Josella

Members
  • Content Count

    19
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Josella

  • Rank
    Member
  1. Thanks! I'll give that a try.
  2. I have the current personal paid version of Ad Aware and I'm using the antivirus and antispyware, real-time protection, and safe browsing functions. I've just paid for another years' protection but I'm finding this program so intrusive and I wanted to know if there's anything I can do to remedy this before I stop using it. When it's not crashing Firefox, it's slowing it down to the point where I have to restart my browser and sometimes even have to reboot the computer. It's slowing my system down to the point where my media player won't play songs smoothly and they play back distorted. Does anyone have any suggestions about how I can have Ad Aware running in the background without taking over? Thanks.
  3. Oh thanks, Cecilia. Sorry I didn't notice the other two posts before I posted this!
  4. I only just noticed this now. I don't really know how this works - what causes a site to be flagged. Would Amazon be aware of this and fixing whatever their problems are? I'm just wondering if it's a temporary thing. Thanks!
  5. Well, I think I'm finally done! I don't know how to thank you enough - your advice has saved me a lot of problems and expense (ie. my driver's license has been suspended for six months, so cabbing to a computer shop and paying their exorbitant rates for one thing). I doubt there's anything I can do that's as valuable in return, but if I can make a PayPal donation to you guys or to a charity on your behalf, please let me know! My sincerest and infinite thanks!
  6. The only hitch I came across was that AVG decided to get involved and put combofix.exe in its virus vault. I've got aswMBR and eset left on my desktop. I haven't downloaded PSI or read the article yet but I'll do that now, plus change my passwords. Once I've done everything, will I be safe in reinstalling iTunes again, do you think? Should I only install the last safe version I used?
  7. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by Jo at 21:31:31 on 2012-04-03 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.815 [GMT 9.5:30] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\AVG\AVG2012\avgtray.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s mURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RTHDCPL] RTHDCPL.EXE mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\jo\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1304045755000 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 10.0.0.138 TCP: Interfaces\{4AE6290E-17AA-4C9C-B1E2-074B395CC862} : DhcpNameServer = 10.0.0.138 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\jo\application data\mozilla\firefox\profiles\3x2qekxj.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B762c0e54-1007-4768-9ecd-6bd4d6b53c2b%7D&mid=27ffda48b67547d19ae7d16d5be6ff3c-fecf83749fe46c1bb6ddde68bedee21206fafc64&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-18%2009%3A16%3A30&sap=ku&q= FF - plugin: c:\documents and settings\jo\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-18 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-30 116608] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-13 918880] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-29 135664] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-17 1025352] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-7-31 30192] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-29 135664] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336] . =============== Created Last 30 ================ . 2012-04-02 01:21:42 -------- d-----w- C:\TDSSKiller_Quarantine 2012-04-01 15:56:59 -------- d-sha-r- C:\cmdcons 2012-04-01 15:55:22 98816 ----a-w- c:\windows\sed.exe 2012-04-01 15:55:22 518144 ----a-w- c:\windows\SWREG.exe 2012-04-01 15:55:22 256000 ----a-w- c:\windows\PEV.exe 2012-04-01 15:55:22 208896 ----a-w- c:\windows\MBR.exe 2012-04-01 01:02:41 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP 2012-04-01 00:37:27 -------- d-----w- C:\sh4ldr 2012-04-01 00:36:16 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2012-03-31 23:54:14 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-03-30 23:36:52 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-03-30 23:36:52 -------- d-----w- c:\windows\system32\wbem\Repository 2012-03-30 23:36:30 -------- d-----w- c:\program files\Bonjour 2012-03-29 14:29:54 -------- d-----w- c:\program files\ESET 2012-03-29 05:32:43 -------- d-----w- c:\program files\iPod(2) 2012-03-29 05:32:35 -------- d-----w- c:\program files\iTunes(2) 2012-03-29 05:28:33 -------- d-----w- c:\program files\Bonjour(2) 2012-03-19 22:45:08 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2012-03-19 22:45:08 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll . ==================== Find3M ==================== . 2012-02-22 07:52:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 21:32:06.01 ===============
  8. Sorry - I misread. aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Run date: 2012-04-02 10:54:11 ----------------------------- 10:54:11.796 OS Version: Windows 5.1.2600 Service Pack 3 10:54:11.796 Number of processors: 2 586 0x6B02 10:54:11.796 ComputerName: JO-F4F74264946F UserName: Jo 10:54:13.750 Initialize success 11:00:09.953 AVAST engine defs: 12040101 11:00:23.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060 11:00:23.984 Disk 0 Vendor: WDC_WD1600AAJS-00B4A0 01.03A01 Size: 152626MB BusType: 3 11:00:24.000 Disk 0 MBR read successfully 11:00:24.000 Disk 0 MBR scan 11:00:24.031 Disk 0 Windows XP default MBR code 11:00:24.031 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152617 MB offset 63 11:00:24.031 Disk 0 scanning sectors +312560640 11:00:24.062 Disk 0 malicious Win32:MBRoot code @ sector 312560643 ! 11:00:24.109 Disk 0 scanning C:\WINDOWS\system32\drivers 11:00:34.187 Service scanning 11:00:50.468 Modules scanning 11:00:56.640 Disk 0 trace - called modules: 11:00:56.671 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys 11:00:56.671 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89bb2ab8] 11:00:56.671 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\00000061[0x89b1d938] 11:00:56.671 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\00000060[0x89c0d030] 11:00:57.312 AVAST engine scan C:\WINDOWS 11:01:03.578 AVAST engine scan C:\WINDOWS\system32 11:03:46.484 AVAST engine scan C:\WINDOWS\system32\drivers 11:04:00.171 AVAST engine scan C:\Documents and Settings\Jo 13:53:31.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Jo\Desktop\MBR.dat" 13:53:31.000 The log file has been saved successfully to "C:\Documents and Settings\Jo\Desktop\aswMBR.txt"
  9. [email protected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=c68ed43480eea64896a079ae82f8f077 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-03-29 04:02:09 # local_time=2012-03-30 02:32:09 (+0930, Cen. Australia Daylight Time) # country="Australia" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1024 16777175 100 0 14142222 14142222 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=268461 # found=9 # cleaned=9 # scan_time=5177 C:\Documents and Settings\Jo\Application Data\AVG\Rescue\PC Tuneup 2011\110521083816859.rsc a variant of Java/TrojanDownloader.OpenStream.NCE trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Jo\Application Data\Sun\Java\Deployment\cache\6.0\19\5d728553-39f65059 a variant of Java/Exploit.CVE-2012-0507.B trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Jo\Application Data\Sun\Java\Deployment\cache\6.0\34\5388b2e2-6d111549 Java/TrojanDownloader.OpenStream.NCO trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Jo\Application Data\Sun\Java\Deployment\cache\6.0\44\b1d25ec-1a2bb5ea Java/Exploit.CVE-2011-3544.H trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Jo\Application Data\Sun\Java\Deployment\cache\6.0\54\bdfe76-57048c62 Java/TrojanDownloader.OpenStream.NCO trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Jo\Local Settings\Application Data\Mozilla\Firefox\Profiles\djxxbnzx.default\Cache(2)\A\59\AC85Ed01 HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Jo\Local Settings\Temp\ICReinstall\cnet_ClocXfull_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Jo\Local Settings\Temp\ICReinstall\cnet_desktop-icalendar-lite_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\RECYCLER\S-1-5-21-1708537768-1202660629-725345543-1004\Dc764.exe Win32/SoftonicDownloader.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C [email protected] as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=6d53190d19ee314498a54e0ea2d032f3 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-04-02 06:01:15 # local_time=2012-04-03 03:31:15 (+0930, Cen. Australia Standard Time) # country="Australia" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1024 16777175 100 0 14495286 14495286 0 0 # compatibility_mode=8192 67108863 100 0 351624 351624 0 0 # scanned=266884 # found=2 # cleaned=0 # scan_time=4859 C:\System Volume Information\_restore{08CA7C6B-1678-41A5-9C39-202952386E01}\RP355\A0064846.exe Win32/SoftonicDownloader.C application (unable to clean) 00000000000000000000000000000000 I C:\System Volume Information\_restore{08CA7C6B-1678-41A5-9C39-202952386E01}\RP359\A0069356.exe Win32/SoftonicDownloader.C application (unable to clean) 00000000000000000000000000000000 I
  10. Apologies if my replies seem sporadic - I'm in Australia and stayed up till 4am with this but had to go out early this morning. The Avast scan seemed to be taking awhile so I let that run while I was out and I'm not sure it finished properly but the good news is, no popups this time. I appreciate it might not be the end of it, but still - you're purely a genius and my gratitude is boundless! I've left Avast open because I wasn't sure I'd done the right thing, clicked 'Save Log' to the Desktop but when I click it, it says it's a .dat file. Should I start over? Here are the logs for Combofix and TDSS Killer: ComboFix 12-04-01.01 - Jo 02/04/2012 10:34:55.3.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1193 [GMT 9.5:30] Running from: c:\documents and settings\Jo\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Jo\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\enigma software group c:\program files\enigma software group\SpyHunter\Data\dns.dat c:\program files\enigma software group\SpyHunter\Defs\2012033001.def c:\program files\enigma software group\SpyHunter\gil.dat c:\program files\enigma software group\SpyHunter\Log\SpyHunter4_20120401_100952.log c:\program files\enigma software group\SpyHunter\safeol.dat c:\program files\enigma software group\SpyHunter\scanlog.log c:\program files\enigma software group\SpyHunter\supportlog.txt c:\program files\enigma software group\SpyHunter\unkcache.dat . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_ESGIGUARD -------\Service_esgiguard -------\Service_xcpip -------\Service_xpsec . . ((((((((((((((((((((((((( Files Created from 2012-03-02 to 2012-04-02 ))))))))))))))))))))))))))))))) . . 2012-04-01 01:02 . 2012-04-01 17:51 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP 2012-04-01 00:37 . 2012-04-01 17:51 -------- d-----w- C:\sh4ldr 2012-04-01 00:36 . 2012-04-01 00:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-03-31 23:54 . 2012-03-31 23:54 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-03-30 23:36 . 2012-03-30 23:36 -------- d-----w- c:\windows\system32\wbem\Repository 2012-03-30 23:36 . 2012-03-30 23:36 -------- d-----w- c:\program files\Bonjour 2012-03-29 14:29 . 2012-03-29 14:29 -------- d-----w- c:\program files\ESET 2012-03-29 05:32 . 2012-03-30 23:36 -------- d-----w- c:\program files\iPod(2) 2012-03-29 05:32 . 2012-03-30 23:36 -------- d-----w- c:\program files\iTunes(2) 2012-03-28 17:08 . 2012-03-28 17:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2012-03-19 22:45 . 2012-03-19 22:45 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-03-19 22:45 . 2012-03-19 22:45 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-22 07:52 . 2011-06-20 15:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-03 09:22 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 19:06 . 2012-02-14 20:18 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2011-04-28 08:46 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-19 22:45 . 2012-02-05 23:35 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-07-31 08:34 . 2011-07-31 08:34 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((( [email protected]_16.03.55 ))))))))))))))))))))))))))))))))))))))))) . + 2012-04-02 01:14 . 2012-04-02 01:14 16384 c:\windows\Temp\Perflib_Perfdata_9d8.dat - 2012-04-01 01:02 . 2012-04-01 08:39 27499 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCall.dll + 2012-04-01 01:02 . 2012-04-01 17:51 27499 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCall.dll + 2012-04-01 01:02 . 2012-04-01 17:51 180482 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla21.exe - 2012-04-01 01:02 . 2012-04-01 08:39 175992 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla20.dll + 2012-04-01 01:02 . 2012-04-01 17:51 175992 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla20.dll + 2012-04-01 01:02 . 2012-04-01 17:51 176035 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla2.dll - 2012-04-01 01:02 . 2012-04-01 08:39 176035 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla2.dll - 2012-04-01 01:02 . 2012-04-01 08:39 176035 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla19.dll + 2012-04-01 01:02 . 2012-04-01 17:51 176035 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla19.dll + 2012-04-01 01:03 . 2012-04-01 17:51 179526 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla18.dll - 2012-04-01 01:03 . 2012-04-01 08:39 179526 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla18.dll - 2012-04-01 01:02 . 2012-04-01 08:39 176545 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla17.dll + 2012-04-01 01:02 . 2012-04-01 17:51 176545 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla17.dll - 2012-04-01 01:02 . 2012-04-01 08:39 179526 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla.dll + 2012-04-01 01:02 . 2012-04-01 17:51 179526 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-03-13 06:55 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-29 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "nwiz"="nwiz.exe" [2006-10-31 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-28 88363] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-07-31 30192] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Jo\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2001-9-6 110592] . [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] Source= c:\documents and settings\Jo\My Documents\My Web Sites\Songs\Artists\0.htm FriendlyName= . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 4:27 PM 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/09/2010 3:48 AM 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/09/2010 3:48 AM 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/09/2010 3:49 AM 295248] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [18/02/2010 3:55 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/05/2010 4:11 AM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [30/06/2010 3:18 AM 116608] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 5:25 AM 4433248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 5:09 AM 192776] R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [13/03/2012 4:25 PM 918880] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 9:42 PM 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 9:42 PM 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 9:42 PM 16720] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/04/2011 9:51 AM 135664] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [17/05/2011 6:48 PM 1025352] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [31/07/2011 6:04 PM 30192] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/04/2011 9:51 AM 135664] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14/04/2008 9:30 PM 14336] . --- Other Services/Drivers In Memory --- . *Deregistered* - xcpip *Deregistered* - xpsec . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder . 2012-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 08:27] . 2012-04-02 c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job - c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2011-05-20 07:56] . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 00:21] . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 00:21] . 2012-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1202660629-725345543-1004Core.job - c:\documents and settings\Jo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-17 00:21] . 2012-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1202660629-725345543-1004UA.job - c:\documents and settings\Jo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-17 00:21] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s TCP: DhcpNameServer = 10.0.0.138 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll FF - ProfilePath - c:\documents and settings\Jo\Application Data\Mozilla\Firefox\Profiles\3x2qekxj.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B762c0e54-1007-4768-9ecd-6bd4d6b53c2b%7D&mid=27ffda48b67547d19ae7d16d5be6ff3c-fecf83749fe46c1bb6ddde68bedee21206fafc64&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-18%2009%3A16%3A30&sap=ku&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-02 10:47 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(924) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(3824) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\AVG\AVG2012\avgemcx.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\windows\AGRSMMSG.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin . ************************************************************************** . Completion time: 2012-04-02 10:50:33 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-02 01:20 ComboFix2.txt 2012-04-01 18:19 ComboFix3.txt 2012-04-01 16:07 . Pre-Run: 103,395,979,264 bytes free Post-Run: 103,335,657,472 bytes free . - - End Of File - - 704115923EB2729CE5AA14C38F91D4FF ======================================================================================================== 14:05:13.0453 3912 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18 14:05:14.0468 3912 ============================================================ 14:05:14.0468 3912 Current date / time: 2012/04/02 14:05:14.0468 14:05:14.0468 3912 SystemInfo: 14:05:14.0468 3912 14:05:14.0468 3912 OS Version: 5.1.2600 ServicePack: 3.0 14:05:14.0468 3912 Product type: Workstation 14:05:14.0468 3912 ComputerName: JO-F4F74264946F 14:05:14.0484 3912 UserName: Jo 14:05:14.0484 3912 Windows directory: C:\WINDOWS 14:05:14.0484 3912 System windows directory: C:\WINDOWS 14:05:14.0484 3912 Processor architecture: Intel x86 14:05:14.0484 3912 Number of processors: 2 14:05:14.0484 3912 Page size: 0x1000 14:05:14.0484 3912 Boot type: Normal boot 14:05:14.0484 3912 ============================================================ 14:05:17.0625 3912 Drive \Device\Harddisk0\DR0 - Size: 0x25432CDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 14:05:17.0687 3912 Drive \Device\Harddisk5\DR6 - Size: 0x3DC00000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 14:05:17.0687 3912 \Device\Harddisk0\DR0: 14:05:17.0687 3912 MBR used 14:05:17.0687 3912 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1 14:05:17.0687 3912 \Device\Harddisk5\DR6: 14:05:17.0687 3912 MBR used 14:05:17.0687 3912 \Device\Harddisk5\DR6\Partition0: MBR, Type 0x6, StartLBA 0xF0, BlocksNum 0x1EDF10 14:05:17.0718 3912 Initialize success 14:05:17.0718 3912 ============================================================ 14:05:24.0140 1796 Deinitialize success ========================================================================================================
  11. Sorry - forgot to say that I removed SpyHunter first!
  12. Unfortunately everything's the same, only I had to reboot three times to get back in. Here's the log, and then the DDS: ComboFix 12-04-01.01 - Jo 02/04/2012 3:24.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1127 [GMT 9.5:30] Running from: c:\documents and settings\Jo\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Jo\Desktop\CFScript.txt AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 ))))))))))))))))))))))))))))))) . . 2012-04-01 01:02 . 2012-04-01 17:51 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP 2012-04-01 00:37 . 2012-04-01 17:51 -------- d-----w- C:\sh4ldr 2012-04-01 00:37 . 2012-04-01 00:37 -------- d-----w- c:\program files\Enigma Software Group 2012-04-01 00:36 . 2012-04-01 00:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-03-31 23:54 . 2012-03-31 23:54 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-03-30 23:36 . 2012-03-30 23:36 -------- d-----w- c:\windows\system32\wbem\Repository 2012-03-30 23:36 . 2012-03-30 23:36 -------- d-----w- c:\program files\Bonjour 2012-03-29 14:29 . 2012-03-29 14:29 -------- d-----w- c:\program files\ESET 2012-03-29 05:32 . 2012-03-30 23:36 -------- d-----w- c:\program files\iPod(2) 2012-03-29 05:32 . 2012-03-30 23:36 -------- d-----w- c:\program files\iTunes(2) 2012-03-28 17:08 . 2012-03-28 17:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2012-03-19 22:45 . 2012-03-19 22:45 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-03-19 22:45 . 2012-03-19 22:45 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-22 07:52 . 2011-06-20 15:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-03 09:22 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 19:06 . 2012-02-14 20:18 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2011-04-28 08:46 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-19 22:45 . 2012-02-05 23:35 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-07-31 08:34 . 2011-07-31 08:34 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . Cryptography Services Error !! . ((((((((((((((((((((((((((((( [email protected]_16.03.55 ))))))))))))))))))))))))))))))))))))))))) . - 2012-04-01 01:02 . 2012-04-01 08:39 27499 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCall.dll + 2012-04-01 01:02 . 2012-04-01 17:51 27499 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCall.dll + 2012-04-01 01:02 . 2012-04-01 17:51 180482 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla21.exe - 2012-04-01 01:02 . 2012-04-01 08:39 175992 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla20.dll + 2012-04-01 01:02 . 2012-04-01 17:51 175992 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla20.dll + 2012-04-01 01:02 . 2012-04-01 17:51 176035 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla2.dll - 2012-04-01 01:02 . 2012-04-01 08:39 176035 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla2.dll + 2012-04-01 01:02 . 2012-04-01 17:51 176035 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla19.dll - 2012-04-01 01:02 . 2012-04-01 08:39 176035 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla19.dll - 2012-04-01 01:03 . 2012-04-01 08:39 179526 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla18.dll + 2012-04-01 01:03 . 2012-04-01 17:51 179526 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla18.dll - 2012-04-01 01:02 . 2012-04-01 08:39 176545 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla17.dll + 2012-04-01 01:02 . 2012-04-01 17:51 176545 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla17.dll - 2012-04-01 01:02 . 2012-04-01 08:39 179526 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla.dll + 2012-04-01 01:02 . 2012-04-01 17:51 179526 c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-03-13 06:55 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-29 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "nwiz"="nwiz.exe" [2006-10-31 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-28 88363] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-07-31 30192] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Jo\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2001-9-6 110592] . [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] Source= c:\documents and settings\Jo\My Documents\My Web Sites\Songs\Artists\0.htm FriendlyName= . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-18 116608] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-11 4433248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2011-08-01 192776] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 135664] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-08-31 1025352] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-10 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-10 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-10-03 16720] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2011-07-31 30192] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 135664] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-10 23120] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-09-12 32592] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2011-10-06 230608] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-07-10 295248] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-08-05 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-08-05 67664] . . --- Other Services/Drivers In Memory --- . *Deregistered* - xcpip . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder . 2012-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 08:27] . 2012-04-01 c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job - c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2011-05-20 07:56] . 2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 00:21] . 2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 00:21] . 2012-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1202660629-725345543-1004Core.job - c:\documents and settings\Jo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-17 00:21] . 2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1202660629-725345543-1004UA.job - c:\documents and settings\Jo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-17 00:21] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s TCP: DhcpNameServer = 10.0.0.138 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll FF - ProfilePath - c:\documents and settings\Jo\Application Data\Mozilla\Firefox\Profiles\3x2qekxj.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B762c0e54-1007-4768-9ecd-6bd4d6b53c2b%7D&mid=27ffda48b67547d19ae7d16d5be6ff3c-fecf83749fe46c1bb6ddde68bedee21206fafc64&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-18%2009%3A16%3A30&sap=ku&q= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-02 03:49 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(916) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(3872) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\windows\AGRSMMSG.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe . ************************************************************************** . Completion time: 2012-04-02 03:49:45 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-01 18:19 ComboFix2.txt 2012-04-01 16:07 . Pre-Run: 103,405,264,896 bytes free Post-Run: 103,396,225,024 bytes free . - - End Of File - - 0CB2F43BF8116FEB29F7CFB5975E3544 ========================================================================================== . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by Jo at 3:55:31 on 2012-04-02 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1088 [GMT 9.5:30] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\AVG\AVG2012\avgtray.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\WINDOWS\explorer.exe svchost.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\WINDOWS\system32\imapi.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s mURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RTHDCPL] RTHDCPL.EXE mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [AGRSMMSG] AGRSMMSG.exe mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\jo\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1304045755000 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 10.0.0.138 TCP: Interfaces\{4AE6290E-17AA-4C9C-B1E2-074B395CC862} : DhcpNameServer = 10.0.0.138 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\jo\application data\mozilla\firefox\profiles\3x2qekxj.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B762c0e54-1007-4768-9ecd-6bd4d6b53c2b%7D&mid=27ffda48b67547d19ae7d16d5be6ff3c-fecf83749fe46c1bb6ddde68bedee21206fafc64&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-18%2009%3A16%3A30&sap=ku&q= FF - plugin: c:\documents and settings\jo\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-18 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-30 116608] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-13 918880] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720] R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-29 135664] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-17 1025352] S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2011-7-31 30192] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-29 135664] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336] UnknownUnknown vkquwexg;vkquwexg; [x] . =============== Created Last 30 ================ . 2012-04-01 17:53:48 -------- d-----w- C:\ComboFix 2012-04-01 15:56:59 -------- d-sha-r- C:\cmdcons 2012-04-01 15:55:22 98816 ----a-w- c:\windows\sed.exe 2012-04-01 15:55:22 518144 ----a-w- c:\windows\SWREG.exe 2012-04-01 15:55:22 256000 ----a-w- c:\windows\PEV.exe 2012-04-01 15:55:22 208896 ----a-w- c:\windows\MBR.exe 2012-04-01 01:02:41 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP 2012-04-01 00:37:27 -------- d-----w- C:\sh4ldr 2012-04-01 00:37:26 -------- d-----w- c:\program files\Enigma Software Group 2012-04-01 00:36:16 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2012-03-31 23:54:14 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-03-30 23:36:52 -------- d-----w- c:\windows\system32\wbem\repository\FS 2012-03-30 23:36:52 -------- d-----w- c:\windows\system32\wbem\Repository 2012-03-30 23:36:30 -------- d-----w- c:\program files\Bonjour 2012-03-29 14:29:54 -------- d-----w- c:\program files\ESET 2012-03-29 05:32:43 -------- d-----w- c:\program files\iPod(2) 2012-03-29 05:32:35 -------- d-----w- c:\program files\iTunes(2) 2012-03-29 05:28:33 -------- d-----w- c:\program files\Bonjour(2) 2012-03-19 22:45:08 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2012-03-19 22:45:08 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll . ==================== Find3M ==================== . 2012-02-22 07:52:01 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-03 09:22:18 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 19:06:47 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20:25 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ============= FINISH: 3:55:45.60 ===============
  13. ComboFix 12-04-01.01 - Jo 02/04/2012 1:28.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1791.1054 [GMT 9.5:30] Running from: c:\documents and settings\Jo\Desktop\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\0B4227B4.TMP c:\documents and settings\Jo\WINDOWS c:\program files\StartSearch plugin c:\program files\StartSearch plugin\StartBar.dll c:\program files\StartSearch plugin\uninst.exe c:\windows\system32\Cache c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\7197536a378c9a1f.fb c:\windows\system32\Cache\8a87e61fb7aa86b0.fb c:\windows\system32\Cache\9efecd3ef59d4f01.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\e0de16f883bea794.fb . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_xcpip . . ((((((((((((((((((((((((( Files Created from 2012-03-01 to 2012-04-01 ))))))))))))))))))))))))))))))) . . 2012-04-01 01:02 . 2012-04-01 01:03 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP 2012-04-01 00:37 . 2012-04-01 00:37 110080 ----a-r- c:\documents and settings\Jo\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconD7F16134.exe 2012-04-01 00:37 . 2012-04-01 00:37 110080 ----a-r- c:\documents and settings\Jo\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconCF33A0CE.exe 2012-04-01 00:37 . 2012-04-01 00:37 110080 ----a-r- c:\documents and settings\Jo\Application Data\Microsoft\Installer\{4E0C6314-A8B8-4026-AC15-084E8B63AFB5}\IconF7A21AF7.exe 2012-04-01 00:37 . 2012-04-01 00:39 -------- d-----w- C:\sh4ldr 2012-04-01 00:37 . 2012-04-01 00:37 -------- d-----w- c:\program files\Enigma Software Group 2012-04-01 00:36 . 2012-04-01 00:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-03-31 23:54 . 2012-03-31 23:54 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-03-30 23:36 . 2012-03-30 23:36 -------- d-----w- c:\windows\system32\wbem\Repository 2012-03-30 23:36 . 2012-03-30 23:36 -------- d-----w- c:\program files\Bonjour 2012-03-29 14:29 . 2012-03-29 14:29 -------- d-----w- c:\program files\ESET 2012-03-29 05:32 . 2012-03-30 23:36 -------- d-----w- c:\program files\iPod(2) 2012-03-29 05:32 . 2012-03-30 23:36 -------- d-----w- c:\program files\iTunes(2) 2012-03-28 17:08 . 2012-03-28 17:08 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2012-03-19 22:45 . 2012-03-19 22:45 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2012-03-19 22:45 . 2012-03-19 22:45 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-22 07:52 . 2011-06-20 15:22 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-03 09:22 . 2008-04-14 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys 2012-01-11 19:06 . 2012-02-14 20:18 3072 ------w- c:\windows\system32\iacenc.dll 2012-01-09 16:20 . 2011-04-28 08:46 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-19 22:45 . 2012-02-05 23:35 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-07-31 08:34 . 2011-07-31 08:34 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-03-13 06:55 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-13 1869152] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-29 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944] "nwiz"="nwiz.exe" [2006-10-31 1622016] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-31 86016] "RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-28 88363] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-07-14 570664] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-07-31 30192] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-13 982880] "ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\Jo\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2001-9-6 110592] . [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1] Source= c:\documents and settings\Jo\My Documents\My Web Sites\Songs\Artists\0.htm FriendlyName= . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management "3389:TCP"= 3389:TCP:Remote Desktop "65533:TCP"= 65533:TCP:Services "52344:TCP"= 52344:TCP:Services . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 4:27 PM 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/09/2010 3:48 AM 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/09/2010 3:48 AM 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/09/2010 3:49 AM 295248] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [18/02/2010 3:55 AM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/05/2010 4:11 AM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [30/06/2010 3:18 AM 116608] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 5:25 AM 4433248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/08/2011 5:09 AM 192776] R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [13/03/2012 4:25 PM 918880] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 9:42 PM 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 9:42 PM 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 9:42 PM 16720] R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/04/2011 9:51 AM 135664] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [17/05/2011 6:48 PM 1025352] S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [6/05/2011 3:57 PM 13904] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [31/07/2011 6:04 PM 30192] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/04/2011 9:51 AM 135664] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [14/04/2008 9:30 PM 14336] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - xcpip . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder . 2012-03-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 08:27] . 2012-04-01 c:\windows\Tasks\AVG PC Tuneup 2011 Integrator Start On Windows Logon.job - c:\program files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe [2011-05-20 07:56] . 2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 00:21] . 2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-04-29 00:21] . 2012-03-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1202660629-725345543-1004Core.job - c:\documents and settings\Jo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-17 00:21] . 2012-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1202660629-725345543-1004UA.job - c:\documents and settings\Jo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-05-17 00:21] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s TCP: DhcpNameServer = 10.0.0.138 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll FF - ProfilePath - c:\documents and settings\Jo\Application Data\Mozilla\Firefox\Profiles\3x2qekxj.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B762c0e54-1007-4768-9ecd-6bd4d6b53c2b%7D&mid=27ffda48b67547d19ae7d16d5be6ff3c-fecf83749fe46c1bb6ddde68bedee21206fafc64&ds=AVG&v=10.2.0.3&lang=en&pr=fr&d=2011-10-18%2009%3A16%3A30&sap=ku&q= . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~1\BEARSH~1\MediaBar\Datamngr\ToolBar\wincorebsdtx.dll Toolbar-10 - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-StartSearch Toolbar - c:\program files\StartSearch plugin\uninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-04-02 01:36 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(916) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(3852) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\progra~1\AVG\AVG2012\avgrsx.exe c:\program files\AVG\AVG2012\avgcsrvx.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\windows\AGRSMMSG.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\AVG\AVG2012\avgnsx.exe c:\program files\AVG\AVG2012\avgemcx.exe . ************************************************************************** . Completion time: 2012-04-02 01:37:47 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-01 16:07 . Pre-Run: 102,051,176,448 bytes free Post-Run: 103,410,524,160 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer . - - End Of File - - B1035E75760E25B67BB30223AF80C39B
  14. No, I still have the popups, and infections coming up in the AVG scan.
  15. Yes, I disabled/turned off the Wincore Mediabar. I think I've done a dorky thing with regards to the MBAM log though - I don't have a log with the infections that I mentioned and the only thing I can think of is that one of my amateur tactics was to try a system restore so maybe that wiped it. I could undo the system restore?