[Closed] Installing AV after Combofix scan

[Katyjane]

Hi there,

Broni has been helping me with removal of infection. I was away for a week and so the thread has been closed.

In the meantime I have followed last instruction and run Combofix after uninstalling AVG free 2012 using AppRemover.

Now that Combofix has run, can I reinstall an AV program? Any particular recommended (free ones?).

I'm not after next steps - will wait for thread to be reopened, but I just need to work out the AV as I need to use my computer in the meantime and don't want to be unprotected.

Please advise.

Oh - Combofix log just in case that info is needed to answer this question:
ComboFix 12-01-30.01 - default User 01/30/2012 19:38:15.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.691 [GMT 11:00]
Running from: c:\documents and settings\default User.YOUR-X8YTBSNBLG\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\assembly\tmp
c:\program files\XviD-1.2.1-04122008.exe
c:\windows\$NtUninstallKB29959$
c:\windows\$NtUninstallKB29959$\282093015\@
c:\windows\$NtUninstallKB29959$\282093015\bckfg.tmp
c:\windows\$NtUninstallKB29959$\282093015\cfg.ini
c:\windows\$NtUninstallKB29959$\282093015\Desktop.ini
c:\windows\$NtUninstallKB29959$\282093015\keywords
c:\windows\$NtUninstallKB29959$\282093015\kwrd.dll
c:\windows\$NtUninstallKB29959$\282093015\L\ixnfowmi
c:\windows\$NtUninstallKB29959$\282093015\U\00000001.@
c:\windows\$NtUninstallKB29959$\282093015\U\00000002.@
c:\windows\$NtUninstallKB29959$\282093015\U\00000004.@
c:\windows\$NtUninstallKB29959$\282093015\U\80000000.@
c:\windows\$NtUninstallKB29959$\282093015\U\80000004.@
c:\windows\$NtUninstallKB29959$\282093015\U\80000032.@
c:\windows\$NtUninstallKB29959$\3570862413
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-30 )))))))))))))))))))))))))))))))
.
.
2012-01-19 11:25 . 2012-01-19 11:25 -------- d-----w- c:\program files\Lavalys
2012-01-19 10:35 . 2012-01-19 10:35 -------- d--h--w- c:\windows\PIF
2012-01-18 10:57 . 2012-01-18 10:57 -------- d-----w- c:\documents and settings\default User.YOUR-X8YTBSNBLG\Application Data\Malwarebytes
2012-01-18 10:57 . 2012-01-18 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-18 10:57 . 2012-01-18 10:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-18 10:57 . 2011-12-10 04:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-13 21:01 . 2012-01-18 09:01 -------- d-----w- c:\documents and settings\default User.YOUR-X8YTBSNBLG\Application Data\Yki
2012-01-13 21:01 . 2012-01-18 07:50 -------- d-----w- c:\documents and settings\default User.YOUR-X8YTBSNBLG\Application Data\Ufhi
2012-01-12 09:58 . 2012-01-12 10:09 -------- d-----w- c:\documents and settings\default User.YOUR-X8YTBSNBLG\Application Data\AVG
2012-01-12 07:34 . 2012-01-30 08:02 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-12 07:20 . 2012-01-30 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-01-11 14:05 . 2001-08-17 01:50 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2012-01-11 14:05 . 2001-08-17 03:56 235648 -c--a-w- c:\windows\system32\dllcache\mgaud.dll
2012-01-11 14:05 . 2008-04-13 13:11 26112 -c--a-w- c:\windows\system32\dllcache\memstpci.sys
2012-01-11 14:05 . 2001-08-17 11:36 47616 -c--a-w- c:\windows\system32\dllcache\memgrp.dll
2012-01-11 14:05 . 2001-08-17 02:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2012-01-11 14:04 . 2001-08-17 01:12 164586 -c--a-w- c:\windows\system32\dllcache\mdgndis5.sys
2012-01-11 14:04 . 2001-08-17 02:52 7424 -c--a-w- c:\windows\system32\dllcache\mammoth.sys
2012-01-11 14:04 . 2001-08-17 01:19 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2012-01-11 14:04 . 2001-08-17 11:36 58880 -c--a-w- c:\windows\system32\dllcache\m3092dc.dll
2012-01-11 14:04 . 2001-08-17 11:36 58368 -c--a-w- c:\windows\system32\dllcache\m3091dc.dll
2012-01-11 14:04 . 2001-08-17 01:49 22848 -c--a-w- c:\windows\system32\dllcache\lwusbhid.sys
2012-01-11 14:04 . 2008-04-13 11:09 20864 -c--a-w- c:\windows\system32\dllcache\lwadihid.sys
2012-01-11 14:04 . 2001-08-17 02:28 797500 -c--a-w- c:\windows\system32\dllcache\ltsmt.sys
2012-01-11 14:04 . 2001-08-17 02:28 802683 -c--a-w- c:\windows\system32\dllcache\ltsm.sys
2012-01-11 14:04 . 2008-04-13 13:10 7040 -c--a-w- c:\windows\system32\dllcache\ltotape.sys
2012-01-11 14:04 . 2008-04-13 12:53 420992 -c--a-w- c:\windows\system32\dllcache\ltmdmntt.sys
2012-01-11 14:04 . 2001-08-17 02:28 576746 -c--a-w- c:\windows\system32\dllcache\ltmdmntl.sys
2012-01-11 14:03 . 2008-04-13 12:53 606684 -c--a-w- c:\windows\system32\dllcache\ltmdmnt.sys
2012-01-11 14:03 . 2001-08-17 02:28 727786 -c--a-w- c:\windows\system32\dllcache\ltck000c.sys
2012-01-11 14:03 . 2001-08-17 02:53 4992 -c--a-w- c:\windows\system32\dllcache\loop.sys
2012-01-11 14:03 . 2001-08-17 01:12 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2012-01-11 14:03 . 2001-08-17 01:12 20573 -c--a-w- c:\windows\system32\dllcache\lne100.sys
2012-01-11 14:03 . 2001-08-17 01:11 25065 -c--a-w- c:\windows\system32\dllcache\lmndis3.sys
2012-01-11 14:03 . 2001-08-17 02:51 15744 -c--a-w- c:\windows\system32\dllcache\lit220p.sys
2012-01-11 14:03 . 2008-04-13 13:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2012-01-11 14:03 . 2001-08-17 01:12 26442 -c--a-w- c:\windows\system32\dllcache\lanepic5.sys
2012-01-11 14:03 . 2001-08-17 01:12 19016 -c--a-w- c:\windows\system32\dllcache\ktc111.sys
2012-01-11 14:02 . 2001-08-17 11:36 37376 -c--a-w- c:\windows\system32\dllcache\kousd.dll
2012-01-11 14:02 . 2008-04-13 18:41 253952 -c--a-w- c:\windows\system32\dllcache\kdsusd.dll
2012-01-11 14:02 . 2008-04-13 18:41 48640 -c--a-w- c:\windows\system32\dllcache\kdsui.dll
2012-01-11 14:02 . 2008-04-13 13:09 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2012-01-11 14:02 . 2001-08-17 02:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2012-01-11 14:02 . 2001-08-17 02:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2012-01-11 14:01 . 2008-04-13 18:41 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2012-01-11 14:01 . 2001-08-17 02:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2012-01-11 14:01 . 2008-04-13 18:42 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2012-01-11 14:01 . 2008-04-13 13:24 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2012-01-11 14:01 . 2001-08-17 01:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2012-01-11 14:01 . 2001-08-17 11:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2012-01-11 14:01 . 2001-08-17 02:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2012-01-11 14:01 . 2008-04-13 13:10 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2012-01-11 14:01 . 2001-08-17 02:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2012-01-11 14:01 . 2001-08-17 02:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2012-01-11 14:01 . 2008-04-14 12:00 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2012-01-11 14:00 . 2001-08-17 11:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2012-01-11 14:00 . 2001-08-17 03:06 100992 -c--a-w- c:\windows\system32\dllcache\icam5usb.sys
2012-01-11 14:00 . 2001-08-17 11:36 20480 -c--a-w- c:\windows\system32\dllcache\icam5ext.dll
2012-01-11 14:00 . 2001-08-17 11:36 45056 -c--a-w- c:\windows\system32\dllcache\icam5com.dll
2012-01-11 14:00 . 2001-08-17 03:06 154496 -c--a-w- c:\windows\system32\dllcache\icam4usb.sys
2012-01-11 14:00 . 2001-08-17 11:36 61952 -c--a-w- c:\windows\system32\dllcache\icam4ext.dll
2012-01-11 14:00 . 2001-08-17 11:36 91136 -c--a-w- c:\windows\system32\dllcache\icam4com.dll
2012-01-11 14:00 . 2001-08-17 11:36 26624 -c--a-w- c:\windows\system32\dllcache\icam3ext.dll
2012-01-11 14:00 . 2001-08-17 03:05 141056 -c--a-w- c:\windows\system32\dllcache\icam3.sys
2012-01-11 14:00 . 2001-08-17 03:06 38528 -c--a-w- c:\windows\system32\dllcache\ibmvcap.sys
2012-01-11 13:58 . 2001-08-17 02:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2012-01-11 13:58 . 2001-08-17 02:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2012-01-11 13:58 . 2001-08-17 02:28 73279 -c--a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2012-01-11 13:58 . 2001-08-17 02:28 44863 -c--a-w- c:\windows\system32\dllcache\hsf_soar.sys
2012-01-11 13:58 . 2001-08-17 02:28 57471 -c--a-w- c:\windows\system32\dllcache\hsf_samp.sys
2012-01-11 13:58 . 2001-08-17 02:28 542879 -c--a-w- c:\windows\system32\dllcache\hsf_msft.sys
2012-01-11 13:58 . 2001-08-17 02:28 391199 -c--a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2012-01-11 13:58 . 2001-08-17 11:36 9759 -c--a-w- c:\windows\system32\dllcache\hsf_inst.dll
2012-01-11 13:58 . 2001-08-17 02:28 115807 -c--a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2012-01-11 13:58 . 2001-08-17 02:28 199711 -c--a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2012-01-11 13:58 . 2001-08-17 02:28 289887 -c--a-w- c:\windows\system32\dllcache\hsf_fall.sys
2012-01-11 13:58 . 2001-08-17 02:28 67167 -c--a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2012-01-11 13:57 . 2001-08-17 02:28 150239 -c--a-w- c:\windows\system32\dllcache\hsf_amos.sys
2012-01-11 13:57 . 2001-08-17 11:36 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2012-01-11 13:57 . 2001-08-17 02:52 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2012-01-11 13:57 . 2001-08-17 11:36 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2012-01-11 13:57 . 2001-08-17 11:36 324608 -c--a-w- c:\windows\system32\dllcache\hpojwia.dll
2012-01-11 13:57 . 2001-08-17 03:07 25952 -c--a-w- c:\windows\system32\dllcache\hpn.sys
2012-01-11 13:57 . 2001-08-17 11:36 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2012-01-11 13:57 . 2001-08-17 11:36 68608 -c--a-w- c:\windows\system32\dllcache\hpgt53tk.dll
2012-01-11 13:57 . 2001-08-17 11:36 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll
2012-01-11 13:57 . 2001-08-17 11:36 31232 -c--a-w- c:\windows\system32\dllcache\hpgt42tk.dll
2012-01-11 13:57 . 2001-08-17 11:36 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2012-01-11 13:55 . 2001-08-17 02:51 82304 -c--a-w- c:\windows\system32\dllcache\grclass.sys
2012-01-11 13:55 . 2001-08-17 02:51 17408 -c--a-w- c:\windows\system32\dllcache\gpr400.sys
2012-01-11 13:55 . 2008-04-13 13:15 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2012-01-11 13:55 . 2008-04-13 13:15 10624 -c--a-w- c:\windows\system32\dllcache\gameenum.sys
2012-01-11 13:55 . 2008-04-13 13:06 46464 -c--a-w- c:\windows\system32\dllcache\gagp30kx.sys
2012-01-11 13:55 . 2001-08-17 01:49 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys
2012-01-11 13:55 . 2001-08-17 03:56 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2012-01-11 13:55 . 2001-08-17 01:49 320384 -c--a-w- c:\windows\system32\dllcache\g200m.sys
2012-01-11 13:55 . 2001-08-17 03:56 470144 -c--a-w- c:\windows\system32\dllcache\g200d.dll
2012-01-11 13:55 . 2001-08-17 01:15 454912 -c--a-w- c:\windows\system32\dllcache\fxusbase.sys
2012-01-11 13:55 . 2001-08-17 11:36 92160 -c--a-w- c:\windows\system32\dllcache\fuusd.dll
2012-01-11 13:55 . 2001-08-17 01:15 455296 -c--a-w- c:\windows\system32\dllcache\fusbbase.sys
2012-01-11 13:54 . 2001-08-17 01:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2012-01-11 13:54 . 2001-08-17 01:15 442240 -c--a-w- c:\windows\system32\dllcache\fpnpbase.sys
2012-01-11 13:54 . 2001-08-17 01:14 441728 -c--a-w- c:\windows\system32\dllcache\fpcmbase.sys
2012-01-11 13:54 . 2001-08-17 01:14 444416 -c--a-w- c:\windows\system32\dllcache\fpcibase.sys
2012-01-11 13:54 . 2008-04-13 11:05 34173 -c--a-w- c:\windows\system32\dllcache\forehe.sys
2012-01-11 13:54 . 2001-08-17 11:36 71680 -c--a-w- c:\windows\system32\dllcache\fnfilter.dll
2012-01-11 13:54 . 2001-08-17 01:13 27165 -c--a-w- c:\windows\system32\dllcache\fetnd5.sys
2012-01-11 13:54 . 2001-08-17 01:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2012-01-11 13:54 . 2001-08-17 01:12 24618 -c--a-w- c:\windows\system32\dllcache\fa410nd5.sys
2012-01-11 13:54 . 2001-08-17 01:12 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys
2012-01-11 13:52 . 2001-08-17 01:19 72192 -c--a-w- c:\windows\system32\dllcache\es1969.sys
2012-01-11 13:51 . 2001-08-17 01:11 171520 -c--a-w- c:\windows\system32\dllcache\el99xn51.sys
2012-01-11 13:50 . 2001-08-17 03:07 20192 -c--a-w- c:\windows\system32\dllcache\dpti2o.sys
2012-01-11 13:49 . 2001-08-17 11:36 614429 -c--a-w- c:\windows\system32\dllcache\digiview.exe
2012-01-11 13:48 . 2001-08-17 01:12 63208 -c--a-w- c:\windows\system32\dllcache\dc21x4.sys
2012-01-11 13:47 . 2001-08-17 01:19 6912 -c--a-w- c:\windows\system32\dllcache\ctlfacem.sys
2012-01-11 13:46 . 2001-08-17 01:13 27164 -c--a-w- c:\windows\system32\dllcache\ce3n5.sys
2012-01-11 13:45 . 2001-08-17 02:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2012-01-11 13:44 . 2008-04-13 18:41 17279 -c--a-w- c:\windows\system32\dllcache\atv10nt5.dll
2012-01-11 13:43 . 2001-08-17 03:56 137216 -c--a-w- c:\windows\system32\dllcache\atidrae.dll
2012-01-11 13:42 . 2008-04-13 18:41 3775 -c--a-w- c:\windows\system32\dllcache\adv11nt5.dll
2012-01-10 12:31 . 2012-01-10 12:31 -------- d-----w- c:\documents and settings\default User.YOUR-X8YTBSNBLG\Local Settings\Application Data\SanctionedMedia
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-23 13:25 . 2008-06-27 05:13 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2008-06-27 05:13 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2008-06-27 05:13 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2008-06-27 05:13 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2008-06-27 05:13 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2008-06-27 05:13 1288704 ----a-w- c:\windows\system32\ole32.dll
2010-08-13 02:24 . 2010-08-13 02:24 567624 ----a-w- c:\program files\GoogleEarthSetup.exe
2010-03-21 11:14 . 2010-03-21 11:14 1098920 ----a-w- c:\program files\yahoomailuploader_0.5.exe
2010-03-10 03:52 . 2010-03-10 03:52 607584 ----a-w- c:\program files\RMITAU-SecureW2.exe
2009-06-17 17:30 . 2010-07-27 12:12 2525169 ----a-w- c:\program files\JPG-to-PDF-Converter-Setup.exe
2008-10-06 18:29 . 2008-12-23 04:57 1851544 ----a-w- c:\program files\install_flash_player.exe
2008-05-07 23:34 . 2008-06-27 06:48 15523560 ----a-w- c:\program files\U1 Setup.exe
2010-02-13 12:30 . 2009-08-05 00:37 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-06-03 98304]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-06-03 479232]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-16 16806400]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-7-23 303104]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-15 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 07:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 05:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-01-10 12:37 4616064 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\explorer.exe"= %windir%\explorer.exe
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/18/2010 5:25 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 5:41 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/5/2011 4:54 AM 116608]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [6/27/2008 4:36 PM 625024]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/13/2010 3:06 PM 136176]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/5/2009 11:36 AM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/13/2010 3:06 PM 136176]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-13 04:05]
.
2012-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-13 04:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyServer = proxy.tpg.com.au:3128
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/AU/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\documents and settings\default User.YOUR-X8YTBSNBLG\Application Data\Mozilla\Firefox\Profiles\km1zlqrx.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.yahoo.com.au/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b3d2cf0&i=23&tp=ab&ychte=us&q=
FF - prefs.js: network.proxy.ftp - 10.12.0.1
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 10.12.0.1
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 10.12.0.1
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 10.12.0.1
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 10.12.0.1
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: English (Australian) Dictionary: en-AU@dictionaries.addons.mozilla.org - %profile%\extensions\en-AU@dictionaries.addons.mozilla.org
FF - Ext: 20-20 3D Viewer: 2020Player@2020Technologies.com - %profile%\extensions\2020Player@2020Technologies.com
FF - Ext: 20-20 3D Viewer - IKEA: 2020Player_IKEA@2020Technologies.com - %profile%\extensions\2020Player_IKEA@2020Technologies.com
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-{301496E7-380D-83E4-99E3-A828578AB168} - c:\documents and settings\default User.YOUR-X8YTBSNBLG\Application Data\Yki\wavipao.exe
Notify-TPSvc - TPSvc.dll
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1 - c:\program files\AVG\AVG PC Tuneup\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-30 19:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,69,30,ed,5b,eb,80,4f,92,63,ec,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,69,30,ed,5b,eb,80,4f,92,63,ec,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(588)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(1656)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Completion time: 2012-01-30 20:00:25 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-30 09:00
.
Pre-Run: 22,959,644,672 bytes free
Post-Run: 24,144,855,040 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 2ED1B25B040356FF819A67D8A70B199A

 

[Broni]

I copied your reply to your original topic.

This topic is closed now.