Hi Dakeyras.
CPU is performing the same now regarding websites and trying to update Avast and register it.... Still unable.
A new thing though is when I start up, the My Documents Folder opens automatically. Not sure if this is of any consequence but it new as of yesterday.
Here is the ComboFix Log:-
ComboFix 11-04-13.04 - Matt 14/08/2011 16:51:42.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.543 [GMT 10:00]
Running from: c:\documents and settings\Matt\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Matt\Application Data\PriceGong
c:\documents and settings\Matt\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Matt\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Matt\WINDOWS
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-14 to 2011-08-14 )))))))))))))))))))))))))))))))
.
.
2011-08-11 07:14 . 2011-08-11 07:14 -------- d-----w- c:\program files\ESET
2011-08-09 00:17 . 2011-08-09 00:17 -------- d-----w- c:\windows\system32\LogFiles
2011-08-08 22:20 . 2011-03-12 14:29 4096 --sh--w- c:\windows\system32\wsrntfy.exe
2011-08-07 20:50 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-07 20:50 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-07 20:50 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-07 20:50 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-07 20:50 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-07 20:50 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-08-07 20:50 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-08-07 20:50 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-08-07 20:49 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-08-07 20:49 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-07 20:49 . 2011-08-07 20:49 -------- d-----w- c:\program files\AVAST Software
2011-08-07 20:49 . 2011-08-07 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-08-05 06:40 . 2011-08-05 06:40 -------- d-----w- C:\_OTL
2011-08-05 06:34 . 2011-08-05 06:35 -------- d-----w- c:\program files\ERUNT
2011-07-31 13:20 . 2011-07-31 13:20 388096 ----a-r- c:\documents and settings\Matt\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-31 13:20 . 2011-07-31 13:20 -------- d-----w- c:\program files\Trend Micro
2011-07-31 00:40 . 2011-07-31 00:40 -------- d-----w- c:\documents and settings\Matt\Application Data\Malwarebytes
2011-07-31 00:40 . 2010-12-20 08:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-31 00:40 . 2011-07-31 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-31 00:40 . 2011-07-31 00:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-31 00:40 . 2010-12-20 08:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-12 14:29 4096 --sh--w- c:\windows\system32\wsrntfy.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-31_13.01.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-03-06 18:27 . 2010-12-27 00:22 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-11 07:07 . 2011-08-11 18:05 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-03-06 18:27 . 2011-08-11 18:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-03-06 18:27 . 2010-12-27 00:22 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-08-08 22:20 . 2011-08-11 18:05 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-03-06 18:27 . 2010-12-27 00:22 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-08-05 21:22 . 2011-08-05 21:22 335872 c:\windows\ERDNT\mru-backup\Users\00000002\UsrClass.dat
+ 2011-08-05 21:22 . 2005-10-20 02:02 163328 c:\windows\ERDNT\mru-backup\ERDNT.EXE
+ 2011-08-05 06:36 . 2011-08-05 06:36 335872 c:\windows\ERDNT\5-08-2011\Users\00000002\UsrClass.dat
+ 2011-08-05 06:36 . 2005-10-20 02:02 163328 c:\windows\ERDNT\5-08-2011\ERDNT.EXE
+ 2011-07-31 13:20 . 2011-07-31 13:20 1094656 c:\windows\Installer\13d613.msi
+ 2011-08-05 21:22 . 2011-08-05 21:22 3985408 c:\windows\ERDNT\mru-backup\Users\00000001\NTUSER.DAT
+ 2011-08-05 06:36 . 2011-08-05 06:36 3985408 c:\windows\ERDNT\5-08-2011\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"wsrntfy.exe"="c:\windows\system32\wsrntfy.exe" [2011-03-12 4096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 88203]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 352256]
"TDispVol"="TDispVol.exe" [2005-03-11 73728]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-01 7557120]
"nwiz"="nwiz.exe" [2006-05-01 1519616]
"NVRotateSysTray"="c:\windows\system32\nvsysrot.dll" [2006-05-01 49152]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-05-05 30208]
"TPSMain"="TPSMain.exe" [2005-05-31 282624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-12-27 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
c:\documents and settings\Matt\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-2-3 1753088]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-3-7 155648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-05-05 07:48 40448 ----a-w- c:\windows\system32\psqlpwd.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [8/08/2011 6:50 AM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/08/2011 6:50 AM 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/08/2011 6:50 AM 19544]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [5/05/2006 6:00 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [5/05/2006 5:59 PM 33024]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [5/05/2006 5:33 PM 3456]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/12/2010 1:48 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 03:48]
.
2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-27 03:48]
.
2011-08-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2694680138-3666285163-3887726610-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 12:09]
.
2011-08-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2694680138-3666285163-3887726610-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 12:09]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-08-14 16:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\crypto.dll
.
Completion time: 2011-08-14 17:01:05
ComboFix-quarantined-files.txt 2011-08-14 07:01
ComboFix2.txt 2011-07-31 13:07
.
Pre-Run: 18,785,947,648 bytes free
Post-Run: 18,777,735,168 bytes free
.
- - End Of File - - 928901F5B8EC4A44838A25E21060420C