Not sure what my computer is infected with but I can't rum MBAM, can't run many programs or the internet, Mozilla or IE. The hijackthis log is first and then the combofix. Any help is appreciated. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:36:41 PM, on 1/23/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16945) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\PDF Complete\pdfsty.exe C:\WINDOWS\SMINST\Scheduler.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Eagle Point Software2\Network License Manager\lservnt.exe C:\PROGRA~1\Iomega\System32\AppServices.exe C:\Program Files\Kodak\printer\center\KodakSvc.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\PDF Complete\pdfsvc.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgemc.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe G:\Business\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/ R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file) O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [FRYMXINS] "C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe O4 - HKLM\..\Run: [scheduler] C:\WINDOWS\SMINST\Scheduler.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn Pro\Autolaunch.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} (ILINCInstall86 Class) - https://content.ilinc.com/clientdownload/do...ad/ilinci86.dll O18 - Protocol: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - C:\Program Files\Common Files\Bricscad\BrxProtIE.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: Eagle Point LM - Rainbow Technologies, Inc. - C:\Program Files\Eagle Point Software2\Network License Manager\lservnt.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- End of file - 8186 bytes ComboFix 10-01-23.02 - Administrator 01/23/2010 14:01:13.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2431 [GMT -7:00] Running from: g:\business\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\lsprst7.dll c:\windows\system32\nsprs.dll . ((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 ))))))))))))))))))))))))))))))) . 2010-01-23 21:00 . 2010-01-23 21:00 -------- d-----w- c:\windows\LastGood 2010-01-23 20:34 . 2010-01-23 20:34 1025 ----a-w- c:\windows\system32\serauth2.dll 2010-01-23 20:34 . 2010-01-23 20:34 1025 ----a-w- c:\windows\system32\serauth1.dll 2010-01-23 19:50 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-23 19:50 . 2010-01-23 19:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-23 19:50 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-23 18:42 . 2010-01-23 18:42 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-01-23 18:27 . 2010-01-23 18:27 -------- d-----w- c:\windows\system32\wbem\Repository 2010-01-21 02:18 . 2010-01-21 02:18 0 ----a-w- c:\windows\system32\drivers\{5B746011-89CE-4FD7-ACF3-F860665E7A38}.sys 2010-01-21 01:59 . 2010-01-23 18:27 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-01-21 01:59 . 2010-01-21 01:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2010-01-20 20:44 . 2010-01-20 20:44 0 ----a-w- c:\windows\system32\drivers\TCPIP_{CA0060E9-4A36-426E-AD77-71E059F0B925}.sys 2010-01-20 00:56 . 2010-01-20 00:56 -------- d-----w- C:\found.000 2010-01-15 23:51 . 2010-01-15 23:51 72192 ----a-w- c:\windows\system32\drivers\yubg8302N.sys 2010-01-15 16:44 . 2010-01-18 20:48 -------- d-----w- C:\data2010 2010-01-15 16:43 . 2010-01-15 16:43 -------- d-----w- C:\New Folder (3) 2010-01-13 12:45 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll 2010-01-07 18:56 . 2010-01-07 18:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-01-07 18:56 . 2010-01-07 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-23 20:58 . 2010-01-23 20:58 118784 ----a-w- c:\windows\system32\chg.exe 2010-01-23 20:57 . 2009-09-18 17:38 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-23 19:36 . 2007-01-03 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-01-23 19:03 . 2009-11-13 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-01-23 18:46 . 2010-01-23 18:46 2855 ----a-w- c:\windows\PIF\rkill.PIF 2010-01-23 18:34 . 2009-11-13 00:08 0 ----a-w- c:\windows\Pjesibekepemiy.bin 2010-01-23 18:27 . 2006-01-16 22:12 824960 ----a-w- c:\windows\system32\drivers\iaStor.sys 2010-01-21 15:56 . 2007-01-02 22:21 -------- d-----w- c:\program files\AutoCAD R14 2010-01-21 02:36 . 2007-03-16 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-01-21 02:32 . 2009-08-17 17:12 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2010-01-21 01:58 . 2008-07-31 20:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-01-21 01:52 . 2009-11-13 00:08 120 ----a-w- c:\windows\Omewef.dat 2010-01-16 00:15 . 2009-12-01 20:30 0 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\prvlcl.dat 2010-01-15 23:51 . 2009-08-17 17:12 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-12-22 15:20 . 2009-12-22 15:20 4043544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe 2009-12-22 15:20 . 2009-12-22 15:20 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll 2009-12-17 15:48 . 2009-12-17 15:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Hotbar_Icons 2009-12-16 21:01 . 2009-12-16 21:01 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat 2009-11-21 15:51 . 2006-02-28 02:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-16 15:09 . 2009-11-16 15:09 16 ----a-w- c:\documents and settings\NetworkService\Application Data\zxcvbd.dat 2009-11-13 20:31 . 2009-08-17 17:12 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-11-13 20:31 . 2009-08-17 17:12 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-11-13 20:31 . 2009-08-17 17:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-11-13 00:04 . 2009-11-13 00:04 24 ----a-w- c:\documents and settings\LocalService\Application Data\zxcvbd.dat 2009-11-04 10:15 . 2009-08-18 20:44 579848 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-10-29 07:46 . 2006-02-28 02:00 832512 ------w- c:\windows\system32\wininet.dll 2009-10-29 07:46 . 2006-02-28 02:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-10-29 07:46 . 2006-02-28 02:00 17408 ----a-w- c:\windows\system32\corpol.dll 2008-08-17 00:42 . 2008-08-17 00:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-08-17 00:42 . 2008-08-17 00:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2008-08-17 00:42 . 2008-08-17 00:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2008-08-17 00:42 . 2008-08-17 00:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-08-17 00:43 . 2008-08-17 00:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2008-08-17 00:42 . 2008-08-17 00:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2008-08-17 00:42 . 2008-08-17 00:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2008-05-21 15:41 . 2008-05-21 15:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll 2008-05-21 15:41 . 2008-05-21 15:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll 2008-05-21 15:41 . 2008-05-21 15:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll 2008-06-05 20:58 . 2008-06-05 20:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-08-17 00:42 . 2008-08-17 00:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll . ((((((((((((((((((((((((((((( SnapShot@2010-01-23_20.52.04 ))))))))))))))))))))))))))))))))))))))))) . - 2006-04-25 17:43 . 2010-01-23 20:47 71264 c:\windows\system32\perfc009.dat + 2006-04-25 17:43 . 2010-01-23 21:02 71264 c:\windows\system32\perfc009.dat + 2006-04-25 17:43 . 2010-01-23 21:02 441454 c:\windows\system32\perfh009.dat - 2006-04-25 17:43 . 2010-01-23 20:47 441454 c:\windows\system32\perfh009.dat + 2010-01-23 20:55 . 2010-01-23 20:55 15710720 c:\windows\Installer\35a2d.msp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 20:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-26 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FRYMXINS"="c:\program files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl" [X] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-05-04 344064] "PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2006-07-14 279576] "Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856] "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-03-02 257088] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-07 185872] "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720] "Drag'n'Drop_Autolaunch"="c:\program files\Iomega HotBurn Pro\Autolaunch.exe" [2004-12-01 131072] "RTHDCPL"="RTHDCPL.EXE" [2006-06-13 16239616] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-31 2033432] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-11-13 20:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Executive Software\\Diskeeper\\Diskeeper.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Eagle Point Software\\EGPT\\PROGRAM\\egpt.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/17/2009 10:12 AM 333192] R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/13/2009 1:30 PM 906520] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/13/2009 1:30 PM 285392] R2 Eagle Point LM;Eagle Point LM;c:\program files\Eagle Point Software2\Network License Manager\lservnt.exe [11/12/2008 2:30 PM 577536] R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [10/30/2008 9:58 AM 28672] R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [10/18/2006 11:16 PM 534040] S0 okfgck;okfgck;c:\windows\system32\drivers\ewtlbdf.sys --> c:\windows\system32\drivers\ewtlbdf.sys [?] S0 xhpqhfzq;xhpqhfzq; [x] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/17/2009 10:12 AM 360584] S1 yubg8302N;yubg8302N;c:\windows\system32\drivers\yubg8302N.sys [1/15/2010 4:51 PM 72192] S3 TRMUSB5K;Trimble USB GPS Driver;c:\windows\system32\drivers\TRMUSB5K.SYS [7/30/2008 12:49 PM 9881] S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;c:\windows\system32\drivers\usb8023.sys [2/27/2006 7:00 PM 12800] --- Other Services/Drivers In Memory --- *Deregistered* - dnbudf . Contents of the 'Scheduled Tasks' folder 2010-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 22:42] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.Google.com uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 Handler: brx - {9C160F90-74D1-11D3-AB60-0060977C1F29} - c:\program files\Common Files\BricsCad\BrxProtIE.dll DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} - hxxps://content.ilinc.com/clientdownload/download/ilinci86.dll FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\v3nlpmwd.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF - HiddenExtension: XULRunner: {B51F9201-2ABC-4548-827E-F7DC6CC16438} - c:\documents and settings\Administrator\Local Settings\Application Data\{B51F9201-2ABC-4548-827E-F7DC6CC16438}\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-23 14:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2] "ImagePath"="\"\"" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(744) c:\windows\system32\Ati2evxx.dll . Completion time: 2010-01-23 14:04:45 ComboFix-quarantined-files.txt 2010-01-23 21:04 ComboFix2.txt 2010-01-23 20:54 Pre-Run: 87,386,624,000 bytes free Post-Run: 87,349,608,448 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - CBB76E1883B2FB6FED7896A6376F23C0 ComboFix.txt hijackthis2.txt