Here is the log. It fixed a few things, and I have no more problems, but there may be something
that the combofix contains, but couldn't fix.
ComboFix 13-05-01.03 - Tiffany 05/02/2013 11:14:50.1.2 - x86
Microsoft Windows XP Professional [GMT -4:00]
Running from: c:\documents and settings\Tiffany\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Cache
c:\windows\system32\SET5A.tmp
c:\windows\system32\SET5E.tmp
c:\windows\system32\SET66.tmp
c:\windows\system32\SET6F.tmp
c:\windows\system32\SET71.tmp
c:\windows\system32\SET74.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-02 to 2013-05-02 )))))))))))))))))))))))))))))))
.
.
2013-05-01 03:13 . 2013-05-01 03:13 -------- d-----w- C:\JRT
2013-04-28 20:51 . 2013-05-01 13:19 -------- d-----w- C:\Jts
2013-04-28 19:46 . 2013-04-28 19:46 -------- d-----w- C:\Genesis
2013-04-27 21:36 . 2013-04-27 21:37 -------- d-----w- C:\71a4ed12c6783bd016e5
2013-04-27 14:23 . 2013-04-27 14:23 -------- d-----w- C:\$AVG
2013-04-27 13:46 . 2013-04-27 13:46 -------- d-----w- C:\NVIDIA
2013-04-27 07:11 . 2013-04-27 07:12 -------- d-----w- C:\Inetpub
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-08 08:36 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2006-02-28 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2006-02-28 12:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-03-01 17:32 . 2013-03-01 17:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-02-27 06:40 . 2013-02-27 06:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-02-14 10:52 . 2013-02-14 10:52 182072 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-02-12 00:32 . 2006-02-28 12:00 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-08 11:37 . 2013-02-08 11:37 96568 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-02-08 11:37 . 2013-02-08 11:37 245048 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-02-08 11:37 . 2013-02-08 11:37 60216 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-02-08 11:37 . 2013-02-08 11:37 170808 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-02-08 11:37 . 2013-02-08 11:37 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-04-10 06:58 . 2013-04-27 08:03 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="NvMCTray.dll" [2013-01-31 108832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-01-31 15517472]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-03-14 4394032]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AdFender.lnk - c:\program files\AdFender\AdFender.exe [2012-6-20 2772112]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CodecPackUpdateChecker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk
backup=c:\windows\pss\CodecPackUpdateChecker.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VTAgentReboot.exe]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VTAgentReboot.exe
backup=c:\windows\pss\VTAgentReboot.exeCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
2006-08-03 00:17 9134080 ----a-w- c:\program files\Intel Audio Studio\IntelAudioStudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsmqIntCert]
2008-04-14 12:41 177152 ----a-w- c:\windows\system32\mqrt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2013-01-31 09:02 15517472 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2013-01-31 11:22 1982312 ----a-w- c:\program files\NVIDIA Corporation\nview\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-03-12 11:32 253816 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-04-28 00:37 295512 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Antivirus"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Marvell\\61xx\\Apache2\\bin\\Apache.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Joshua\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AdFender\\AdFender.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 7:37 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 7:37 AM 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2/8/2013 7:37 AM 39224]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [8/30/2006 3:43 AM 70784]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2/27/2013 2:40 AM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 1:32 PM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 7:37 AM 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/14/2013 6:52 AM 182072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [2/19/2013 7:02 AM 282624]
R2 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\61xx\svc\mvraidsvc.exe [8/9/2006 11:46 PM 114688]
R2 MRUWebService;MRU Web Service;c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [4/29/2006 5:47 AM 20541]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [3/6/2013 5:21 AM 39056]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [4/29/2013 10:41 AM 45288]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [2/28/2013 2:42 AM 4937264]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [6/2/2011 1:08 PM 11336]
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-28 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-854245398-343818398-839522115-1003.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2013-03-06 09:23]
.
2013-05-02 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-854245398-343818398-839522115-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06 09:21]
.
2013-05-02 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-854245398-343818398-839522115-1003.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06 09:21]
.
2013-05-02 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-854245398-343818398-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 18:36]
.
2013-05-01 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-854245398-343818398-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-03-06 18:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\documents and settings\Joshua\Application Data\Mozilla\Firefox\Profiles\xav9wvmc.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - google.com
FF - ExtSQL: 2013-04-27 17:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SigmatelSysTrayApp - sttray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2013-05-02 11:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_ 7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-05-02 11:20:51
ComboFix-quarantined-files.txt 2013-05-02 15:20
.
Pre-Run: 433,530,941,440 bytes free
Post-Run: 435,804,614,656 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect