Last night my laptop was infected/attacked by the AV Security Suite virus. The result was pop-ups and disabled core applications. To address the issue I completed the following...
1. Rebooted and entered safe mode.
2. Disabled the false proxy.
3. Downloaded and performed scans with Spybot S&D and Malwarebyte's Anti-Malware.
I was still getting pop-ups and application errors so I proceeded to #4.
4. Downloaded and ran combo fix (thanks to this wonderful forum) today. During the scan a notification appeared that a rootkit was present and combo fix rebooted the PC before completing the scan.
I am now able to use the applications that were previously blocked and have not had further pop-up issues. I would like an expert review to see if I am in the clear or not based on what's available in the scans below. Thanks!
JayMc
Here is the DDS log for your review
DDS (Ver_10-03-17.01) - NTFSx86
Run by James at 15:44:42.70 on Wed 06/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1187 [GMT -5:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
============== Running Processes ===============
C:WINDOWSsystem32svchost -k DcomLaunch
svchost.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:Program FilesAVGAVG9avgchsvx.exe
C:Program FilesAVGAVG9avgrsx.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAVGAVG9avgcsrvx.exe
C:Program FilesGoogleUpdate1.2.183.29GoogleCrashHandler.exe
svchost.exe
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Program FilesAVGAVG9avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesCarboniteCarbonite Backupcarboniteservice.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesAVGAVG9avgnsx.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32HPZipm12.exe
C:WINDOWSsystem32svchost.exe -k imgsvc
C:Program FilesAVGAVG9avgemc.exe
C:Program FilesAVGAVG9avgcsrvx.exe
svchost.exe 4
svchost.exe 4
C:WINDOWSsystem32notepad.exe
C:WINDOWSexplorer.exe
C:Documents and SettingsJamesLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsJamesLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsJamesLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsJamesLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:WINDOWSsystem32dllhost.exe
C:Documents and SettingsJamesLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
C:Documents and SettingsJamesMy DocumentsDownloadsdds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:program filesavgavg9avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:progra~1spybot~1SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:program filesgooglegoogletoolbarnotifier5.1.1309.3572swg.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:program filesjavajre6binjp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:program filesjavajre6libdeployjqsiejqs_plugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [swg] c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe
uRun: [Google Update] "c:documents and settingsjameslocal settingsapplication datagoogleupdateGoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:program filesspybot - search & destroyTeaTimer.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%SigmaTelC-Major AudioWDMstsystra.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE c:windowssystem32NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"
mRun: [Carbonite Backup] c:program filescarbonitecarbonite backupCarboniteUI.exe
mRun: [Apoint] c:program filesapointApoint.exe
mRun: [LVCOMS] c:program filescommon fileslogitechqcdriver3LVCOMS.EXE
mRun: [RoxWatchTray] "c:program filescommon filesroxio shared9.0sharedcomRoxWatchTray9.exe"
mRun: [AVG9_TRAY] c:progra~1avgavg9avgtray.exe
mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportAppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [QuickTime Task] "c:program filesquicktimeQTTask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
IE: E&xport to Microsoft Excel - c:progra~1micros~2office11EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:progra~1micros~2office11REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:progra~1spybot~1SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1269275953796
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:program filesavgavg9avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [2009-1-30 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:windowssystem32driversavgmfx86.sys [2009-1-30 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:windowssystem32driversavgtdix.sys [2009-1-30 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:program filesavgavg9avgemc.exe [2010-3-15 916760]
R2 avg9wd;AVG Free WatchDog;c:program filesavgavg9avgwdsvc.exe [2010-3-15 308064]
S0 cerc6;cerc6; [x]
S2 gupdate1c9bd68156a6534;Google Update Service (gupdate1c9bd68156a6534);c:program filesgoogleupdateGoogleUpdate.exe [2009-4-14 133104]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:windowssystem32driversLV551AV.sys [2009-10-4 220079]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:windowssystem32driverspixmcvc.sys [2009-10-4 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:windowssystem32driverspixmcva.sys [2009-10-4 27961]
S3 PIXMCVV;JVC PIX-MCV Video Capture;c:windowssystem32driverspixmcvv.sys [2009-10-4 20953]
=============== Created Last 30 ================
2010-06-30 19:53:59 0 d-sha-r- C:cmdcons
2010-06-30 19:49:22 98816 ----a-w- c:windowssed.exe
2010-06-30 19:49:22 77312 ----a-w- c:windowsMBR.exe
2010-06-30 19:49:22 256512 ----a-w- c:windowsPEV.exe
2010-06-30 19:49:22 161792 ----a-w- c:windowsSWREG.exe
2010-06-30 12:20:36 0 d-----w- c:program filesSpybot - Search & Destroy
2010-06-30 12:20:36 0 d-----w- c:docume~1alluse~1applic~1Spybot - Search & Destroy
2010-06-30 12:15:02 411368 ----a-w- c:windowssystem32deployJava1.dll
2010-06-30 05:03:54 0 d-----w- c:docume~1jamesapplic~1Malwarebytes
2010-06-30 05:03:46 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-06-30 05:03:45 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-06-30 05:03:45 0 d-----w- c:program filesMalwarebytes' Anti-Malware
2010-06-30 05:03:45 0 d-----w- c:docume~1alluse~1applic~1Malwarebytes
2010-06-30 04:51:51 767952 ----a-w- c:windowsBDTSupport.dll.old
2010-06-30 04:51:50 1652688 ----a-w- c:windowsPCTBDCore.dll.old
2010-06-30 04:43:17 0 d-----w- c:program filesSpyware Doctor
2010-06-22 01:58:48 0 d-----w- c:program filesiPod
2010-06-22 01:58:41 0 d-----w- c:program filesiTunes
2010-06-22 01:52:52 0 d-----w- c:program filesBonjour
2010-06-10 11:14:50 3250 ----a-w- c:windowssystem32wbemOutlook_01cb088e24aec5ae.mof
2010-06-09 08:17:18 743424 -c----w- c:windowssystem32dllcacheiedvtool.dll
2010-06-08 00:23:51 0 d-----w- c:program filesWindows Media Connect 2
2010-06-08 00:22:09 0 d-----w- c:windowssystem32LogFiles
2010-06-08 00:21:31 0 d-----w- C:38cba56557862e2d64
==================== Find3M ====================
2010-06-26 20:03:26 183003 ----a-w- c:windowssystem32nvModes.dat
2010-06-02 14:04:53 242896 ----a-w- c:windowssystem32driversavgtdix.sys
2010-05-18 21:35:16 91424 ----a-w- c:windowssystem32dnssd.dll
2010-05-18 21:35:16 107808 ----a-w- c:windowssystem32dns-sd.exe
2010-05-06 10:41:53 916480 ----a-w- c:windowssystem32wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:windowssystem32win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:windowssystem32atmfd.dll
2010-04-20 01:47:44 3062048 ----a-w- c:windowssystem32usbaaplrc.dll
2010-04-09 00:05:58 68294 ----a-w- c:windowshpoins05.dat
2002-08-01 00:55:12 154 --sh--w- c:windowsWSYS049.SYS
============= FINISH: 15:44:51.53 ===============
Here is the combo fix log for your review....
ComboFix 10-06-29.04 - James 06/30/2010 14:59:13.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1558 [GMT -5:00]
Running from: c:documents and settingsJamesDesktopComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:docume~1JamesLOCALS~1Tempinstall_flash_player.exe
c:windowssystem32st325602.dll
Infected copy of c:windowssystem32driversatapi.sys was found and disinfected
Restored copy from - Kitty had a snack

.
((((((((((((((((((((((((( Files Created from 2010-05-28 to 2010-06-30 )))))))))))))))))))))))))))))))
.
2010-06-30 19:51 . 2010-06-30 19:51 -------- d-sh--w- c:documents and settingsLocalServiceIETldCache
2010-06-30 19:50 . 2010-06-30 19:50 -------- d-sh--w- c:documents and settingsLocalServicePrivacIE
2010-06-30 12:20 . 2010-06-30 19:41 -------- d-----w- c:program filesSpybot - Search & Destroy
2010-06-30 12:20 . 2010-06-30 19:33 -------- d-----w- c:documents and settingsAll UsersApplication DataSpybot - Search & Destroy
2010-06-30 12:18 . 2010-06-30 12:18 -------- d-----w- c:program filesCommon FilesJava
2010-06-30 12:15 . 2010-06-30 12:15 503808 ----a-w- c:documents and settingsJamesApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-6c55be72-nmsvcp71.dll
2010-06-30 12:15 . 2010-06-30 12:15 499712 ----a-w- c:documents and settingsJamesApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-6c55be72-njmc.dll
2010-06-30 12:15 . 2010-06-30 12:15 348160 ----a-w- c:documents and settingsJamesApplication DataSunJavaDeploymentSystemCache6.046f84c6ae-6c55be72-nmsvcr71.dll
2010-06-30 12:15 . 2010-06-30 12:15 61440 ----a-w- c:documents and settingsJamesApplication DataSunJavaDeploymentSystemCache6.0505535ab32-2f8df486-ndecora-sse.dll
2010-06-30 12:15 . 2010-06-30 12:15 12800 ----a-w- c:documents and settingsJamesApplication DataSunJavaDeploymentSystemCache6.0505535ab32-2f8df486-ndecora-d3d.dll
2010-06-30 12:15 . 2010-04-12 22:29 411368 ----a-w- c:windowssystem32deployJava1.dll
2010-06-30 05:51 . 2010-06-30 05:51 -------- d-----w- c:documents and settingsJamesLocal SettingsApplication DataThreat Expert
2010-06-30 05:03 . 2010-06-30 05:03 -------- d-----w- c:documents and settingsJamesApplication DataMalwarebytes
2010-06-30 05:03 . 2010-04-29 20:39 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-06-30 05:03 . 2010-06-30 05:03 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2010-06-30 05:03 . 2010-06-30 05:03 -------- d-----w- c:documents and settingsAll UsersApplication DataMalwarebytes
2010-06-30 05:03 . 2010-04-29 20:39 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-06-30 04:43 . 2010-06-30 11:33 -------- d-----w- c:program filesSpyware Doctor
2010-06-30 03:28 . 2010-06-30 03:28 -------- d-sh--w- c:windowssystem32configsystemprofilePrivacIE
2010-06-30 03:25 . 2010-06-30 05:45 -------- d-----w- c:documents and settingsNetworkServiceLocal SettingsApplication Datalqxcofasr
2010-06-30 02:09 . 2010-06-30 02:09 -------- d-sh--w- c:windowssystem32configsystemprofileIETldCache
2010-06-30 02:09 . 2010-06-30 02:09 -------- d-sh--w- c:documents and settingsNetworkServicePrivacIE
2010-06-22 01:58 . 2010-06-22 01:58 -------- d-----w- c:program filesiPod
2010-06-22 01:58 . 2010-06-22 01:59 -------- d-----w- c:program filesiTunes
2010-06-22 01:55 . 2010-06-22 01:56 -------- d-----w- c:program filesQuickTime
2010-06-22 01:54 . 2010-06-22 01:54 -------- d-----w- c:program filesApple Software Update
2010-06-22 01:52 . 2010-06-22 01:52 -------- d-----w- c:program filesBonjour
2010-06-16 01:01 . 2010-06-16 01:01 72504 ----a-w- c:documents and settingsAll UsersApplication DataApple ComputerInstaller CacheiTunes 9.2.0.61SetupAdmin.exe
2010-06-11 04:06 . 2008-04-14 12:00 26624 ----a-w- c:documents and settingsLocalServiceApplication DataMicrosoftUPnP Device Hostupnphostudhisapi.dll
2010-06-09 08:17 . 2010-05-06 10:41 743424 -c----w- c:windowssystem32dllcacheiedvtool.dll
2010-06-08 00:23 . 2010-06-08 00:23 -------- d-----w- c:program filesWindows Media Connect 2
2010-06-08 00:22 . 2010-06-08 00:22 -------- d-----w- c:windowssystem32driversUMDF
2010-06-08 00:22 . 2010-06-08 00:22 -------- d-----w- c:windowssystem32LogFiles
2010-06-08 00:21 . 2010-06-08 00:22 -------- d-----w- C:38cba56557862e2d64
2010-06-02 14:05 . 2010-06-02 14:05 242896 ----a-w- c:documents and settingsAll UsersApplication Dataavg9updatebackupavgtdix.sys
2010-06-02 14:05 . 2010-06-02 14:05 29512 ----a-w- c:documents and settingsAll UsersApplication Dataavg9updatebackupavgmfx86.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 12:14 . 2009-02-18 21:12 -------- d-----w- c:program filesJava
2010-06-30 11:32 . 2010-02-11 00:54 -------- d---a-w- c:documents and settingsAll UsersApplication DataTemp
2010-06-30 03:17 . 2009-04-15 01:17 -------- d-----w- c:documents and settingsAll UsersApplication DataGoogle Updater
2010-06-26 20:03 . 2009-01-30 21:23 183003 ----a-w- c:windowssystem32nvModes.dat
2010-06-22 01:58 . 2009-07-25 14:53 -------- d-----w- c:program filesCommon FilesApple
2010-06-02 14:04 . 2009-01-30 21:35 242896 ----a-w- c:windowssystem32driversavgtdix.sys
2010-06-02 14:04 . 2009-01-30 21:35 29584 ----a-w- c:windowssystem32driversavgmfx86.sys
2010-05-23 12:49 . 2010-05-23 12:49 503808 ----a-w- c:documents and settingsJamesApplication DataSunJavaDeploymentcache6.046f84c6ae-778bc3b0-nmsvcp71.dll
2010-05-23 12:49 . 2010-05-23 12:49 499712 ----a-w- c:documents and settingsJamesApplication DataSunJavaDeploymentcache6.046f84c6ae-778bc3b0-njmc.dll
2010-05-23 12:49 . 2010-05-23 12:49 348160 ----a-w- c:documents and settingsJamesApplication DataSunJavaDeploymentcache6.046f84c6ae-778bc3b0-nmsvcr71.dll
2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:windowssystem32dnssd.dll
2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:windowssystem32dns-sd.exe
2010-05-14 02:20 . 2010-05-14 02:20 -------- d-----w- c:program filesEaston Shaft Selector 2010
2010-05-11 17:55 . 2009-04-15 01:17 -------- d-----w- c:program filesGoogle
2010-05-06 10:41 . 2008-04-14 12:00 916480 ----a-w- c:windowssystem32wininet.dll
2010-05-02 05:22 . 2008-04-14 12:00 1851264 ----a-w- c:windowssystem32win32k.sys
2010-04-20 05:30 . 2008-04-14 12:00 285696 ----a-w- c:windowssystem32atmfd.dll
2010-04-20 01:47 . 2009-07-25 14:53 3062048 ----a-w- c:windowssystem32usbaaplrc.dll
2010-04-20 01:47 . 2009-07-25 14:53 41984 ----a-w- c:windowssystem32driversusbaapl.sys
2010-04-14 13:28 . 2009-11-12 03:30 79488 ----a-w- c:documents and settingsJamesApplication DataSunJavajre1.6.0_17gtapi.dll
2010-04-13 18:56 . 2010-04-13 18:56 1925088 ----a-w- c:documents and settingsJamesApplication DataMacromediaFlash Playerwww.macromedia.combinfpupdateplfpupdatepl.exe
2010-04-09 00:05 . 2010-04-09 00:03 68294 ----a-w- c:windowshpoins05.dat
2002-08-01 00:55 . 2009-02-05 20:08 154 --sh--w- c:windowsWSYS049.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersCarbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOTCLSID{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-01-09 21:13 583312 ----a-r- c:program filesCarboniteCarbonite BackupCarboniteNSE.dll
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersCarbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOTCLSID{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-01-09 21:13 583312 ----a-r- c:program filesCarboniteCarbonite BackupCarboniteNSE.dll
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersCarbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOTCLSID{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-01-09 21:13 583312 ----a-r- c:program filesCarboniteCarbonite BackupCarboniteNSE.dll
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"swg"="c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2009-04-15 39408]
"Google Update"="c:documents and settingsJamesLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe" [2010-02-26 135664]
"SpybotSD TeaTimer"="c:program filesSpybot - Search & DestroyTeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SigmatelSysTrayApp"="c:program filesSigmaTelC-Major AudioWDMstsystra.exe" [2007-05-10 405504]
"NvCplDaemon"="c:windowssystem32NvCpl.dll" [2008-02-22 13508608]
"nwiz"="nwiz.exe" [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" [2008-02-22 86016]
"NvMediaCenter"="c:windowssystem32NvMcTray.dll" [2008-02-22 86016]
"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2010-02-18 248040]
"Carbonite Backup"="c:program filesCarboniteCarbonite BackupCarboniteUI.exe" [2009-01-09 669840]
"Apoint"="c:program filesApointApoint.exe" [2005-10-07 176128]
"LVCOMS"="c:program filesCommon FilesLogitechQCDriver3LVCOMS.EXE" [2002-12-10 127022]
"RoxWatchTray"="c:program filesCommon FilesRoxio Shared9.0SharedCOMRoxWatchTray9.exe" [2008-06-08 236016]
"AVG9_TRAY"="c:progra~1AVGAVG9avgtray.exe" [2010-06-02 2065248]
"AppleSyncNotifier"="c:program filesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:program filesQuickTimeQTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2010-06-15 141624]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyavgrsstarter]
2010-03-15 13:05 12464 ----a-w- c:windowssystem32avgrsstx.dll
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%Network Diagnosticxpnetdiag.exe"=
"%windir%system32sessmgr.exe"=
"c:WINDOWSsystem32dpvsetup.exe"=
"c:Program FilesAVGAVG9avgemc.exe"=
"c:Program FilesAVGAVG9avgupd.exe"=
"c:Program FilesAVGAVG9avgnsx.exe"=
"c:Program FilesBonjourmDNSResponder.exe"=
"c:Program FilesiTunesiTunes.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:windowssystem32driversavgldx86.sys [1/30/2009 4:35 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:windowssystem32driversavgtdix.sys [1/30/2009 4:35 PM 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:program filesAVGAVG9avgemc.exe [3/15/2010 8:05 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:program filesAVGAVG9avgwdsvc.exe [3/15/2010 8:05 AM 308064]
S0 cerc6;cerc6; [x]
S2 gupdate1c9bd68156a6534;Google Update Service (gupdate1c9bd68156a6534);c:program filesGoogleUpdateGoogleUpdate.exe [4/14/2009 8:18 PM 133104]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:windowssystem32driversLV551AV.sys [10/4/2009 9:29 AM 220079]
S3 PIXMCV;JVC Communication PIX-MCV Driver;c:windowssystem32driverspixmcvc.sys [10/4/2009 6:39 PM 32000]
S3 PIXMCVA;JVC PIX-MCV Audio Capture;c:windowssystem32driverspixmcva.sys [10/4/2009 6:41 PM 27961]
S3 PIXMCVV;JVC PIX-MCV Video Capture;c:windowssystem32driverspixmcvv.sys [10/4/2009 6:40 PM 20953]
.
Contents of the 'Scheduled Tasks' folder
2010-06-30 c:windowsTasksAppleSoftwareUpdate.job
- c:program filesApple Software UpdateSoftwareUpdate.exe [2009-10-22 16:50]
2010-06-30 c:windowsTasksGoogle Software Updater.job
- c:program filesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2009-04-15 01:17]
2010-06-30 c:windowsTasksGoogleUpdateTaskMachineCore.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2009-04-15 01:18]
2010-06-30 c:windowsTasksGoogleUpdateTaskMachineUA.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2009-04-15 01:18]
2010-06-30 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-515967899-412668190-1417001333-1003Core.job
- c:documents and settingsJamesLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2010-02-28 07:42]
2010-06-30 c:windowsTasksGoogleUpdateTaskUserS-1-5-21-515967899-412668190-1417001333-1003UA.job
- c:documents and settingsJamesLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2010-02-28 07:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
IE: E&xport to Microsoft Excel - c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-WebCamRT.exe - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-30 15:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINESystemControlSet001Servicesecvbdritvspqjxk]
"imagepath"="??c:windowsTEMP1B4.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS.DefaultSoftwareMicrosoftInternet ExplorerUser Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,ec,b7,1b,a8,66,d4,48,90,02,80,
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,ec,b7,1b,a8,66,d4,48,90,02,80,
.
Completion time: 2010-06-30 15:10:20
ComboFix-quarantined-files.txt 2010-06-30 20:10
Pre-Run: 40,123,396,096 bytes free
Post-Run: 41,305,661,440 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 081BBFBAB0EEDC5AB10D0AB3A5FEA536
I've also had four or five pop-ups this evening. They have all been in google chrome and have all been for local businesses.
The wave volume on the laptop keeps resetting itself to zero. I adjust it to max and randomly it resets to zero. Probably related to the continued popups?
Merged posts. ~ OB
Edited by hamluis, 01 July 2010 - 03:35 PM.