakeIcon.job
- c:\program files\NCH Software\Zulu\zulu.exe [2010-10-02 14:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {A753E183-622F-42B1-A57F-F351B88E97D9} = 192.168.0.1,192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {6CA42F3D-70D6-11D3-A44D-00104B9D101F} - hxxp://207.98.148.167/vtsx/distribution/vtsx.cab
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-{0A3E2721-9C26-C637-EAF1-F82B7628B51B} - c:\documents and settings\chris\Application Data\Etofo\riax.exe
SharedTaskScheduler-{54807c78-3204-45dc-805d-93c0e6c25db0} - c:\windows\system32\kotefupu.dll
SSODL-jahuzajuv-{54807c78-3204-45dc-805d-93c0e6c25db0} - c:\windows\system32\kotefupu.dll
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-02 13:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2052)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Microsoft Shared\OFFICE12\MSOXEV.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\ESRI\License\arcgis9x\ARCGIS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\windows\system32\rundll32.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-10-02 13:43:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-02 17:43
Pre-Run: 863,846,195,200 bytes free
Post-Run: 866,032,623,616 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - E42E337CB5F1A5B3838536093185FF21
malewarebytes log :Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10/10/2010 11:24:19 AM
mbam-log-2010-10-10 (11-24-19).txt
Scan type: Quick scan
Objects scanned: 143979
Time elapsed: 9 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 7
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{14c2cf97-6896-40d0-bc64-e3dceb8e8ebb} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\winsts (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisdrv (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\ididp (Trojan.Sasfis) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tikobuvev (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\factoidclass (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f5jmwnzthi (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\roua3o12pw (Trojan.FakeAlert) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.11,93.188.161.63 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bc4f9e2f-f48d-404e-81a8-29be7d7343d7}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.11,93.188.161.63 -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Common Files\Factoid\FactoidClass.dll (Trojan.FakeAlert.H) -> No action taken.
C:\fwihed.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\flags.ini (Malware.Trace) -> No action taken.
combofix: ComboFix 10-10-01.06 - chris 10/02/2010 10:53:40.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3191.2244 [GMT -4:00]
Running from: c:\documents and settings\chris\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Movavi
c:\documents and settings\All Users\Application Data\Movavi\iCopy.ini
c:\documents and settings\chris\Application Data\Etofo\riax.exe
c:\windows\system32\11478.exe
c:\windows\system32\11538.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\14771.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17035.exe
c:\windows\system32\17421.exe
c:\windows\system32\18467.exe
c:\windows\system32\1869.exe
c:\windows\system32\18716.exe
c:\windows\system32\19169.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\19912.exe
c:\windows\system32\21726.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\25667.exe
c:\windows\system32\26299.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\41.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\9894.exe
c:\windows\system32\9961.exe
c:\windows\Tasks\rzajtvfd.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IAS
-------\Legacy_WINSTS
((((((((((((((((((((((((( Files Created from 2010-09-02 to 2010-10-02 )))))))))))))))))))))))))))))))
.
2010-10-02 14:18 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 14:18 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 14:10 . 2010-10-02 14:10 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-02 13:19 . 2010-10-02 13:47 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
2010-10-02 13:19 . 2009-10-23 07:00 -------- d-----w- c:\documents and settings\Administrator\IETldCache
2010-10-02 13:19 . 2010-10-02 13:47 -------- d-s---w- c:\documents and settings\Administrator
2010-10-01 00:46 . 2010-10-01 00:46 -------- d-----w- c:\program files\iPod
2010-10-01 00:42 . 2010-10-01 00:42 -------- d-----w- c:\program files\QuickTime
2010-10-01 00:40 . 2010-10-01 00:40 -------- d-----w- c:\program files\Bonjour
2010-10-01 00:38 . 2010-10-01 00:38 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-10-01 00:33 . 2010-10-01 00:33 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.18.5\SetupAdmin.exe
2010-09-04 19:42 . 2010-09-04 19:42 -------- d-----w- c:\program files\Trihedral
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 17:39 . 2009-12-15 00:04 -------- d-----w- c:\documents and settings\chris\Application Data\Skype
2010-10-02 15:00 . 2009-09-24 01:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-10-02 14:46 . 2010-01-09 20:41 -------- d-----w- c:\program files\Spyware Doctor
2010-10-02 14:36 . 2009-10-21 23:46 -------- d-----w- c:\program files\NCH Software
2010-10-02 14:32 . 2009-10-29 22:23 -------- d-----w- c:\program files\Common Files\Factoid
2010-10-02 14:21 . 2009-09-23 01:37 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-10-02 14:18 . 2010-01-09 20:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 13:47 . 2009-09-24 01:06 -------- d-----w- c:\documents and settings\chris\Application Data\uTorrent
2010-10-02 13:36 . 2009-09-24 01:01 -------- d-----w- c:\documents and settings\chris\Application Data\skypePM
2010-10-01 00:47 . 2010-06-22 00:58 -------- d-----w- c:\program files\iTunes
2010-10-01 00:46 . 2009-09-23 01:38 -------- d-----w- c:\program files\Common Files\Apple
2010-10-01 00:36 . 2009-09-23 01:37 -------- d-----w- c:\program files\Safari
2010-10-01 00:14 . 2009-12-05 14:43 -------- d-----w- c:\program files\Paint Shop Pro 5
2010-09-25 17:40 . 2009-09-24 01:07 -------- d-----w- c:\program files\uTorrent
2010-09-11 19:41 . 2010-04-09 20:59 -------- d-----w- c:\documents and settings\chris\Application Data\GRLevel3
2010-08-31 16:11 . 2010-08-31 16:11 3401880 ----a-w- c:\documents and settings\chris\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 15:55 . 2010-08-31 15:55 275096 ----a-w- c:\documents and settings\chris\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-08-31 15:39 . 2010-08-31 15:39 3734536 ----a-w- c:\documents and settings\chris\Application Data\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll
2010-08-31 00:02 . 2010-06-02 17:30 -------- d-----w- c:\documents and settings\chris\Application Data\Ohekg
2010-08-23 04:00 . 2010-03-23 10:23 -------- d-----w- c:\documents and settings\chris\Application Data\Etofo
2010-08-21 20:21 . 2010-08-21 20:21 -------- d-----w- c:\program files\Common Files\Java
2010-08-21 20:21 . 2010-04-06 22:50 -------- d-----w- c:\program files\Java
2010-08-09 01:26 . 2010-08-09 01:26 503808 ----a-w- c:\documents and settings\chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3e0c89ce-n\msvcp71.dll
2010-08-09 01:26 . 2010-08-09 01:26 499712 ----a-w- c:\documents and settings\chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3e0c89ce-n\jmc.dll
2010-08-09 01:26 . 2010-08-09 01:26 61440 ----a-w- c:\documents and settings\chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5257f033-n\decora-sse.dll
2010-08-09 01:26 . 2010-08-09 01:26 12800 ----a-w- c:\documents and settings\chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5257f033-n\decora-d3d.dll
2010-08-09 01:26 . 2010-08-09 01:26 348160 ----a-w- c:\documents and settings\chris\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3e0c89ce-n\msvcr71.dll
2010-07-27 22:44 . 2010-07-27 22:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 22:44 . 2010-07-27 22:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-17 09:00 . 2010-08-21 20:21 423656 ----a-w- c:\windows\system32\deployJava1.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"Google Update"="c:\documents and settings\chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-14 136176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-10 2048352]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"FinePrint Dispatcher v5"="c:\windows\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2008-04-18 520192]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2007-01-29 507904]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 1468296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
c:\documents and settings\chris\Start Menu\Programs\Startup\
Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2009-2-14 337264]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-11-14 98304]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-1-14 525664]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-23 01:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\N:\0autocheck autochk *
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgtray.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Documents and Settings\\chris\\Desktop\\f0recast-1.0.2.exe"=
"c:\\Program Files\\Safari\\Safari.exe"=
"c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19164:TCP"= 19164:TCP:utorrent
"62293:TCP"= 62293:TCP:u torrent
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/9/2010 4:41 PM 207792]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/22/2009 9:18 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/22/2009 9:18 PM 108552]
R2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [1/8/2010 5:51 PM 467968]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/22/2009 9:18 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/22/2009 9:18 PM 297752]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1/9/2010 4:47 PM 112592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/9/2010 6:20 PM 135664]
S2 Iprip;Network Security;c:\windows\System32\svchost.exe -k netsvcs [8/29/2002 8:00 AM 14336]
S3 ndisdrv;ndisdrv;\??\c:\windows\system32\ndisdrv.sys --> c:\windows\system32\ndisdrv.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [9/22/2009 9:38 PM 17408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/9/2010 4:41 PM 359624]
S3 USA19W;USA19W;c:\windows\system32\drivers\usa19w2k.sys [11/26/2009 8:31 PM 292920]
S3 USA19w2KP;Keyspan High Speed USB Serial Adapter Port Driver;c:\windows\system32\drivers\usa19w2kp.sys [11/26/2009 8:31 PM 40848]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/14/2010 5:47 PM 11520]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 17:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 22:20]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 22:20]
2010-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-220523388-725345543-1003Core.job
- c:\documents and settings\chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-18 23:44]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-220523388-725345543-1003UA.job
- c:\documents and settings\chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-18 23:44]
2010-10-02 c:\windows\Tasks\zuluSevenDays.job
- c:\program files\NCH Software\Zulu\zulu.exe [2010-10-02 14:36]
2010-10-02 c:\windows\Tasks\zuluShakeIcon.job
- c:\program files\NCH Software\Zulu\zulu.exe [2010-10-02 14:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {A753E183-622F-42B1-A57F-F351B88E97D9} = 192.168.0.1,192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {6CA42F3D-70D6-11D3-A44D-00104B9D101F} - hxxp://207.98.148.167/vtsx/distribution/vtsx.cab
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
HKCU-Run-{0A3E2721-9C26-C637-EAF1-F82B7628B51B} - c:\documents and settings\chris\Application Data\Etofo\riax.exe
SharedTaskScheduler-{54807c78-3204-45dc-805d-93c0e6c25db0} - c:\windows\system32\kotefupu.dll
SSODL-jahuzajuv-{54807c78-3204-45dc-805d-93c0e6c25db0} - c:\windows\system32\kotefupu.dll
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-02 13:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2052)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Microsoft Shared\OFFICE12\MSOXEV.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\ESRI\License\arcgis9x\ARCGIS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\windows\system32\rundll32.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-10-02 13:43:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-02 17:43
Pre-Run: 863,846,195,200 bytes free
Post-Run: 866,032,623,616 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - E42E337CB5F1A5B3838536093185FF21
malewarebytes log :Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10/10/2010 11:24:19 AM
mbam-log-2010-10-10 (11-24-19).txt
Scan type: Quick scan
Objects scanned: 143979
Time elapsed: 9 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 7
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{14c2cf97-6896-40d0-bc64-e3dceb8e8ebb} (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\winsts (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisdrv (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\ididp (Trojan.Sasfis) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tikobuvev (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\factoidclass (Trojan.FakeAlert.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f5jmwnzthi (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Spyware.Passwords) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\roua3o12pw (Trojan.FakeAlert) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.11,93.188.161.63 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bc4f9e2f-f48d-404e-81a8-29be7d7343d7}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.11,93.188.161.63 -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Common Files\Factoid\FactoidClass.dll (Trojan.FakeAlert.H) -> No action taken.
C:\fwihed.exe (Trojan.Dropper) -> No action taken.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\flags.ini (Malware.Trace) -> No action taken.