Here are all my logs, thanks again!
ComboFix 09-05-17.08 - Administrator 05/18/2009 12:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1604 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: AVG Internet Security 3-pack *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\bitipote.dll
c:\windows\system32\tmp.reg
.
((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.
2009-05-14 01:51 . 2009-05-14 01:51 -------- d-----w c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-05-07 02:44 . 2009-05-07 02:44 48 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-07 02:43 . 2009-05-09 02:49 -------- d-----w c:\documents and settings\Administrator\Application Data\skypePM
2009-05-07 02:40 . 2009-05-09 03:12 -------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2009-05-07 02:39 . 2009-05-07 02:39 -------- d-----w c:\program files\Common Files\Skype
2009-05-07 02:39 . 2009-05-07 02:39 -------- d-----r c:\program files\Skype
2009-05-07 02:39 . 2009-05-07 02:39 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-04-30 01:22 . 2009-04-30 01:22 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2009-04-30 01:22 . 2009-04-30 01:22 -------- d-----w c:\program files\Opera
2009-04-28 00:42 . 2009-05-10 21:05 -------- d--h--w C:\$AVG8.VAULT$
2009-04-27 04:03 . 2009-04-27 04:03 -------- d-sh--w c:\documents and settings\Administrator\Local Settings\Application Data\.#
2009-04-27 02:23 . 2009-04-27 02:23 -------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-04-27 02:23 . 2009-04-27 02:23 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-27 02:23 . 2009-04-27 02:23 12552 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2009-04-27 02:23 . 2009-04-27 02:23 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-27 02:23 . 2009-04-27 02:23 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-27 02:23 . 2009-05-18 16:29 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-27 02:23 . 2009-04-28 02:16 -------- d-----w c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-04-27 01:55 . 2009-04-27 02:21 29208 ----a-w c:\windows\system32\drivers\avgfwdx.sys
2009-04-27 01:55 . 2009-04-27 02:21 50968 ----a-w c:\windows\system32\avgfwdx.dll
2009-04-23 13:35 . 2009-04-27 01:12 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-04-23 13:25 . 2009-04-23 13:25 -------- d-----w C:\VundoFix Backups
2009-04-23 00:10 . 2009-04-23 00:10 -------- d-----w c:\windows\F07AE5AB516C4CEBA0AAAD083B9182C6.TMP
2009-04-22 23:44 . 2009-04-23 13:17 -------- d-----w c:\program files\VideoLAN
2009-04-22 23:29 . 2009-04-22 23:29 -------- d-----w c:\program files\Haali
2009-04-21 18:28 . 2009-04-21 18:29 -------- d-----w c:\program files\BurnAware Free
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 04:22 . 2009-02-09 01:51 -------- d-----w c:\program files\Starcraft
2009-05-17 03:21 . 2009-02-09 01:52 34602 ----a-w c:\windows\scunin.dat
2009-05-17 03:21 . 2009-02-09 01:52 967 ----a-w c:\windows\ScUnin.pif
2009-05-17 03:21 . 2009-02-09 01:52 94208 ----a-w c:\windows\ScUnin.exe
2009-05-17 01:03 . 2008-01-29 01:08 -------- d-----w c:\program files\Steam
2009-05-07 15:42 . 2009-01-29 00:55 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-27 00:39 . 2009-04-10 04:57 -------- d-----w c:\program files\Burn4Free Toolbar
2009-04-27 00:37 . 2009-04-14 21:57 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-27 00:37 . 2008-02-01 22:13 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-27 00:36 . 2009-02-16 22:43 -------- d-----w c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-04-24 04:21 . 2009-04-24 04:20 14082048 ---ha-w c:\documents and settings\Administrator\ntuser.tmp
2009-04-24 03:08 . 2008-11-23 16:39 -------- d-----w c:\program files\PokerStars
2009-04-21 18:29 . 2008-10-22 00:08 21072 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-13 21:35 . 2008-12-23 06:10 -------- d-----w c:\program files\Warcraft III
2009-04-06 20:32 . 2009-01-29 00:55 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 20:32 . 2009-01-29 00:55 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-02 23:31 . 2009-04-02 12:09 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-02 14:59 . 2009-04-02 14:59 -------- d-----w c:\program files\MSXML 4.0
2009-04-02 14:41 . 2009-04-02 14:41 -------- d-----w c:\program files\AVG
2009-04-02 14:05 . 2008-01-29 01:10 -------- d-----w c:\program files\Guild Wars
2009-04-02 13:59 . 2009-04-02 05:03 -------- d-----w c:\program files\McAfee
2009-04-02 06:21 . 2009-04-02 06:21 -------- d-----w c:\program files\MultiScreen
2009-04-02 06:21 . 2008-01-29 00:16 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-02 06:15 . 2009-04-02 06:15 -------- d-----w c:\program files\SEC
2009-04-02 05:03 . 2009-04-02 05:03 -------- d-----w c:\program files\Common Files\Cisco Systems
2009-03-31 01:59 . 2009-03-31 00:36 -------- d-----w c:\program files\Microsoft ActiveSync
2009-03-27 13:22 . 2009-03-12 01:22 -------- d-----w c:\program files\IZArc
2009-03-27 12:42 . 2009-03-27 12:42 -------- d-----w c:\program files\WinSCP
2009-03-16 05:09 . 2008-10-31 16:39 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-03-16 05:09 . 2008-10-22 00:09 1748 ----a-w c:\windows\system32\d3d8caps.dat
2009-03-06 14:22 . 2002-08-29 03:41 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-26 17:46 . 2009-02-26 17:46 74760 ----a-w c:\windows\system32\drivers\UniversalDD.sys
2009-02-26 17:46 . 2009-02-26 17:46 25608 ----a-w c:\windows\system32\drivers\AVGIDSErHr.sys
2009-02-20 08:10 . 2002-08-29 03:41 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2009-04-02 14:30 81920 ------w c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-13 133104]
"Windows Security Update"="c:\documents and settings\Administrator\My Documents\Backups\Windows\Windows_security_backup files\Windows_security_update_3475_36_d.exe" [2009-04-10 426713]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2006-05-25 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2006-05-25 126976]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-08-12 86016]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-12 7630848]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-27 1947928]
"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-02-26 1579528]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-12 1519616]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NCProTray.lnk - c:\program files\SEC\Natural Color Pro\NCProTray.exe [2009-4-2 49220]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-27 02:23 11952 ----a-w c:\windows\system32\avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= DrvTrNTm.dll
"mixer"= DrvTrNTm.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"FileZilla Server"=3 (0x3)
"Messenger"=2 (0x2)
"NMSAccessU"=2 (0x2)
"ThreatFire"=3 (0x3)
"sdCoreService"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\mapas001\\counter-strike\\hl.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2/26/2009 12:46 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [4/26/2009 9:23 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/26/2009 9:23 PM 325896]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/26/2009 9:23 PM 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [4/26/2009 9:22 PM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/26/2009 9:22 PM 298776]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [4/26/2009 9:22 PM 1366904]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [2/26/2009 12:46 PM 563720]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/28/2009 7:55 PM 179856]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [4/26/2009 8:55 PM 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [2/26/2009 12:46 PM 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [2/26/2009 12:46 PM 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [2/26/2009 12:46 PM 27232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/28/2009 7:55 PM 15504]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [1/14/2009 3:34 PM 120472]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [2/26/2009 12:46 PM 5576712]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [4/26/2009 8:55 PM 29208]
S3 pctplsg;pctplsg;\??\c:\windows\system32\drivers\pctplsg.sys --> c:\windows\system32\drivers\pctplsg.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1606980848-682003330-500.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-13 00:33]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
TCP: {C5D0385D-1B08-4F93-BFA6-73E93762C25B} = 192.168.0.1
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5nw0u927.default\
FF - prefs.js: browser.startup.homepage -
hxxp://mail.google.com/mail/?account_id ... .com#inboxFF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-18 12:19
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-789336058-1606980848-682003330-500\Software\SecuROM\License information*]
"datasecu"=hex:39,4a,ea,d6,0a,a8,12,93,9f,a4,9a,46,24,11,5d,a8,ed,d5,90,11,5c,
38,fa,01,f0,dc,be,e6,88,78,0f,c3,59,98,32,8f,8d,90,f0,eb,05,d9,22,0e,a8,c4,\
"rkeysecu"=hex:12,54,3c,6a,5e,78,f6,06,6a,f5,db,83,b0,2e,52,fb
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-18 12:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-18 17:23
Pre-Run: 7,128,768,512 bytes free
Post-Run: 7,520,555,008 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noguiboot /NoExecute=OptIn
219 --- E O F --- 2009-05-13 17:46
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:27:06 PM, on 5/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Administrator\My Documents\Backups\Windows\Windows_security_backup files\Windows_security_update_3475_36_d.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Windows Security Update] C:\Documents and Settings\Administrator\My Documents\Backups\Windows\Windows_security_backup files\Windows_security_update_3475_36_d.exe
O4 - Global Startup: NCProTray.lnk = ?
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 4408092250O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 4412566890O17 - HKLM\System\CCS\Services\Tcpip\..\{C5D0385D-1B08-4F93-BFA6-73E93762C25B}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
--
End of file - 6358 bytes
GooredFix v1.92 by jpshortstuff
Log created at 12:24 on 18/05/2009 running Option #1 (Administrator)
Firefox version 3.0.10 (en-US)
=====Suspect Goored Entries=====
C:\Program Files\Mozilla Firefox\extensions\{F1D5AEEA-75CA-471C-846E-AE39991F15C1}
=====Dumping Registry Values=====
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{1d5287d1-8a92-0001-1f31-1cec198018d8}"="C:\Program Files\AVG\AVG8\ToolbarFF"
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox"