Ute

Greetings Elise, Have updated Adobe reader. After thinking about it, can almost guarantee that somewhere along my browsing I viewed and downloaded several .pdf files recently. Probably where and how I got infected... Here is the mbam log you requested: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.18.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Owner :: KATHY [administrator] 5/18/2012 12:29:56 PM mbam-log-2012-05-18 (12-29-56).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 327488 Time elapsed: 1 hour(s), 1 minute(s), 36 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Thanks again for all your help. Ute

Greetings, I have zipped the attach.txt file as requested. Let me know if there are any problems with accessing it. No problems so far...I think things are OK. Thank you, Ute attach.zip

Greetings, Here is the ComboFix Log: ComboFix 12-05-13.03 - Owner 05/13/2012 12:29:18.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1297 [GMT -7:00] Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((( Files Created from 2012-04-13 to 2012-05-13 ))))))))))))))))))))))))))))))) . . 2012-05-11 16:28 . 2012-05-11 16:56 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-11 16:21 . 2012-05-11 16:21 -------- d-----w- c:\program files\TDSS KILLER 2012-04-25 21:37 . 2012-04-25 21:37 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-04-25 21:37 . 2012-04-25 21:37 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-04-25 21:37 . 2012-04-25 21:37 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2012-04-22 20:25 . 2012-04-22 22:52 -------- d-----w- C:\Downloads 2012-04-22 20:22 . 2012-04-25 03:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Free Download Manager 2012-04-22 20:22 . 2012-04-22 20:22 -------- d-----w- c:\program files\Free Download Manager . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 07:54 . 2012-04-03 17:40 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-05-05 07:54 . 2011-05-19 15:57 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-11 13:14 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:12 . 2008-04-14 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-01 11:01 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10 . 2008-04-14 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec 2012-02-18 15:33 . 2010-05-03 18:16 472808 ----a-w- c:\windows\system32\deployJava1.dll 2012-02-18 15:33 . 2008-09-26 03:29 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-04-25 21:37 . 2012-02-09 01:03 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-04 45056] "Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376] "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "CTHelper"="CTHELPER.EXE" [2004-03-19 24576] "CTDVDDET"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-13 296056] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-10 15494464] "NvMediaCenter"="NvMCTray.dll" [2012-02-10 108352] "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-02-10 1634112] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2005-09-09 08:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-17 05:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\SecondLife\\SLVoice.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\SecondLife\\SecondLife.exe"= "c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"= "c:\\Program Files\\Curse\\CurseClient.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Turbine\\The Lord of the Rings Online\\lotroclient.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Cryptic Studios\\Star Trek Online\\Live\\GameClient.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 "57019:TCP"= 57019:TCP:*:Disabled:Pando Media Booster "57019:UDP"= 57019:UDP:*:Disabled:Pando Media Booster "57488:TCP"= 57488:TCP:Pando Media Booster "57488:UDP"= 57488:UDP:Pando Media Booster . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 295248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2/21/2012 7:35 PM 2348352] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 16720] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/26/2011 8:36 PM 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/3/2012 10:40 AM 257696] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/26/2011 8:36 PM 136176] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 2:37 PM 129976] . Contents of the 'Scheduled Tasks' folder . 2012-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 07:54] . 2012-05-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57] . 2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-27 03:36] . 2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-27 03:36] . 2012-05-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-162531612-1801674531-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-14 23:55] . 2012-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-162531612-1801674531-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-14 23:55] . 2012-05-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-162531612-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 23:14] . 2012-05-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-162531612-1801674531-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 23:14] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk Trusted Zone: aol.com\free TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\i8d6h5d3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-13 12:35 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(864) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(1364) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-05-13 12:37:25 ComboFix-quarantined-files.txt 2012-05-13 19:37 ComboFix2.txt 2012-05-11 22:35 . Pre-Run: 54,154,493,952 bytes free Post-Run: 54,216,708,096 bytes free . - - End Of File - - 5D72BB71091446C310E4F11BEA4B081A Thankyou, Ute

First, let me say "Thank you, Elise," for your response. I know you volunteer to help folks like me with computer malware. Her is the dds.txt: . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31 Run by Owner at 11:53:37 on 2012-05-13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1118 [GMT -7:00] . AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\AVG\AVG2012\avgtray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\RunDLL32.exe svchost.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\program files\real\realplayer\update\realsched.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = iexplore uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mURLSearchHooks: H - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [updReg] c:\windows\UpdReg.EXE mRun: [sBDrvDet] c:\program files\creative\sb drive det\SBDrvDet.exe /r mRun: [Family Tree Builder Update] c:\program files\myheritage\bin\FTBCheckUpdates.exe mRun: [CTSysVol] c:\program files\creative\sbaudigy2\surround mixer\CTSysVol.exe /r mRun: [CTHelper] CTHELPER.EXE mRun: [CTDVDDET] c:\program files\creative\sbaudigy2\dvdaudio\CTDVDDet.EXE mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\owner\start menu\programs\imvu\Run IMVU.lnk IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe Trusted Zone: aol.com\free DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1213492015515 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 TCP: Interfaces\{A640C912-16F6-43B5-A971-47012180ECD8} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\i8d6h5d3.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\owner\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\videolan\vlc2012\vlc\npvlc.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-2-21 2348352] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-26 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 257696] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-26 136176] S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976] . =============== Created Last 30 ================ . 2012-05-12 17:03:49 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes 2012-05-12 17:03:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-12 17:03:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-12 17:03:38 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-05-11 22:56:33 -------- d-----w- c:\program files\ESET 2012-05-11 22:20:53 -------- d-sha-r- C:\cmdcons 2012-05-11 16:28:24 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-11 16:21:11 -------- d-----w- c:\program files\TDSS KILLER 2012-04-25 21:37:22 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-04-25 21:37:17 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe 2012-04-25 21:37:17 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2012-04-22 20:25:52 -------- d-----w- C:\Downloads 2012-04-22 20:22:53 -------- d-----w- c:\documents and settings\owner\application data\Free Download Manager 2012-04-22 20:22:46 -------- d-----w- c:\program files\Free Download Manager . ==================== Find3M ==================== . 2012-05-05 07:54:04 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-05 07:54:04 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec 2012-02-22 02:32:42 292700 ----a-w- c:\windows\system32\nvdrsdb0.bin 2012-02-22 02:32:42 1 ----a-w- c:\windows\system32\nvdrssel.bin 2012-02-22 02:32:31 292700 ----a-w- c:\windows\system32\nvdrsdb1.bin 2012-02-18 15:33:36 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-02-18 15:33:36 472808 ----a-w- c:\windows\system32\deployJava1.dll . ============= FINISH: 11:53:54.92 =============== Regards, Ute

Greetings, After tunning my normal AVG scan this morning it came back with "C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\i8d6h5d3.default\urlclassifier3.sqlite-journal";"Hidden file";"Object is inaccessible." I did a search for this threat and found this link to your site: http://forums.malwarebytes.org/index.php?showtopic=95704 I pretty much followed the list of things to do and when I got to the part about ESET Scan also got the following: C:\Documents and Settings\Owner\My Documents\Downloads\media.player.codec.pack.v4.0.2.setup.exe a variant of Win32/Toolbar.Widgi application deleted - quarantined C:\System Volume Information\_restore{99D6B6C8-B032-4CAB-A1B3-6A052314E79C}\RP950\A0221272.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined Now I'm completely spooked and not sure if my computer is clean or not. I have a router and use the free AVG as my anti-virus protection. I'd appreciate any help or suggestions you may have. I also can post logs of scan results if you need those as well. Thanks in advance for any assistance you are ableto provide! Regards, Ute