Hello, I've done as you instructed. Combofix and Eset logs are pasted below. ESet did not find any viruses, even though my AVG antivirus found them in the system restore points. I noticed that Eset had a check mark to scan archives but it was defaulted to off. I did not change it since that was not in the instructions. Or maybe AVG was just giving a false positive. Theres almost nothing in the Eset log. Thanks again.
////////////////Begin ComboFix Log\\\\\\\\\\\\\\\\\\
ComboFix 10-09-23.01 - Dan 09/24/2010 7:02.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2633 [GMT -5:00]
Running from: c:\documents and settings\Dan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dan\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\windows\system32\perfc009.dat"
"c:\windows\system32\perfh009.dat"
"c:\windows\Temp\Perflib_Perfdata_540.dat"
"c:\windows\Temp\Perflib_Perfdata_df4.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\PeerGuardian2
c:\program files\PeerGuardian2\cache.p2b
c:\program files\PeerGuardian2\history.db
c:\program files\PeerGuardian2\lists\105845032.list
c:\program files\PeerGuardian2\lists\1211516814.list
c:\program files\PeerGuardian2\lists\1361934031.list
c:\program files\PeerGuardian2\lists\1371792138.list
c:\program files\PeerGuardian2\lists\138123176.list
c:\program files\PeerGuardian2\lists\1662719053.list
c:\program files\PeerGuardian2\lists\2641689668.list
c:\program files\PeerGuardian2\lists\2752961995.list
c:\program files\PeerGuardian2\lists\2816330350.list
c:\program files\PeerGuardian2\lists\2991639428.list
c:\program files\PeerGuardian2\lists\335281063.list
c:\program files\PeerGuardian2\lists\3455996304.list
c:\program files\PeerGuardian2\lists\367484882.list
c:\program files\PeerGuardian2\lists\permallow.p2b
c:\program files\PeerGuardian2\pg2.conf
c:\windows\Temp\Perflib_Perfdata_540.dat
.
--------------- FCopy ---------------
c:\windows\ServicePackFiles\i386\dmio.sys --> c:\windows\system32\drivers\dmio.sys
.
((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.
2010-09-18 22:01 . 2010-09-18 22:01 -------- d-----w- c:\program files\Paint.NET
2010-09-18 22:01 . 2010-09-18 22:06 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Paint.NET
2010-09-04 14:56 . 2010-09-04 14:56 -------- d-----w- c:\documents and settings\Dan\Application Data\XcelsiuscustomThemesAutoInfo
2010-09-04 14:56 . 2010-09-04 14:56 -------- d-----w- c:\documents and settings\Dan\Application Data\XcelsiuscustomThemes
2010-09-04 14:56 . 2010-09-04 16:39 -------- d-----w- c:\documents and settings\Dan\Application Data\Xcelsius
2010-09-04 14:55 . 2010-09-04 14:55 -------- d-----w- c:\windows\system32\Binaries
2010-09-04 14:38 . 2010-09-04 14:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 12:11 . 2010-05-08 17:46 -------- d-----w- c:\documents and settings\Dan\Application Data\Skype
2010-09-24 12:08 . 2010-05-08 17:47 -------- d-----w- c:\documents and settings\Dan\Application Data\skypePM
2010-09-24 12:08 . 2009-04-16 22:36 -------- d-----w- c:\program files\Steam
2010-09-23 14:29 . 2010-09-23 14:29 620896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
2010-09-23 14:29 . 2010-09-23 14:29 4093792 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-09-23 14:29 . 2010-09-23 14:29 3586912 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-09-23 14:29 . 2010-09-23 14:29 1619296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-09-23 14:29 . 2010-09-23 14:29 1377632 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-09-23 14:29 . 2010-09-23 14:29 942432 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
2010-09-23 14:29 . 2010-09-23 14:29 598368 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-09-23 14:29 . 2010-09-23 14:29 4371296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-09-23 14:29 . 2010-09-23 14:29 300896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-09-23 14:29 . 2010-09-23 14:29 1690952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-09-05 16:02 . 2009-04-18 23:48 -------- d-----w- c:\documents and settings\Dan\Application Data\dvdcss
2010-09-04 14:55 . 2009-05-24 23:19 -------- d-----w- c:\program files\Business Objects
2010-08-13 15:41 . 2009-04-11 22:40 -------- d-----w- c:\documents and settings\Dan\Application Data\Azureus
2010-08-06 08:10 . 2010-08-06 08:10 503808 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-107c3b00-n\msvcp71.dll
2010-08-06 08:10 . 2010-08-06 08:10 499712 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-107c3b00-n\jmc.dll
2010-08-06 08:10 . 2010-08-06 08:10 348160 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-107c3b00-n\msvcr71.dll
2010-08-06 08:10 . 2010-08-06 08:10 61440 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2e0ce201-n\decora-sse.dll
2010-08-06 08:10 . 2010-08-06 08:10 12800 ----a-w- c:\documents and settings\Dan\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-2e0ce201-n\decora-d3d.dll
2010-07-16 19:26 . 2010-07-16 19:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-16 16:05 . 2010-07-16 16:05 2568656 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-07-16 15:35 . 2009-04-12 01:06 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 15:35 . 2010-07-16 15:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 15:35 . 2009-04-12 01:06 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-04 23:04 . 2010-07-04 23:04 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-07-04 23:04 . 2010-07-04 23:04 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-07-04 23:03 . 2010-07-04 23:03 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-07-01 03:12 . 2010-07-12 23:31 749568 ----a-w- c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\fdqq0jha.default\extensions\GameTapPlayer@gametap.com\plugins\npGameTapWebPlayer.dll
2010-07-01 03:07 . 2009-09-09 23:07 292208 ----a-w- c:\windows\system32\YSys.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-09-20_23.41.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-24 12:08 . 2010-09-24 12:08 16384 c:\windows\Temp\Perflib_Perfdata_a5c.dat
- 2001-08-18 12:00 . 2010-09-20 23:41 91714 c:\windows\system32\perfc009.dat
+ 2001-08-18 12:00 . 2010-09-22 00:28 91714 c:\windows\system32\perfc009.dat
+ 2001-08-18 12:00 . 2008-04-13 18:40 96512 c:\windows\system32\dllcache\atapi.sys
+ 2001-08-18 12:00 . 2010-09-22 00:28 497668 c:\windows\system32\perfh009.dat
- 2001-08-18 12:00 . 2010-09-20 23:41 497668 c:\windows\system32\perfh009.dat
+ 2001-08-18 12:00 . 2008-04-13 18:44 153344 c:\windows\system32\dllcache\dmio.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2010-08-28 1242448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-20 26192680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2007-04-14 1556480]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-17 17676288]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-09-07 159744]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2008-05-26 1423360]
"QFan Help"="c:\program files\ASUS\Ai Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"FloatLED"="c:\program files\FloatLED\FloatLED.exe" [2009-02-15 58368]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-06-16 864112]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-28 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-28 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 15:35 12536 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Business Objects\\javasdk\\bin\\java.exe"=
"c:\\Program Files\\GameTap Web Player\\bin\\release\\GameTapPlayer.exe"=
"c:\\Documents and Settings\\Dan\\Application Data\\Juniper Networks\\Juniper Citrix Services Client\\dsCitrixProxy.exe"=
"c:\\Documents and Settings\\Dan\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVC.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\GameTap Web Player\\games\\150010250\\dawnofwardarkcrusade\\DarkCrusade.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\All Users\\Application Data\\GameTap Web Player\\games\\150010350\\callofduty2\\CoD2MP_s.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\GameTap Web Player\\games\\150009050\\cohgold\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"60666:TCP"= 60666:TCP:Vuze
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/30/2009 3:15 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/11/2009 8:06 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/11/2009 8:06 PM 243024]
R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\drivers\SWIPsec.sys [9/12/2009 2:14 PM 87064]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 10:35 AM 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1352832]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [3/5/2009 11:57 PM 227352]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [4/17/2009 7:07 PM 22784]
S3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\drivers\SWVNIC.sys [3/4/2009 6:03 PM 21016]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [8/15/2008 2:47 PM 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [8/15/2008 2:47 PM 369688]
.
Contents of the 'Scheduled Tasks' folder
2010-09-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 14:51]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\fdqq0jha.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\fdqq0jha.default\extensions\GameTap@gametap.com\plugins\npGameTapWebUpdater.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\fdqq0jha.default\extensions\GameTapPlayer@gametap.com\plugins\npGameTapWebPlayer.dll
FF - plugin: c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\fdqq0jha.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-09-24 07:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\mysql\bin\mysqld\" --defaults-file=\"c:\mysql\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ôw*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1864)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Razer\DeathAdder\razertra.exe
c:\program files\Razer\DeathAdder\razerofa.exe
c:\program files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\mysql\bin\mysqld.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-09-24 07:14:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-24 12:14
ComboFix2.txt 2010-09-22 00:30
ComboFix3.txt 2010-09-20 23:44
Pre-Run: 32,829,149,184 bytes free
Post-Run: 32,826,208,256 bytes free
- - End Of File - - 1988F9E5448BC2BF25348256EF03403C
////////////////End ComboFix Log\\\\\\\\\\\\\\\\\\
/////////////////////Begin Eset Log\\\\\\\\\\\\\\\\\\\
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
//////////////////////End Eset Log\\\\\\\\\\\\\\\\\\\\\