lostman14

Allright, Chris. I'm all over this stuff. Thank you so much again!

Antivir installed, updated, scan run, clean. Everything is looking very nice.

OK, annoying UAC is back on. I'll get used to it if you think it's worth it. Updates went great. IE8 seems very quick. Everything seems quick. Don you have a recommendation for a replacement for AVG? I'm a little disappointed that all the issues with both machines occurred since I changed over to AVG. I had the mcafee subscription through Comcast. They switched to Norton and that is when I went to AVG. Now I'm wondering if the Norton product may be better. Any recommendations? Thanks for everything so far.

All done'. Things are looking much better.

The f-secure online scanner took a very long time to finish but did. It initially found 3 things and started cleaning. It got hung up and after about 14 hours or so I restarted the scan. It finished in a pretty short time, found 1 thing and cleaned it. Here is the log followed by your security check report: Scanning Report Wednesday, July 21, 2010 09:00:26 - 10:54:08 Computer name: PAT-PC Scanning type: Scan system for malware, spyware and rootkits Target: C:\ D:\ -------------------------------------------------------------------------------- 1 malware found Rootkit.Patched.TDSS.Gen (virus) C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-DYNAMICVOLUMEMANAGER_31BF3856AD364E35_6.0.6002.18005_NONE_DEEE3B0E834AA238\VOLMGRX.SYS (Disinfected & Submitted) -------------------------------------------------------------------------------- Statistics Scanned: Files: 77832 System: 3604 Not scanned: 19 Actions: Disinfected: 1 Renamed: 0 Deleted: 0 Not cleaned: 0 Submitted: 1 Files not scanned: C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB C:\USERS\PAT\APPDATA\LOCAL\TEMP\HSPERFDATA_PAT\3904 C:\USERS\PAT\APPDATA\LOCAL\TEMP\HSPERFDATA_PAT\2920 C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1A5E48635EB7ECDB3DA2FFF5465C347C_F31B7547-F92F-429E-9B55-F17192F11FD8 C:\BOOT\BCD -------------------------------------------------------------------------------- Options Scanning engines: Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use advanced heuristics -------------------------------------------------------------------------------- Copyright

Hi to you too. So glad for your help. This one may be a bit nasty. Here's combofix and new DDS: ComboFix 10-07-19.02 - Pat 07/20/2010 0:27.1.2 - x86 Microsoft

Thanks, Chris! It's working beautifully and I really appreciate the help. You're the best! Now it's on to fixing the notebook.

Now the notebook I use as a spare has a fake anti-virus program going on- rogue antivirus suite. I saw it come up and shut down immediately. It got in though. AVG did nothing. Ran MBAM in safe mode and it found 18 registry keys infected. Ran again after reboot and it found only one and cleaned that too. Still, getting internet freezes and redirects. Tried an online scanner that found about 3 things and cleaned them. Would not run again. Decided to seek counsel. Started at the beginning. Here are the MBAM log, DDS, and attachments. Thank you for your assistance once again! Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4327 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 7.0.6002.18005 7/19/2010 5:09:50 PM mbam-log-2010-07-19 (17-09-50).txt Scan type: Quick scan Objects scanned: 127845 Time elapsed: 6 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-03-17.01) - NTFSx86 Run by Pat at 17:50:28.59 on Mon 07/19/2010 Internet Explorer: 7.0.6002.18005 Microsoft Attach.zip ark.zip

Everything seems pretty normal but I have been avoiding using the desktop so I don't change anything. Been using my old notebook instead. It sure seems to be a lot better. Please let me know what's next, if anything and any advice you have. Thanks for all the efforts so far. Here are the reports: Scanning Report Friday, July 16, 2010 16:40:15 - 19:23:20 Computer name: YOUR-DA228F0E1F Scanning type: Scan system for malware, spyware and rootkits Target: C:\ D:\ -------------------------------------------------------------------------------- 1 malware found TrackingCookie.Doubleclick (spyware) System (Disinfected) -------------------------------------------------------------------------------- Statistics Scanned: Files: 51205 System: 3541 Not scanned: 10 Actions: Disinfected: 1 Renamed: 0 Deleted: 0 Not cleaned: 0 Submitted: 0 Files not scanned: C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\HSPERFDATA_OWNER\208 C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\HSPERFDATA_OWNER\3256 -------------------------------------------------------------------------------- Options Scanning engines: Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use advanced heuristics -------------------------------------------------------------------------------- Copyright

Did as instructed. At the point Combofix stated "Completed Statge_50" a pop up message appeared as follows: "Windows - No Disk Exception Processign Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c Cancel Try Again Continue" I selected Continue- had to click it 3 x. Combofix continued; here are the requested logs: ComboFix 10-07-14.02 - Owner 07/15/2010 8:42.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.571 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "E:\m.exe" "F:\m.exe" . ((((((((((((((((((((((((( Files Created from 2010-06-15 to 2010-07-15 ))))))))))))))))))))))))))))))) . 2010-07-13 17:33 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-13 17:33 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-13 16:45 . 2010-07-13 16:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-07-13 16:34 . 2010-07-13 16:34 -------- d-----w- c:\documents and settings\Administrator.YOUR-DA228F0E1F\Application Data\Malwarebytes 2010-07-13 16:14 . 2010-07-13 16:14 -------- d-----w- C:\$AVG 2010-07-13 16:11 . 2010-07-13 17:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\dcotemugs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-13 19:40 . 2009-08-11 07:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-13 17:21 . 2009-08-11 06:35 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys 2010-07-13 16:46 . 2009-08-13 18:43 2188 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-13 16:46 . 2009-08-11 08:50 1964 ----a-w- c:\windows\system32\d3d8caps.dat 2010-07-13 16:17 . 2009-10-01 14:04 -------- d-----w- c:\program files\Microsoft Silverlight 2010-07-12 18:08 . 2010-05-22 03:26 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc 2010-06-17 18:49 . 2009-10-08 14:58 -------- d-----w- c:\documents and settings\Owner\Application Data\WebEx 2010-06-03 12:01 . 2010-05-21 16:23 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-03 12:01 . 2010-05-21 16:23 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-05-24 21:59 . 2010-05-24 21:59 -------- d-----w- c:\program files\Belarc 2010-05-21 16:37 . 2010-05-21 16:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-05-21 16:37 . 2010-05-21 16:23 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-05-21 16:23 . 2010-05-21 16:23 -------- d-----w- c:\program files\AVG 2010-05-21 16:23 . 2010-05-21 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-05-21 16:15 . 2009-08-11 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-05-21 16:06 . 2010-05-21 16:06 -------- d-----w- c:\program files\BurnAware Free 2010-05-21 16:04 . 2010-05-21 16:04 -------- d-----w- c:\program files\VS Revo Group . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-15 966656] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-08-11 98304] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2009-8-11 729088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-05-21 16:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNowEZtray] 2009-09-17 18:32 562944 ----a-w- c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] 2005-06-02 23:03 1957888 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-08-11 07:37 98304 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-03 03:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2005-04-15 18:01 77824 ----a-w- c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-08-11 13:44 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM] 2004-11-15 22:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TomTomHOMEService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office\\OUTLOOK.EXE"= "c:\\Novell\\GroupWise\\grpwise.exe"= "c:\\Novell\\GroupWise\\notify.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/21/2010 12:23 PM 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/21/2010 12:23 PM 242896] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [5/21/2010 12:37 PM 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5/21/2010 12:37 PM 308064] R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [9/17/2009 2:32 PM 45312] S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [8/11/2009 3:12 AM 166720] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2009-08-27 c:\windows\Tasks\ISP signup reminder 3.job - c:\windows\system32\OOBE\oobebaln.exe [2009-08-11 00:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = http=127.0.0.1:5643 uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-15 08:54 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(572) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2140) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\wscntfy.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************** . Completion time: 2010-07-15 08:58:45 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-15 12:58 ComboFix2.txt 2010-07-14 12:46 Pre-Run: 94,021,931,008 bytes free Post-Run: 94,017,318,912 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 2DA98A085A709A0B9047CC684FF7EDB8 DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 9:07:51.92 on Thu 07/15/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.545 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = http=127.0.0.1:5643 uInternet Settings,ProxyOverride = <local> BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\instal~1.lnk - c:\program files\sifxinst\SIFXINST.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos1.walmart.com/WalmartActivia.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://plrbevents.webex.com/client/T26L/event/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-21 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-21 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-21 242896] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-5-21 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-21 308064] R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-17 45312] S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2009-8-11 166720] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008] =============== Created Last 30 ================ 2010-07-15 12:41:02 0 d-sha-r- C:\cmdcons 2010-07-14 13:06:20 0 d-----w- c:\windows\setup.pss 2010-07-14 13:06:08 0 d-----w- c:\windows\setupupd 2010-07-14 12:27:18 98816 ----a-w- c:\windows\sed.exe 2010-07-14 12:27:18 77312 ----a-w- c:\windows\MBR.exe 2010-07-14 12:27:18 256512 ----a-w- c:\windows\PEV.exe 2010-07-14 12:27:18 161792 ----a-w- c:\windows\SWREG.exe 2010-07-13 17:33:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-13 17:33:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-13 16:21:25 918 ----a-w- c:\windows\lsrslt.ini 2010-07-13 16:14:15 0 d-----w- C:\$AVG ==================== Find3M ==================== 2010-07-13 17:21:35 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys 2010-07-13 16:46:02 2188 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-13 16:46:02 1964 ----a-w- c:\windows\system32\d3d8caps.dat 2010-06-03 12:01:41 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-05-21 16:37:52 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-05-21 16:37:47 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys ============= FINISH: 9:07:59.64 ===============

Was able to run in safe mode but did not have the Win XP Recovery Console installed. I'll try to install it now. Here are the logs: ComboFix 10-07-13.05 - Administrator 07/14/2010 8:32.1.1 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.831 [GMT -4:00] Running from: c:\documents and settings\Administrator.YOUR-DA228F0E1F\desktop\ComboFix.exe Command switches used :: /killall WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Application Data\45779C31CC216B5374088264B37DC301 c:\documents and settings\Owner\Application Data\45779C31CC216B5374088264B37DC301\enemies-names.txt c:\documents and settings\Owner\Application Data\45779C31CC216B5374088264B37DC301\local.ini c:\documents and settings\Owner\Application Data\45779C31CC216B5374088264B37DC301\lsrslt.ini c:\documents and settings\Owner\Application Data\b1e4012e.exe c:\documents and settings\Owner\Start Menu\Programs\Antimalware Doctor c:\documents and settings\Owner\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk c:\documents and settings\Owner\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk c:\windows\abipumamajuxuges.dll c:\windows\icadofibujidife.dll c:\windows\system32\ernel32.dll D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2010-06-14 to 2010-07-14 ))))))))))))))))))))))))))))))) . 2010-07-13 17:33 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-13 17:33 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-13 16:45 . 2010-07-13 16:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2010-07-13 16:34 . 2010-07-13 16:34 -------- d-----w- c:\documents and settings\Administrator.YOUR-DA228F0E1F\Application Data\Malwarebytes 2010-07-13 16:14 . 2010-07-13 16:14 -------- d-----w- C:\$AVG 2010-07-13 16:11 . 2010-07-13 17:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\dcotemugs 2010-06-15 01:35 . 2010-06-15 01:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\WMTools Downloaded Files . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-13 19:40 . 2009-08-11 07:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-13 17:21 . 2009-08-11 06:35 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys 2010-07-13 16:46 . 2009-08-13 18:43 2188 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-13 16:46 . 2009-08-11 08:50 1964 ----a-w- c:\windows\system32\d3d8caps.dat 2010-07-13 16:17 . 2009-10-01 14:04 -------- d-----w- c:\program files\Microsoft Silverlight 2010-07-12 18:08 . 2010-05-22 03:26 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc 2010-06-17 18:49 . 2009-10-08 14:58 -------- d-----w- c:\documents and settings\Owner\Application Data\WebEx 2010-06-03 12:01 . 2010-05-21 16:23 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-03 12:01 . 2010-05-21 16:23 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-05-24 21:59 . 2010-05-24 21:59 -------- d-----w- c:\program files\Belarc 2010-05-21 16:37 . 2010-05-21 16:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-05-21 16:37 . 2010-05-21 16:23 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-05-21 16:23 . 2010-05-21 16:23 -------- d-----w- c:\program files\AVG 2010-05-21 16:23 . 2010-05-21 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-05-21 16:15 . 2009-08-11 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2010-05-21 16:06 . 2010-05-21 16:06 -------- d-----w- c:\program files\BurnAware Free 2010-05-21 16:04 . 2010-05-21 16:04 -------- d-----w- c:\program files\VS Revo Group . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-03-15 966656] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-21 61440] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-08-11 98304] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Install Pending Files.LNK - c:\program files\SIFXINST\SIFXINST.EXE [2009-8-11 729088] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-05-21 16:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupNowEZtray] 2009-09-17 18:32 562944 ----a-w- c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] 2005-06-02 23:03 1957888 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-08-11 07:37 98304 ----a-w- c:\program files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-03 03:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2005-04-15 18:01 77824 ----a-w- c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2009-08-11 13:44 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM] 2004-11-15 22:04 135168 ----a-w- c:\program files\Digital Media Reader\shwiconEM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2009-11-13 11:31 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "TomTomHOMEService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office\\OUTLOOK.EXE"= "c:\\Novell\\GroupWise\\grpwise.exe"= "c:\\Novell\\GroupWise\\notify.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/21/2010 12:23 PM 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/21/2010 12:23 PM 242896] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [5/21/2010 12:37 PM 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5/21/2010 12:37 PM 308064] R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [9/17/2009 2:32 PM 45312] S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [8/11/2009 3:12 AM 166720] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a3d677b-f8fa-11de-b10b-0013d392d073}] \Shell\AutoRun\command - F:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{215faf30-09c4-11df-b10d-0013d392d073}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\m.exe /s [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{288ccc23-ee39-11de-b0f5-0013d392d073}] \Shell\AutoRun\command - J:\InstallTomTomHOME.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39476397-9636-11de-b0e1-0013d392d073}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39bde10e-c104-11de-b0e8-0013d392d073}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88f8121a-edc0-11de-b0f4-0013d392d073}] \Shell\AutoRun\command - restore\restorestarter.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e5501620-9be2-11de-b0e3-0013d392d073}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s . Contents of the 'Scheduled Tasks' folder 2009-08-27 c:\windows\Tasks\ISP signup reminder 3.job - c:\windows\system32\OOBE\oobebaln.exe [2009-08-11 00:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = http=127.0.0.1:5643 uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 . - - - - ORPHANS REMOVED - - - - HKCU-Run-mcexecwin - c:\docume~1\Owner\LOCALS~1\Temp\czo46k.dll HKCU-Run-Dhogejo - c:\windows\kCDMOD.dll HKCU-Run-uiha98uiohf873yuiadnhgjesgregas - c:\docume~1\Owner\LOCALS~1\Temp\dy1xv.exe HKCU-Run-ejpqdcbs - c:\documents and settings\Owner\Local Settings\Application Data\dcotemugs\tbnhxcwtssd.exe HKCU-Run-070700Setup.exe - c:\documents and settings\Owner\Application Data\45779C31CC216B5374088264B37DC301\070700Setup.exe HKCU-Run-JDK5SWFMZY - c:\docume~1\Owner\LOCALS~1\Temp\Ykl.exe HKLM-Explorer_Run-z7b6s8 - c:\docume~1\Owner\LOCALS~1\Temp\r3ghaz.exe SafeBoot-klmdb.sys SafeBoot-mcmscsvc SafeBoot-MCODS ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-14 08:42 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(568) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(1232) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-07-14 08:46:37 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-14 12:46 Pre-Run: 94,052,651,008 bytes free Post-Run: 94,049,046,528 bytes free - - End Of File - - 85471A9B9CEC634AC8E7961FCA335EB8 DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 8:51:32.23 on Wed 07/14/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.582 [GMT -4:00] AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = http=127.0.0.1:5643 uInternet Settings,ProxyOverride = <local> BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\instal~1.lnk - c:\program files\sifxinst\SIFXINST.EXE IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos1.walmart.com/WalmartActivia.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://plrbevents.webex.com/client/T26L/event/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-21 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-21 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-21 242896] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-5-21 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-21 308064] R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-17 45312] S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2009-8-11 166720] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008] =============== Created Last 30 ================ 2010-07-14 12:27:18 98816 ----a-w- c:\windows\sed.exe 2010-07-14 12:27:18 77312 ----a-w- c:\windows\MBR.exe 2010-07-14 12:27:18 256512 ----a-w- c:\windows\PEV.exe 2010-07-14 12:27:18 161792 ----a-w- c:\windows\SWREG.exe 2010-07-13 17:33:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-13 17:33:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-13 16:21:25 918 ----a-w- c:\windows\lsrslt.ini 2010-07-13 16:14:15 0 d-----w- C:\$AVG ==================== Find3M ==================== 2010-07-13 17:21:35 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys 2010-07-13 16:46:02 2188 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-13 16:46:02 1964 ----a-w- c:\windows\system32\d3d8caps.dat 2010-06-03 12:01:41 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-05-21 16:37:52 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-05-21 16:37:47 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys ============= FINISH: 8:51:40.10 ===============

I couldn't get Internet Explorer to run. I downloaded combofix to a jump drive and copied it onto the desktop. I double clicked the icon and the hourglass flashed but it would not run.

Thanks for quick response. Here is the log: DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 17:11:23.70 on Tue 07/13/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.519 [GMT -4:00] ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe svchost.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\AVG\AVG9\avgnsx.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\AVG\AVG9\avgemc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uSearch Bar = hxxp://www.google.com/ie uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyServer = http=127.0.0.1:5643 uInternet Settings,ProxyOverride = <local> mSearchAssistant = hxxp://www.google.com/ie BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [mcexecwin] rundll32.exe c:\docume~1\owner\locals~1\temp\czo46k.dll, RestoreWindows uRun: [Dhogejo] rundll32.exe "c:\windows\kCDMOD.dll",Startup uRun: [uiha98uiohf873yuiadnhgjesgregas] c:\docume~1\owner\locals~1\temp\dy1xv.exe uRun: [ejpqdcbs] c:\documents and settings\owner\local settings\application data\dcotemugs\tbnhxcwtssd.exe uRun: [070700Setup.exe] c:\documents and settings\owner\application data\45779c31cc216b5374088264b37dc301\070700Setup.exe uRun: [JDK5SWFMZY] c:\docume~1\owner\locals~1\temp\Ykl.exe mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mExplorerRun: [z7b6s8] c:\docume~1\owner\locals~1\temp\r3ghaz.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\instal~1.lnk - c:\program files\sifxinst\SIFXINST.EXE mPolicies-system: EnableLUA = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos1.walmart.com/WalmartActivia.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://plrbevents.webex.com/client/T26L/event/ieatgpc.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab TCP: NameServer = 93.188.162.61,93.188.161.201 TCP: {748340AB-1A73-4999-B0F4-F2ADEF6FB80D} = 93.188.162.61,93.188.161.201 Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll Notify: AtiExtEvent - Ati2evxx.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-5-21 216200] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-5-21 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-5-21 242896] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-5-21 916760] R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-5-21 308064] R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files\newtech infosystems\backup now ez\BackupNowEZSvr.exe [2009-9-17 45312] S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [2009-8-11 166720] S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008] =============== Created Last 30 ================ 2010-07-13 17:33:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-13 17:33:41 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-13 16:21:25 918 ----a-w- c:\windows\lsrslt.ini 2010-07-13 16:19:32 2832 ----a-w- c:\windows\icadofibujidife.dll 2010-07-13 16:14:18 2832 ----a-w- c:\windows\abipumamajuxuges.dll 2010-07-13 16:14:15 0 d--h--w- C:\$AVG 2010-07-13 16:11:07 0 d-----w- c:\docume~1\owner\applic~1\45779C31CC216B5374088264B37DC301 ==================== Find3M ==================== 2010-07-13 17:21:35 125056 ----a-w- c:\windows\system32\drivers\ftdisk.sys 2010-07-13 16:46:02 2188 ----a-w- c:\windows\system32\d3d9caps.dat 2010-07-13 16:46:02 1964 ----a-w- c:\windows\system32\d3d8caps.dat 2010-06-03 12:01:41 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-05-21 16:37:52 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-05-21 16:37:47 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys ============= FINISH: 17:14:59.90 ===============