ComboFix 13-08-02.03 - SuperUser 08/03/2013 9:26.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1408 [GMT -7:00] Running from: c:\documents and settings\SuperUser\My Documents\Downloads\ComboFix.exe AV: AVG Internet Security 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Internet Security 2013 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\SuperUser\Application Data\PriceGong c:\documents and settings\SuperUser\Application Data\PriceGong\Data\1.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\27472.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\a.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\b.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\c.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\d.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\e.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\f.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\g.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\h.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\i.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\j.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\k.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\l.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\m.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\n.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\o.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\p.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\q.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\r.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\s.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\t.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\u.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\v.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\w.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\wlu.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\x.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\y.txt c:\documents and settings\SuperUser\Application Data\PriceGong\Data\z.txt c:\documents and settings\TREVOR\Application Data\PriceGong c:\documents and settings\TREVOR\Application Data\PriceGong\Data\1.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\a.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\b.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\c.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\d.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\e.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\f.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\g.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\h.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\i.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\j.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\k.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\l.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\m.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\n.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\o.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\p.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\q.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\r.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\s.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\t.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\u.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\v.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\w.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\wlu.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\x.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\y.txt c:\documents and settings\TREVOR\Application Data\PriceGong\Data\z.txt c:\program files\Incredibar.com c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\inCRedibar.dll c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe c:\windows\system32\Cache c:\windows\system32\Cache\075884af680ff6dc.fb c:\windows\system32\Cache\227113dfa1ca894d.fb c:\windows\system32\Cache\49fbbc5a8678d502.fb c:\windows\system32\Cache\5c54eb1a1655b076.fb c:\windows\system32\Cache\613e8ce7ab7106af.fb c:\windows\system32\Cache\633a76311867bd11.fb c:\windows\system32\Cache\691f14230153a9e1.fb c:\windows\system32\Cache\6cb409d7ac73d9f1.fb c:\windows\system32\Cache\7614bd6cfa99e546.fb c:\windows\system32\Cache\77664b6ccc36be9f.fb c:\windows\system32\Cache\881b3593316772f0.fb c:\windows\system32\Cache\98657d0579ae1930.fb c:\windows\system32\Cache\c3eab0b9fa674f7c.fb c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb c:\windows\system32\Cache\d9ca663388d21ec0.fb c:\windows\system32\Cache\f2cda51fd108941f.fb c:\windows\system32\Cache\f34d8db84131d925.fb . . ((((((((((((((((((((((((( Files Created from 2013-07-03 to 2013-08-03 ))))))))))))))))))))))))))))))) . . 2013-08-03 11:47 . 2013-08-02 14:06 194944 ----a-w- c:\program files\2pres.dll 2013-08-03 11:47 . 2013-08-02 14:06 712264 ----a-w- c:\program files\2pUninstall Coupon Alert.dll 2013-08-02 14:38 . 2013-08-02 14:38 -------- d-----w- c:\program files\AVG SafeGuard toolbar 2013-08-02 13:15 . 2013-08-02 13:19 -------- d-----w- c:\program files\Norton PC Checkup 3.0 2013-08-02 01:04 . 2012-05-25 20:14 42864 ----a-w- c:\windows\system32\sbbd.exe 2013-08-02 01:04 . 2012-05-25 20:14 101112 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2013-08-02 01:02 . 2013-08-02 03:20 -------- d-----w- C:\VIPRERESCUE 2013-08-01 23:27 . 2013-08-02 17:24 -------- d-----w- c:\windows\system32\NtmsData 2013-08-01 13:19 . 2013-08-01 13:19 -------- d-----w- c:\program files\Common Files\Windows Live 2013-08-01 12:52 . 2013-08-01 12:57 -------- d-----w- c:\windows\system32\MRT 2013-08-01 11:33 . 2013-08-01 12:02 -------- d-----w- c:\documents and settings\SuperUser\Application Data\Systweak 2013-08-01 11:33 . 2013-06-20 00:27 18776 ----a-w- c:\windows\system32\roboot.exe 2013-07-31 20:03 . 2013-08-02 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2013-07-31 19:28 . 2013-07-31 19:28 -------- d-----w- c:\program files\Microsoft.NET 2013-07-31 18:16 . 2013-08-03 16:00 -------- d-----w- c:\program files\Safe Saver 2013-07-31 16:06 . 2013-07-31 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB 2013-07-31 16:06 . 2013-07-31 16:06 -------- d-----w- c:\documents and settings\SuperUser\Local Settings\Application Data\PC_Drivers_Headquarters 2013-07-31 16:04 . 2013-07-31 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Tool 2013-07-31 16:03 . 2013-08-02 13:14 -------- d-----w- c:\documents and settings\SuperUser\Application Data\PCCUStubInstaller 2013-07-31 15:52 . 2013-07-31 15:52 -------- d-----w- c:\program files\Driver Tool 2013-07-30 03:17 . 2013-08-01 00:49 -------- d-----w- c:\program files\JustCloud 2013-07-30 01:53 . 2013-07-30 01:53 -------- d-----w- c:\program files\Common Files\xing shared 2013-07-30 01:47 . 2013-07-30 01:53 -------- d-----w- c:\program files\Real 2013-07-30 00:59 . 2013-07-30 01:15 -------- d-----w- c:\documents and settings\SuperUser\Local Settings\Application Data\Google 2013-07-30 00:46 . 2013-07-30 00:46 -------- d-----w- c:\documents and settings\SuperUser\Application Data\Immunet 2013-07-29 23:20 . 2013-07-30 03:20 -------- d-----w- c:\documents and settings\SuperUser\SyncFolder 2013-07-29 23:14 . 2013-08-01 21:21 -------- d-----w- c:\program files\MyPC Backup 2013-07-28 00:04 . 2013-07-28 00:04 -------- d-----w- c:\program files\HP Photo Creations 2013-07-28 00:04 . 2013-07-28 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations 2013-07-28 00:04 . 2013-07-28 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Visan 2013-07-26 12:09 . 2013-07-26 12:09 -------- d-----w- c:\program files\Enigma Software Group 2013-07-26 12:07 . 2013-08-01 01:33 -------- d-----w- c:\windows\027B5748C40941FE949B7B81A8304EF4.TMP 2013-07-26 12:07 . 2013-07-26 12:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2013-07-25 12:21 . 2013-07-25 12:21 -------- d-----w- c:\documents and settings\SuperUser\Application Data\SpeedyPC Software 2013-07-25 12:20 . 2013-07-25 13:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software 2013-07-25 11:11 . 2013-07-25 11:11 -------- d-----w- c:\program files\ParetoLogic 2013-07-23 14:09 . 2013-07-23 14:09 -------- d-----w- c:\program files\MSXML 4.0 2013-07-23 01:19 . 2013-07-23 02:06 -------- d-----w- c:\documents and settings\SuperUser\Application Data\AVG 2013-07-22 23:32 . 2013-07-23 07:20 -------- d-----w- c:\documents and settings\TREVOR\Local Settings\Application Data\AVG SafeGuard toolbar 2013-07-22 23:31 . 2013-07-22 23:31 -------- d-----w- c:\documents and settings\TREVOR\Application Data\AVG SafeGuard toolbar 2013-07-22 23:31 . 2013-07-22 23:31 -------- d-----w- c:\documents and settings\TREVOR\Application Data\AVG2013 2013-07-22 23:30 . 2013-07-22 23:30 -------- d-----w- c:\documents and settings\TREVOR\Local Settings\Application Data\Avg2013 2013-07-22 12:19 . 2013-07-22 12:19 -------- d-----w- c:\documents and settings\SuperUser\Application Data\DriverCure 2013-07-22 12:19 . 2013-07-22 12:19 -------- d-----w- c:\documents and settings\SuperUser\Application Data\ParetoLogic 2013-07-22 12:18 . 2013-07-25 12:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2013-07-22 11:04 . 2013-07-22 11:04 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2013 2013-07-22 11:03 . 2013-07-22 11:03 -------- d-----w- c:\documents and settings\SuperUser\Local Settings\Application Data\AVG SafeGuard toolbar 2013-07-22 11:03 . 2013-07-22 11:03 -------- d-----w- c:\documents and settings\SuperUser\Application Data\TuneUp Software 2013-07-22 11:03 . 2013-07-22 11:03 -------- d-----w- c:\documents and settings\SuperUser\Application Data\AVG SafeGuard toolbar 2013-07-22 11:03 . 2013-07-29 15:47 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2013-07-22 11:03 . 2013-07-22 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar 2013-07-22 11:03 . 2013-07-22 11:03 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2013-07-22 11:00 . 2013-07-22 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013 2013-07-22 11:00 . 2013-07-22 11:00 -------- d-----w- C:\$AVG 2013-07-22 10:58 . 2013-08-02 12:59 -------- d-----w- c:\program files\AVG 2013-07-22 10:54 . 2013-07-22 10:54 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files 2013-07-22 10:54 . 2013-08-03 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData 2013-07-22 10:54 . 2013-08-03 10:22 -------- d-----w- c:\documents and settings\SuperUser\Local Settings\Application Data\Avg2013 2013-07-22 10:54 . 2013-07-22 10:54 -------- d-----w- c:\documents and settings\SuperUser\Local Settings\Application Data\MFAData 2013-07-22 10:33 . 2013-07-22 10:33 -------- d-----w- c:\documents and settings\SuperUser\Application Data\Incredibar.com 2013-07-22 10:17 . 2013-07-22 10:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Download Manager 2013-07-22 06:05 . 2013-07-22 08:48 -------- d-----w- c:\program files\Ascentive 2013-07-22 05:59 . 2013-07-22 05:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2013-07-22 04:29 . 2013-07-22 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2013-07-22 02:25 . 2013-07-22 07:49 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-07-22 02:25 . 2013-07-22 02:25 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer 2013-07-22 02:24 . 2013-07-22 02:24 -------- d-----w- c:\program files\Bonjour 2013-07-22 02:22 . 2013-07-22 07:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2013-07-16 10:07 . 2013-07-16 10:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\HP . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-02 12:06 . 2012-04-16 22:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-08-02 12:06 . 2012-04-16 22:37 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-24 23:25 . 2012-03-23 10:08 73728 ----a-w- c:\windows\ALCFDRTM.VER 2013-06-08 06:55 . 2004-08-10 12:00 385024 ------w- c:\windows\system32\html.iec 2013-06-07 21:56 . 2004-08-10 12:00 920064 ----a-w- c:\windows\system32\wininet.dll 2013-06-07 21:56 . 2004-08-10 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2013-06-07 21:56 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2013-06-04 07:23 . 2004-08-10 12:00 562688 ----a-w- c:\windows\system32\qedit.dll 2013-06-04 01:40 . 2004-08-10 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys 2013-05-29 08:25 . 2013-05-29 08:25 82432 ----a-w- c:\windows\system32\msxml4r.dll 2013-05-29 08:25 . 2013-05-29 08:25 44544 ----a-w- c:\windows\system32\msxml4a.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\documents and settings\SuperUser\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-09-02 138096] "Driver Tool"="c:\program files\Driver Tool\Driver Tool\DriverTool.exe" [2013-07-22 3980656] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "SoundMan"="SOUNDMAN.EXE" [2005-04-07 90112] "AlcWzrd"="ALCWZRD.EXE" [2005-04-07 2805248] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-03 98304] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-03 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-03 118784] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "MyFunCards Search Scope Monitor"="c:\progra~1\MYFUNC~2\bar\1.bin\5msrchmn.exe" [2012-05-14 42552] "MyFunCards_5m Browser Plugin Loader"="c:\progra~1\MYFUNC~2\bar\1.bin\5mbrmon.exe" [2012-05-14 30096] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720] "AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384] "vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-08-02 2285232] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . c:\documents and settings\SuperUser\Start Menu\Programs\Startup\ MyPC Backup.lnk - c:\program files\MyPC Backup\MyPC Backup.exe [2013-7-1 1945128] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Documents and Settings\\SuperUser\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"= "c:\\WINDOWS\\system32\\ARFC\\wrtc.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"= . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [10/15/2012 3:48 AM 55776] R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [9/21/2012 3:46 AM 177376] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/14/2012 3:05 AM 35552] R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [10/22/2012 1:02 PM 179936] R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/21/2012 3:45 AM 19936] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [10/2/2012 3:30 AM 159712] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/21/2012 3:46 AM 164832] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [7/22/2013 4:03 AM 37664] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [8/1/2013 6:04 PM 101112] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [10/22/2012 1:05 PM 196664] R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\MyPC Backup\BackupStack.exe [7/1/2013 10:55 AM 32808] R2 IB Updater;IB Updater;c:\program files\IB Updater\ExtensionUpdaterService.exe [11/4/2012 4:44 PM 188760] R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [8/2/2013 6:19 AM 132056] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [4/16/2013 3:07 AM 39056] R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [7/29/2013 8:47 AM 1616048] R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [3/23/2012 3:14 AM 1714176] R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944] R3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S2 avgfws;AVG Firewall;c:\program files\AVG\AVG2013\avgfws.exe [12/10/2012 11:11 AM 1342024] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [11/15/2012 11:34 PM 5814904] S2 MyFunCards_5mService;MyFunCardsService;c:\progra~1\MYFUNC~2\bar\1.bin\5mbarsvc.exe [5/13/2012 5:42 PM 42528] S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/12/2012 7:52 PM 30944] S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?] . Contents of the 'Scheduled Tasks' folder . 2013-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 12:06] . 2013-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57] . 2013-08-02 c:\windows\Tasks\At1.job - c:\program files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-19 00:58] . 2013-08-03 c:\windows\Tasks\At2.job - c:\program files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-19 00:58] . 2013-08-02 c:\windows\Tasks\At3.job - c:\program files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-19 00:58] . 2013-08-02 c:\windows\Tasks\At4.job - c:\program files\HP\HP Officejet 4620 series\Bin\HPCustPartic.exe [2011-12-19 00:58] . 2013-07-31 c:\windows\Tasks\Driver Tool-RTMRules.job - c:\program files\Driver Tool\Driver Tool\DriverTool.exe [2013-07-22 15:49] . 2013-07-31 c:\windows\Tasks\Driver Tool-RTMScan.job - c:\program files\Driver Tool\Driver Tool\DriverTool.exe [2013-07-22 15:49] . 2013-07-31 c:\windows\Tasks\Driver Tool-RTMUpdater.job - c:\program files\Driver Tool\Driver Tool\DriverTool.exe [2013-07-22 15:49] . 2013-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1085031214-527237240-682003330-1003Core.job - c:\documents and settings\SuperUser\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-09-02 01:59] . 2013-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1085031214-527237240-682003330-1003UA.job - c:\documents and settings\SuperUser\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-09-02 01:59] . 2013-08-02 c:\windows\Tasks\PC Checkup 3 Weekly Scan.job - c:\program files\Norton PC Checkup 3.0\NLAppLauncher.exe [2013-08-02 20:44] . 2013-08-03 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1085031214-527237240-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 19:45] . 2013-08-03 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1085031214-527237240-682003330-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 19:45] . 2013-08-03 c:\windows\Tasks\RegCure Pro.job - c:\program files\ParetoLogic\RegCure Pro\RegCurePro.exe [2013-06-11 23:50] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll FF - ProfilePath - c:\documents and settings\SuperUser\Application Data\Mozilla\Firefox\Profiles\qoxpyhtf.default-1375402388921\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={9AFEEC1B-9AB8-4F9C-8C9F-8201E8CCC8FD}&mid=741f111a24c747d3acd3d1589e300f4a-e9c96cc6f7aa219ee07b87199a7d6de3bd0067fc&lang=en&ds=AVG&pr=pr&d=2013-08-02 07:38&v=15.4.0.5&pid=safeguard&sg=0&sap=hp FF - prefs.js: keyword.enabled - false FF - ExtSQL: 2013-08-02 07:38; avg@toolbar; c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\15.4.0.5 . - - - - ORPHANS REMOVED - - - - . BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) MSConfigStartUp-CTFMON - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-08-03 09:32 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2013-08-03 09:34:26 ComboFix-quarantined-files.txt 2013-08-03 16:34 . Pre-Run: 15,655,911,424 bytes free Post-Run: 16,816,963,584 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - B2A96663E7F44DB33FE97ECF75818BD7 8F558EB6672622401DA993E1E865C861