Hello ShinyBeast!
Everything seems to working fine, I can access Gmail and my google link are working again.
On combofix the Submit Files for further analysis never popped up, just to let you know.
that's about the only thing i notice that didn't happen from your instructions. I got to finally download Malwarebytes and updated successfully.
Here are the logs:
ComboFix 09-12-23.06 - jas 12/24/2009 10:52:19.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.168 [GMT -5:00]
Running from: c:\documents and settings\jas\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jas\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
file zipped: c:\windows\system32\dolivowa.dll
file zipped: c:\windows\system32\drivers\2892o0P7.sys
file zipped: c:\windows\system32\fedozuta.dll
file zipped: c:\windows\system32\gemewoda.dll
file zipped: c:\windows\system32\golorojo.dll
file zipped: c:\windows\system32\hepoyaba.dll
file zipped: c:\windows\system32\regizogu.dll
file zipped: c:\windows\system32\samisede.dll
file zipped: c:\windows\system32\torayiya.dll
file zipped: c:\windows\system32\watusero.dll
file zipped: c:\windows\system32\yusutuno.exe
file zipped: c:\windows\system32\zehakebo.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\benny\Application Data\uTorrent
c:\documents and settings\benny\Application Data\uTorrent\AVG Antivirus 8 0 + serial (EXPIRES YEAR 2018) (CLEAN) [blaze69].torrent
c:\documents and settings\benny\Application Data\uTorrent\dht.dat
c:\documents and settings\benny\Application Data\uTorrent\dht.dat.old
c:\documents and settings\benny\Application Data\uTorrent\resume.dat
c:\documents and settings\benny\Application Data\uTorrent\resume.dat.old
c:\documents and settings\benny\Application Data\uTorrent\rss.dat
c:\documents and settings\benny\Application Data\uTorrent\rss.dat.old
c:\documents and settings\benny\Application Data\uTorrent\settings.dat
c:\documents and settings\benny\Application Data\uTorrent\settings.dat.old
c:\documents and settings\benny\Application Data\uTorrent\SUPERAntiSpyware Professional 4.0.0.1154.torrent
c:\documents and settings\jas\Local Settings\Application Data\opjabe
c:\windows\system32\dolivowa.dll
c:\windows\system32\drivers\2892o0P7.sys
c:\windows\system32\fedozuta.dll
c:\windows\system32\gemewoda.dll
c:\windows\system32\golorojo.dll
c:\windows\system32\hepoyaba.dll
c:\windows\system32\regizogu.dll
c:\windows\system32\samisede.dll
c:\windows\system32\torayiya.dll
c:\windows\system32\watusero.dll
c:\windows\system32\yusutuno.exe
c:\windows\system32\zehakebo.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_2892O0P7
-------\Legacy_WNAMJOVTNB
-------\Service_2892o0P7
-------\Service_wnamjovtnb
((((((((((((((((((((((((( Files Created from 2009-11-24 to 2009-12-24 )))))))))))))))))))))))))))))))
.
2009-12-20 17:55 . 2009-12-20 17:55 -------- d-----w- c:\program files\VSO
2009-12-12 12:46 . 2009-12-12 12:46 -------- d-----w- c:\documents and settings\benny\Application Data\Template
2009-12-09 17:48 . 2009-12-20 17:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-09 17:09 . 2009-12-09 17:09 -------- d-----w- c:\program files\Trend Micro
2009-12-08 20:03 . 2009-12-08 21:20 -------- d-----w- C:\$AVG
2009-12-08 20:02 . 2009-12-08 20:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-08 20:02 . 2009-12-24 11:26 -------- d-----w- c:\windows\system32\drivers\Avg
2009-12-08 20:02 . 2009-12-08 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-12-08 20:01 . 2009-12-08 20:01 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-12-08 20:01 . 2009-12-08 20:01 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-08 20:01 . 2009-12-08 20:01 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-08 20:01 . 2009-12-08 20:01 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-08 20:01 . 2009-12-08 20:01 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-08 20:00 . 2009-12-08 20:00 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-12-08 20:00 . 2009-12-08 20:00 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-12-08 20:00 . 2009-12-08 20:00 -------- d-----w- c:\program files\AVG
2009-12-08 20:00 . 2009-12-08 20:00 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-08 18:15 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-12-08 00:15 . 2009-12-08 00:15 16904 ----a-w- c:\windows\system32\drivers\KLMD.sys
2009-12-04 23:34 . 2009-12-04 23:34 -------- d-----w- c:\documents and settings\jas\Local Settings\Application Data\Threat Expert
2009-12-03 02:48 . 2009-12-03 02:48 -------- d-----w- c:\documents and settings\benny\Application Data\Lavasoft
2009-12-02 23:40 . 2009-12-03 01:47 -------- d-----w- c:\program files\Common Files\ParetoLogic
2009-12-02 23:40 . 2009-12-03 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-12-02 23:38 . 2009-12-02 23:38 -------- d-----w- c:\documents and settings\benny\Local Settings\Application Data\Downloaded Installations
2009-12-02 21:06 . 2009-12-02 21:06 -------- d-----w- c:\documents and settings\benny\Application Data\Malwarebytes
2009-12-02 20:50 . 2009-12-02 21:02 -------- d-----w- c:\documents and settings\benny\Local Settings\Application Data\Adobe
2009-12-02 20:30 . 2009-12-02 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-02 18:27 . 2009-12-04 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-12-02 05:04 . 2009-12-02 05:11 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-12-02 02:53 . 2009-12-02 02:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-12-02 02:35 . 2009-12-02 02:35 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-12-02 02:33 . 2009-12-02 02:33 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-02 00:51 . 2009-12-02 00:51 69472 ----a-w- c:\documents and settings\benny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-01 22:42 . 2009-12-01 22:42 -------- d-----w- c:\documents and settings\jas\Local Settings\Application Data\esentsttools
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-24 15:19 . 2008-01-26 17:56 -------- d-----w- c:\program files\PeerGuardian2
2009-12-23 23:51 . 2009-01-30 00:06 -------- d-----w- c:\documents and settings\jas\Application Data\Vso
2009-12-23 22:09 . 2007-05-12 08:19 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-23 21:24 . 2007-05-11 19:07 6748 ----a-w- c:\documents and settings\jas\Application Data\wklnhst.dat
2009-12-22 13:43 . 2009-12-22 13:45 4043544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2009-12-21 00:57 . 2009-01-07 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-20 17:56 . 2009-01-30 00:06 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-12-20 17:56 . 2009-01-30 00:06 47360 ----a-w- c:\documents and settings\jas\Application Data\pcouffin.sys
2009-12-20 17:56 . 2009-01-30 00:06 47360 ----a-w- c:\documents and settings\jas\Application Data\pcouffin.sys
2009-12-18 15:01 . 2008-01-23 04:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-12 12:45 . 2009-12-12 12:45 0 ----a-w- c:\documents and settings\benny\Application Data\wklnhst.dat
2009-12-11 19:43 . 2009-12-23 16:17 2033432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2009-12-11 19:43 . 2009-12-22 13:45 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2009-12-11 19:36 . 2009-12-22 13:44 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
2009-12-11 19:36 . 2009-12-22 13:44 3967256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-08 20:01 . 2009-12-22 13:44 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2009-12-08 01:27 . 2007-05-07 21:36 -------- d-----w- c:\program files\Java
2009-12-08 01:16 . 2007-05-04 21:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-12-03 02:47 . 2007-05-17 02:08 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-02 18:26 . 2007-07-27 20:57 -------- d-----w- c:\program files\PCPitstop
2009-11-03 18:43 . 2009-11-03 18:43 -------- d-----w- c:\program files\Invoke Solutions
2009-11-03 01:42 . 2009-10-03 11:40 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 07:45 . 2004-08-04 13:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 13:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 13:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 13:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-16 17:13 . 2009-12-08 20:20 1115392 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-10-13 10:30 . 2004-08-04 13:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 13:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 13:00 79872 ----a-w- c:\windows\system32\raschap.dll
2007-08-20 20:09 . 2007-08-09 06:21 88 -csh--r- c:\windows\system32\9CCEB17CDB.sys
2007-08-20 20:09 . 2007-08-09 06:21 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-23 2033432]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-08 1294336]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-08 20:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
backup=c:\windows\pss\NkbMonitor.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-11 04:43 67488 ----a-w- c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 05:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2005-10-11 23:17 409600 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\esentsttools]
2009-12-01 17:43 81920 ----a-w- c:\documents and settings\jas\Local Settings\Application Data\esentsttools\esentsttools.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 20:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31 80896 ----a-w- c:\program files\Hewlett-Packard\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2005-05-04 17:59 794624 ----a-w- c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-16 23:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-16 23:15 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2007-11-09 21:16 688128 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-22 00:32 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-06-15 10:50 729178 -c--a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
2005-07-28 15:32 94208 ------w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 23:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 21:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)
"gusvc"=2 (0x2)
"Fax"=2 (0x2)
"AOL ACS"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\ati2evxx.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgtray.exe"=
"c:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [12/8/2009 3:01 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [12/8/2009 3:01 PM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/8/2009 3:01 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/8/2009 3:01 PM 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12/8/2009 3:01 PM 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/8/2009 3:01 PM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [12/8/2009 3:01 PM 2303680]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [12/8/2009 3:01 PM 5832712]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/8/2009 3:00 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [12/8/2009 3:01 PM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [12/8/2009 3:01 PM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [12/8/2009 3:01 PM 25736]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/22/2005 5:06 PM 231424]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/8/2009 3:00 PM 30104]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2/8/2009 1:26 PM 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2/8/2009 1:26 PM 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2/8/2009 1:26 PM 23680]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [12/2/2009 1:26 PM 77312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://twitter.com/homemSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/def ... earch.htmluInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {9D2B88F7-1287-446D-B936-69056593F881} = 65.32.5.111,65.32.5.112
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} -
hxxp://utilities.pcpitstop.com/Extermin ... iVirus.dllDPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} -
hxxp://rms2.invokesolutions.com/events/ ... MILive.cabDPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-12-24 11:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????2?3?3?8??????? ???B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1072)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3788)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_eng-us.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Protexis\License Service\PSIService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2009-12-24 11:17:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-24 16:17
Pre-Run: 40,922,836,992 bytes free
Post-Run: 40,883,228,672 bytes free
- - End Of File - - 73EF4A5C5D826B13ECB386380CCAB9B8
Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/24/2009 11:53:56 AM
mbam-log-2009-12-24 (11-53-56).txt
Scan type: Quick Scan
Objects scanned: 121872
Time elapsed: 9 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\jas\Local Settings\Application Data\esentsttools (Adware.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\Documents and Settings\jas\Local Settings\Application Data\esentsttools\esentsttools.dll (Adware.Agent) -> Quarantined and deleted successfully.
Thank you!