here's the combix log:
ComboFix 09-10-11.03 - nikki 10/13/2009 20:04.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1511 [GMT -5]
Running from: c:\documents and settings\nikki\My Documents\Downloads\svchost.exe.exe
Command switches used :: c:\documents and settings\nikki\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\27922022
c:\documents and settings\All Users\Application Data\seniyuro
c:\documents and settings\All Users\Application Data\seniyuro\seniyuro.exe
c:\documents and settings\All Users\Application Data\sufokiyu
c:\documents and settings\All Users\Application Data\sufokiyu\sufokiyu.dll
c:\documents and settings\All Users\Application Data\voladeti
c:\documents and settings\All Users\Application Data\voladeti\voladeti.exe
c:\documents and settings\All Users\Application Data\ziperame
.
((((((((((((((((((((((((( Files Created from 2009-09-14 to 2009-10-14 )))))))))))))))))))))))))))))))
.
2009-10-13 21:18 . 2009-10-13 21:18 -------- d-----w- c:\windows\LastGood
2009-10-10 23:16 . 2009-10-10 23:16 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-10 23:16 . 2009-10-12 22:39 -------- d-----w- c:\documents and settings\nikki\Application Data\skypePM
2009-10-10 23:15 . 2009-10-13 02:19 -------- d-----w- c:\documents and settings\nikki\Application Data\Skype
2009-10-10 23:14 . 2009-10-10 23:14 -------- d-----w- c:\program files\Common Files\Skype
2009-10-10 23:14 . 2009-10-10 23:14 -------- d-----r- c:\program files\Skype
2009-10-10 23:14 . 2009-10-10 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-03 16:38 . 2009-10-03 16:38 -------- d-----w- c:\program files\iPod
2009-10-03 16:38 . 2009-10-03 16:39 -------- d-----w- c:\program files\iTunes
2009-09-26 00:10 . 2009-09-26 00:10 -------- d-----w- c:\documents and settings\nikki\Application Data\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
2009-09-26 00:10 . 2009-09-26 00:10 -------- d-----w- c:\program files\ViiKiiDesktopPlugin
2009-09-26 00:10 . 2009-09-26 00:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-19 23:03 . 2009-10-12 04:19 14012 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-19 20:39 . 2009-09-19 20:39 -------- d-----w- c:\program files\Safari
2009-09-19 20:36 . 2009-09-19 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-19 20:33 . 2009-09-19 20:34 -------- d-----w- c:\program files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 04:19 . 2008-07-12 23:57 13664 ----a-w- c:\documents and settings\nikki\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-12 02:28 . 2009-04-25 01:08 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-12 02:27 . 2009-08-22 02:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-10 23:14 . 2008-08-30 16:46 -------- d-----w- c:\program files\Google
2009-10-04 00:34 . 2008-07-10 19:41 -------- d-----w- c:\documents and settings\nikki\Application Data\gtk-2.0
2009-10-03 16:38 . 2008-07-12 23:48 -------- d-----w- c:\program files\Common Files\Apple
2009-09-19 23:03 . 2008-07-12 23:52 -------- d-----w- c:\documents and settings\nikki\Application Data\Apple Computer
2009-09-07 22:56 . 2009-09-05 20:31 -------- d-----w- c:\documents and settings\nikki\Application Data\AVS4YOU
2009-09-07 22:56 . 2009-09-05 20:29 -------- d-----w- c:\program files\AVS4YOU
2009-09-05 20:31 . 2009-09-05 20:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-09-05 20:31 . 2009-09-05 20:30 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-08-31 01:01 . 2009-08-31 01:00 -------- d-----w- c:\documents and settings\nikki\Application Data\ICAClient
2009-08-29 00:42 . 2008-07-12 23:49 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42 . 2008-07-12 23:49 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-28 22:52 . 2009-08-28 22:52 -------- d-----w- c:\program files\THQICE
2009-08-23 23:58 . 2008-07-11 04:29 -------- d-----w- c:\documents and settings\Guest\Application Data\gtk-2.0
2009-08-22 02:22 . 2009-08-22 02:22 -------- d-----w- c:\documents and settings\nikki\Application Data\Malwarebytes
2009-08-22 02:22 . 2009-08-22 02:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-21 21:54 . 2009-08-06 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-20 23:16 . 2009-08-20 23:16 -------- d-----w- c:\program files\GIMP-2.0
2009-08-18 22:46 . 2009-08-18 22:44 -------- d-----w- c:\documents and settings\nikki\Application Data\AdobeUM
2009-08-16 23:13 . 2009-07-24 18:36 -------- d-----w- c:\program files\Tales of Pirates Online
2009-08-14 16:51 . 2009-08-14 16:51 12328 ----a-w- c:\documents and settings\admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 03:11 . 2009-08-06 03:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-06 03:11 . 2009-08-06 03:11 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-08-06 03:11 . 2009-08-06 03:11 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-06 03:11 . 2009-08-06 03:11 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-06 02:52 . 2009-08-06 02:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-06 02:50 . 2009-08-06 02:50 128 ----a-w- c:\documents and settings\nikki\Local Settings\Application Data\fusioncache.dat
2009-08-05 09:11 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 18:36 . 2009-08-22 02:22 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 18:36 . 2009-08-22 02:22 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-18 05:58 . 2009-07-18 05:58 4096 ----a-w- c:\windows\d3dx.dat
2009-07-17 18:55 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll
.
(((((((((((((((((((((((((((((
SnapShot@2009-10-12_20.26.27 )))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 00:56 . 2009-06-25 00:56 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2007-04-14 01:58 . 2007-04-14 01:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2007-04-14 02:30 . 2007-04-14 02:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
2009-10-14 01:01 . 2009-10-14 01:01 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_ce8c42a5\System.Drawing.Design.dll
2009-10-14 01:01 . 2009-10-14 01:01 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_5252f6e3\CustomMarshalers.dll
- 2007-04-14 01:58 . 2007-04-14 01:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 01:56 . 2007-04-14 01:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2007-04-14 02:30 . 2007-04-14 02:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
2009-10-14 01:01 . 2009-10-14 01:01 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_b5b4e99d\System.Drawing.dll
2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2007-04-14 02:35 . 2007-04-14 02:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2007-04-14 02:35 . 2007-04-14 02:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
2008-05-28 05:48 . 2008-05-28 05:48 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 01:57 . 2007-04-14 01:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
- 2007-04-14 01:50 . 2007-04-14 01:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
2009-10-14 01:00 . 2009-10-14 01:00 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_58fc7abe\System.dll
2009-10-14 01:01 . 2009-10-14 01:01 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_110447d4\System.Xml.dll
2009-10-14 01:01 . 2009-10-14 01:01 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_a72602ed\System.Windows.Forms.dll
2009-10-14 01:01 . 2009-10-14 01:01 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_443cbdf9\System.Design.dll
2009-10-14 01:01 . 2009-10-14 01:01 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_20ed9b4c\mscorlib.dll
- 2009-09-19 00:57 . 2009-09-19 00:57 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
2009-10-14 01:00 . 2009-10-14 01:00 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
2009-10-14 01:00 . 2009-10-14 01:00 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-09-19 00:57 . 2009-09-19 00:57 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
2009-10-14 01:01 . 2009-10-02 16:01 25198016 c:\windows\system32\MRT.exe
2009-08-11 02:08 . 2009-08-11 02:08 11315712 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp
2009-08-10 19:09 . 2009-08-10 19:09 17254912 c:\windows\Installer\ce56a7.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 843776]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-05-30 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-05-30 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-05-30 141848]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-06 149280]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-06 2023704]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
c:\documents and settings\nikki\Start Menu\Programs\Startup\
ViiKiiDesktopPlugin.lnk - c:\program files\ViiKiiDesktopPlugin\ViiKiiDesktopPlugin.exe [2009-9-25 95232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-06 03:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Linksys Wireless-G PCI Wireless Network Monitor\\WMP54Gv4.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\Microsoft\\Search Enhancement Pack\\SeaPort\\SeaPort.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:blizzard
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/5/2009 10:11 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/5/2009 10:11 PM 108552]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 5:25 PM 65536]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/5/2009 10:10 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/5/2009 10:10 PM 297752]
S2 gupdate1c90abffa25f956;Google Update Service (gupdate1c90abffa25f956);c:\program files\Google\Update\GoogleUpdate.exe [8/30/2008 11:46 AM 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-10-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-30 16:46]
2009-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-30 16:46]
2009-10-13 c:\windows\Tasks\User_Feed_Synchronization-{9387AF0C-9827-4C56-8418-C356C23D5B76}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.htmlDPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} -
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabFF - ProfilePath - c:\documents and settings\nikki\Application Data\Mozilla\Firefox\Profiles\es52l3bd.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL -
hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-13 20:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-10-14 20:12
ComboFix-quarantined-files.txt 2009-10-14 01:12
ComboFix2.txt 2009-10-13 21:19
ComboFix3.txt 2009-10-12 20:29
Pre-Run: 23,177,990,144 bytes free
Post-Run: 23,146,643,456 bytes free
235 --- E O F --- 2009-10-14 01:02
------------------------------------------------------------------------------------------------
THE MBAM LOGRegistry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 8
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\15465122\15465122.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\seniyuro\seniyuro.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\voladeti\voladeti.exe.vir (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\firugoti.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A0D1951-71BC-4D67-9DE1-F4CF525A2DED}\RP132\A0087317.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A0D1951-71BC-4D67-9DE1-F4CF525A2DED}\RP132\A0087321.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A0D1951-71BC-4D67-9DE1-F4CF525A2DED}\RP134\A0087545.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4A0D1951-71BC-4D67-9DE1-F4CF525A2DED}\RP134\A0087547.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
=======
Hello
well my computer is running pretty smooth now, no more pop ups, my display setting does not change anymore, the icons on the desktop are there and the security tool does not pop out anymore. is everything okay now? and can i enable my AVG Anti-virus?