# Completely Infected!!



## dnoto99

Hello, 

Our office computer is showing trojan, stealth and other virus warnings. Please see the following logs: 

This is the dds log and I've attached the other file...

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Asbury Grille at 19:25:26 on 2012-01-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.337 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version6\TeamViewer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Nuance\PaperPort\pptd40nt.exe
C:\Program Files\Nuance\PDF Viewer Plus\pdfpro5hook.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\ControlCenter4\BrCtrlCntr.exe
C:\Program Files\ControlCenter4\BrCcUxSys.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Documents and Settings\Asbury Grille\Local Settings\Application Data\juk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.alothome.com/en
uSearchURL,(Default) = hxxp://search.alot.com/web?q=&pr=auto&client_id=8D09906001CC7D7D14B7A3B0&src_id=30064&camp_id=3091&tb_version=1.1.1000.4(B)
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: ALOT Appbar Helper: {85f5cf95-ec8f-49fc-bb3f-38c79455cba2} - c:\program files\alotappbar\bin\bho\ALOTHelperBHO.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: ALOT Appbar: {a531d99c-5a22-449b-83da-872725c6d0ed} - c:\program files\alotappbar\bin\ALOTHelper.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [{14D3A2E2-102B-5328-66A0-101C022CBCF3}] "c:\documents and settings\asbury grille\application data\yrbyun\naicoza.exe"
uRun: [ISUSPM] c:\documents and settings\all users\application data\flexnet\connect\11\ISUSPM.exe -scheduler
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [IndexSearch] "c:\program files\nuance\paperport\IndexSearch.exe"
mRun: [PaperPort PTD] "c:\program files\nuance\paperport\pptd40nt.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf viewer plus\pdfpro5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf viewer plus\RegistryController.exe
mRun: [ControlCenter4] c:\program files\controlcenter4\BrCcBoot.exe /autorun
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A378EEF8-4E41-4BC4-8CBC-1ACB8686CC1D} - hxxp://otanywhere.opentable.com/download/PlugIn/OTSI.CAB
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{38EC0EC2-FD13-4CE9-9C4C-191339F0C609} : DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\asbury grille\application data\mozilla\firefox\profiles\f441norr.default\
FF - prefs.js: browser.startup.homepage - hxxp://mcloonesasburygrille.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-11-10 2011944]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-1-27 2253688]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2012-1-6 71424]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2012-1-6 11520]
R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-10-12 245760]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-23 366152]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-11-10 517448]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== File Associations ===============
.
.exe=5n
.
=============== Created Last 30 ================
.
2012-01-07 18:10:07 269824 ----a-w- c:\documents and settings\asbury grille\local settings\application data\juk.exe
2012-01-06 19:58:03 -------- d-----w- c:\documents and settings\asbury grille\application data\ControlCenter4
2012-01-06 19:58:01 -------- d-----w- c:\documents and settings\asbury grille\application data\FLEXnet
2012-01-06 19:54:09 71424 ----a-r- c:\windows\system32\drivers\BrSerIb.sys
2012-01-06 19:54:09 11520 ----a-r- c:\windows\system32\drivers\BrUsbSib.sys
2012-01-06 19:53:52 55808 ----a-w- c:\windows\system32\BrUsi09d.dll
2012-01-06 19:53:52 217088 ----a-w- c:\windows\system32\BrJDec.dll
2012-01-06 19:53:52 15295 ----a-w- c:\windows\system32\drivers\BrScnUsb.sys
2012-01-06 19:53:52 1481216 ----a-w- c:\windows\system32\BrWia09d.dll
2012-01-06 19:53:44 73728 ----a-w- c:\windows\system32\BRCrypt.dll
2012-01-06 19:53:37 -------- d-----w- c:\documents and settings\all users\application data\ControlCenter4
2012-01-06 19:53:31 -------- d-----w- c:\program files\ControlCenter4
2012-01-06 19:53:30 180224 ----a-w- c:\windows\system32\BrMuSNMP.dll
2012-01-06 19:53:30 118784 ----a-w- c:\windows\system32\BrMfNt.dll
2012-01-06 19:53:29 225280 ----a-w- c:\windows\system32\BrfxD05c.dll
2012-01-06 19:51:15 -------- d-----w- c:\documents and settings\all users\application data\zeon
2012-01-06 19:50:39 -------- d-----w- c:\documents and settings\asbury grille\application data\Nuance
2012-01-06 19:49:48 -------- d-----w- c:\program files\Nuance
2012-01-06 19:49:48 -------- d-----w- c:\program files\common files\ScanSoft Shared
2012-01-06 19:49:48 -------- d-----w- c:\documents and settings\all users\application data\Nuance
2012-01-06 19:48:50 -------- d-----w- c:\program files\MSXML 4.0
2011-12-09 14:40:56 82696 ----a-w- c:\windows\system32\lmdimon8.dll
2011-12-09 14:40:56 82184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lmdippr8.dll
2011-12-09 14:40:33 -------- d-----w- c:\documents and settings\all users\application data\Applications
.
==================== Find3M ====================
.
2011-11-21 15:58:43 516598 ----a-w- c:\windows\system32\PerfStringBackup.TMP
.
============= FINISH: 19:32:24.70 ===============


----------



## dnoto99

*Redirecting from Google, Pop-ups etc...*

I just marked my last post as solved however this is the same computer that I'm trying to fix with updated logs because we did a restore a few AVG scans and removed a few applications that was recently installed. While I can now access the internet, Google still redirects when clicking on a link...

this is the redirect link:
hxxp://63.209.69.107/search/web/Tech%20Support%20Forum/a21/empireppc-520-direc32/v5

Also, we're still getting pop-ups on the computer 

We removed a trojan virus but now the scan is not picking up on any other viruses...

Can you help as I am truly at a loss this time? 

Thanks in Advance


.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Asbury Grille at 13:53:10 on 2012-01-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.277 [GMT -5:00]
.
AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.23\AVG Secure Search_toolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\9.0.0.23\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [PPort12reminder] "c:\program files\nuance\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\12\config\ereg\Ereg.ini"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open with PDF Viewer Plus - c:\program files\nuance\pdf viewer plus\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A378EEF8-4E41-4BC4-8CBC-1ACB8686CC1D} - hxxp://otanywhere.opentable.com/download/PlugIn/OTSI.CAB
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{38EC0EC2-FD13-4CE9-9C4C-191339F0C609} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\9.0.1\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\asbury grille\application data\mozilla\firefox\profiles\f441norr.default\
FF - prefs.js: browser.startup.homepage - hxxp://mcloonesasburygrille.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\drivers\BrSerIb.sys [2012-1-8 71424]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\drivers\BrUsbSib.sys [2012-1-8 11520]
R4 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files\nuance\paperport\PDFProFiltSrvPP.exe [2010-3-9 144672]
R4 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-11-10 2011944]
R4 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\9.0.1\ToolbarUpdater.exe [2012-1-8 869216]
S3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-10-12 245760]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== Created Last 30 ================
.
2012-01-08 18:27:54 71424 ----a-r- c:\windows\system32\drivers\BrSerIb.sys
2012-01-08 18:27:54 11520 ----a-r- c:\windows\system32\drivers\BrUsbSib.sys
2012-01-08 18:27:32 55808 ----a-w- c:\windows\system32\BrUsi09d.dll
2012-01-08 18:27:32 217088 ----a-w- c:\windows\system32\BrJDec.dll
2012-01-08 18:27:32 15295 ----a-w- c:\windows\system32\drivers\BrScnUsb.sys
2012-01-08 18:27:32 1481216 ----a-w- c:\windows\system32\BrWia09d.dll
2012-01-08 18:27:27 73728 ----a-w- c:\windows\system32\BRCrypt.dll
2012-01-08 18:26:35 180224 ----a-w- c:\windows\system32\BrMuSNMP.dll
2012-01-08 18:26:35 118784 ----a-w- c:\windows\system32\BrMfNt.dll
2012-01-08 18:26:34 225280 ----a-w- c:\windows\system32\BrfxD05c.dll
2012-01-08 18:23:09 -------- d-----w- c:\documents and settings\all users\application data\zeon
2012-01-08 18:22:18 -------- d-----w- c:\documents and settings\asbury grille\application data\Nuance
2012-01-08 18:20:49 -------- d-----w- c:\program files\common files\ScanSoft Shared
2012-01-08 18:20:48 -------- d-----w- c:\program files\Nuance
2012-01-08 17:15:26 -------- d--h--w- C:\$AVG
2012-01-08 17:10:40 -------- d-----w- c:\documents and settings\asbury grille\application data\AVG Secure Search
2012-01-08 17:10:37 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-01-08 17:10:25 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-01-08 17:10:23 -------- d-----w- c:\program files\AVG Secure Search
2012-01-08 16:22:38 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-01-08 16:22:38 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-06 19:58:03 -------- d-----w- c:\documents and settings\asbury grille\application data\ControlCenter4
2012-01-06 19:58:01 -------- d-----w- c:\documents and settings\asbury grille\application data\FLEXnet
2012-01-06 19:53:37 -------- d-----w- c:\documents and settings\all users\application data\ControlCenter4
2012-01-06 19:53:31 -------- d-----w- c:\program files\ControlCenter4
2012-01-06 19:49:48 -------- d-----w- c:\program files\Nuance(2)
2012-01-06 19:49:48 -------- d-----w- c:\documents and settings\all users\application data\Nuance
2012-01-06 19:48:50 -------- d-----w- c:\program files\MSXML 4.0
.
==================== Find3M ====================
.
2011-11-21 15:58:43 516598 ----a-w- c:\windows\system32\PerfStringBackup.TMP
.
============= FINISH: 14:00:45.95 ===============


----------



## Ried

Hello dnoto99,

This topic has been marked as Solved. Do you still require assistance?


----------



## dnoto99

Unforturantely I jumped the gun on marking the thread solved. It's still bad... I didn't know how to handle reopening this so I created a second thread with updated logs which you can get to here... Let me know how to proceede! 

http://www.techsupportforum.com/forums/f50/redirecting-from-google-pop-ups-etc-623239.html

Thanks!


----------



## Ried

I merged the threads and edited the thread title. :smile:

Were you able to run gmer scan? It would be really helpful to see that log.









Download *GMER Rootkit Scanner *from *here* or *here*.

Ensure you have uninstalled any CD Emulation programs before you run GMER as outlined above and *here*



 Extract the contents of the zipped file to desktop. 
 *Disable* your onboard Anti Virus and any other Active protection programs you have installed. If you are unsure how to do this, see this *link*.
 Double click GMER.exe. 
 If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on *NO*, then use the following settings for a more complete scan.. 



_Click the image to enlarge it_



 In the right panel, you will see several boxes that have been checked. Ensure the following are *UNCHECKED* ...
 IAT/EAT
 Drives/Partition other than Systemdrive (typically C:\) 
 Show All (don't miss this one)

 Then click the Scan button & wait for it to finish. 
 Once done click on the *[Save..]* button, and in the File name area, type in *"ark.txt"* or it will save as a .log file which cannot be uploaded to your post. 

Save it where you can easily find it, such as your desktop

_**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries _


----------



## dnoto99

So, I tried to scan and the log came back blank. Most of the settings were greyed out as well so I couldn't run the full scan and I disabled our AVG before opening..


----------



## Ried

Ok, let's try another tool and see if it reveals anything of note before we go further.

Download TDSSKiller.exe and save it to your desktop
Execute TDSSKiller.exe by doubleclicking on it.
Press *Start Scan*

If Malicious objects are found, *do NOT *select * Cure*. *Change the action to Skip*, and save the log.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.


----------



## dnoto99

Okay, so that application won't run. I wanted to run a full recovery but I noticed system tools in an empty folder now on the pc. So, I ran Malwarebytes to at least make this PC functional. And all this was an issue before I ran Malware but I figured I should at least do something! Applications aren't running properly. I can access user accounts in Control Panel. It's a disaster. The internet is now working for the first time in a while.


----------



## Ried

I'd prefer to know ahead of time if the mbr is involved, but given your dire circumstances, let's proceed.

It will require more than 1 round to clean the system. Please stay with me until given the 'all clear' even if symptoms seem to abate.

Download ComboFix from one of these locations:

*Link 1*
*Link 2*


** IMPORTANT- Save ComboFix.exe to your Desktop*

====================================================


*Disable your AntiVirus and AntiSpyware applications *as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic *How to disable your security applications*


====================================================


Double click on ComboFix.exe & follow the prompts.



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. 


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.












Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:












Click on Yes, to continue scanning for malware, and follow all prompts.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply for further review.

What symptoms remain?


----------



## dnoto99

Okay, here is the log file. Please tell me what I need to do next. While I run the process it said it wasn't able to find a generic fix and that the process might take a while, something like that...

Thanks!

ComboFix 12-01-15.01 - Administrator 01/15/2012 13:53:29.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.472 [GMT -5:00]
Running from: C:\Documents and Settings\Asbury Grille\Desktop\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\SET153.tmp
C:\WINDOWS\system32\SET154.tmp
C:\WINDOWS\system32\SET155.tmp
C:\WINDOWS\system32\SET23.tmp
C:\WINDOWS\system32\SET24.tmp
C:\WINDOWS\system32\SET25.tmp
C:\WINDOWS\system32\SET29.tmp
C:\WINDOWS\system32\SET2A.tmp
C:\WINDOWS\system32\SET2B.tmp
C:\WINDOWS\system32\SET2F.tmp
C:\WINDOWS\system32\SET31.tmp
C:\WINDOWS\system32\SET63.tmp
C:\WINDOWS\system32\SET67.tmp
---- Previous Run -------
C:\Documents and Settings\Asbury Grille\g2mdlhlpx.exe
C:\Documents and Settings\Asbury Grille\Start Menu\Internet Explorer.lnk
-- Previous Run --
C:\WINDOWS\system32\drivers\i8042prt.sys . . . is missing!!
--------
C:\WINDOWS\system32\drivers\i8042prt.sys . . . is missing!!

((((((((((((((((((((((((( Files Created from 2011-12-15 to 2012-01-15 )))))))))))))))))))))))))))))))

2012-01-15 18:25:29 . 2012-01-15 18:25:50 -------- d-----w- C:\WINDOWS\LastGood
2012-01-15 15:46:06 . 2012-01-15 15:46:06 -------- d-----w- C:\AVG10
2012-01-14 22:42:40 . 2012-01-14 22:42:40 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\UltraVNC
2012-01-14 22:42:39 . 2012-01-14 22:42:39 -------- d-sh--w- C:\Documents and Settings\Administrator\IETldCache
2012-01-14 19:08:45 . 2012-01-14 19:08:45 -------- d-----w- C:\Documents and Settings\customer\Application Data\AVG10
2012-01-14 19:08:43 . 2012-01-14 19:08:43 -------- d-----w- C:\Documents and Settings\customer\Local Settings\Application Data\LogMeIn
2012-01-14 18:07:04 . 2012-01-14 18:07:04 -------- d-----w- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2012-01-14 18:06:51 . 2012-01-14 18:06:58 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-01-14 18:05:03 . 2012-01-14 18:05:00 10847608 ----a-w- C:\mbam-setup-1.60.0.1800.exe
2012-01-11 16:59:42 . 2012-01-11 16:59:42 -------- d-----w- C:\Documents and Settings\Asbury Grille\Local Settings\Application Data\Deployment
2012-01-10 19:49:55 . 2012-01-11 17:00:15 -------- d-----w- C:\Documents and Settings\LogMeInRemoteUser
2012-01-08 19:14:37 . 2011-12-07 23:22:16 83360 ----a-w- C:\WINDOWS\system32\LMIRfsClientNP.dll
2012-01-08 19:14:37 . 2011-12-07 23:22:08 52096 ----a-w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-01-08 19:14:37 . 2011-12-07 23:22:00 30592 ----a-w- C:\WINDOWS\system32\LMIport.dll
2012-01-08 19:14:37 . 2011-09-16 19:10:50 47640 ----a-w- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2012-01-08 19:14:34 . 2011-09-16 19:10:24 10144 ----a-w- C:\WINDOWS\system32\drivers\lmimirr.sys
2012-01-08 19:14:29 . 2011-12-07 23:21:58 87424 ----a-w- C:\WINDOWS\system32\LMIinit.dll
2012-01-08 19:14:03 . 2012-01-11 17:00:04 -------- d-----w- C:\Program Files\LogMeIn
2012-01-08 18:27:54 . 2009-11-03 03:06:12 11520 ----a-r- C:\WINDOWS\system32\drivers\BrUsbSib.sys
2012-01-08 18:27:54 . 2009-11-03 03:06:11 71424 ----a-r- C:\WINDOWS\system32\drivers\BrSerIb.sys
2012-01-08 18:27:32 . 2010-06-10 06:06:56 1481216 ----a-w- C:\WINDOWS\system32\BrWia09d.dll
2012-01-08 18:27:32 . 2010-06-07 11:18:02 55808 ----a-w- C:\WINDOWS\system32\BrUsi09d.dll
2012-01-08 18:27:32 . 2010-04-01 10:28:35 217088 ----a-w- C:\WINDOWS\system32\BrJDec.dll
2012-01-08 18:27:32 . 2004-10-15 03:50:20 15295 ----a-w- C:\WINDOWS\system32\drivers\BrScnUsb.sys
2012-01-08 18:27:27 . 2006-07-07 17:40:24 73728 ----a-w- C:\WINDOWS\system32\BRCrypt.dll
2012-01-08 18:26:35 . 2010-03-16 01:30:54 118784 ----a-w- C:\WINDOWS\system32\BrMfNt.dll
2012-01-08 18:26:35 . 2009-10-13 21:59:32 180224 ----a-w- C:\WINDOWS\system32\BrMuSNMP.dll
2012-01-08 18:26:34 . 2009-12-08 21:17:34 225280 ----a-w- C:\WINDOWS\system32\BrfxD05c.dll
2012-01-08 18:23:09 . 2012-01-08 18:23:09 -------- d-----w- C:\Documents and Settings\All Users\Application Data\zeon
2012-01-08 18:22:18 . 2012-01-08 18:22:18 -------- d-----w- C:\Documents and Settings\Asbury Grille\Application Data\Nuance
2012-01-08 18:20:49 . 2012-01-08 18:21:00 -------- d-----w- C:\Program Files\Common Files\ScanSoft Shared
2012-01-08 18:20:48 . 2012-01-08 18:23:08 -------- d-----w- C:\Program Files\Nuance
2012-01-08 17:15:26 . 2012-01-08 17:15:26 -------- d-----w- C:\$AVG
2012-01-08 17:10:40 . 2012-01-08 17:10:40 -------- d-----w- C:\Documents and Settings\Asbury Grille\Application Data\AVG Secure Search
2012-01-08 17:10:37 . 2012-01-08 17:10:50 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2012-01-08 17:10:25 . 2012-01-08 17:10:26 -------- d-----w- C:\Program Files\Common Files\AVG Secure Search
2012-01-08 17:10:23 . 2012-01-08 17:10:46 -------- d-----w- C:\Program Files\AVG Secure Search
2012-01-08 16:22:38 . 2012-01-08 16:22:38 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2012-01-06 19:58:03 . 2012-01-08 18:33:05 -------- d-----w- C:\Documents and Settings\Asbury Grille\Application Data\ControlCenter4
2012-01-06 19:58:01 . 2012-01-06 19:58:01 -------- d-----w- C:\Documents and Settings\Asbury Grille\Application Data\FLEXnet
2012-01-06 19:53:37 . 2012-01-06 19:53:37 -------- d-----w- C:\Documents and Settings\All Users\Application Data\ControlCenter4
2012-01-06 19:53:31 . 2012-01-08 18:27:08 -------- d-----w- C:\Program Files\ControlCenter4
2012-01-06 19:50:23 . 2012-01-08 18:21:47 -------- d-----w- C:\Documents and Settings\All Users\Application Data\ScanSoft
2012-01-06 19:49:48 . 2012-01-08 18:23:19 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Nuance
2012-01-06 19:49:48 . 2012-01-06 19:49:48 -------- d-----w- C:\Documents and Settings\All Users\Application Data\FLEXnet
2012-01-06 19:48:50 . 2012-01-06 19:48:50 -------- d-----w- C:\Program Files\MSXML 4.0
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2011-11-23 13:25:32 . 2008-08-21 12:00:00 1859584 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-11-04 19:20:51 . 2008-08-21 12:00:00 43520 ------w- C:\WINDOWS\system32\licmgr10.dll
2011-11-04 19:20:51 . 2008-08-21 12:00:00 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-11-04 11:23:59 . 2008-08-21 12:00:00 385024 ------w- C:\WINDOWS\system32\html.iec
2011-10-28 05:31:48 . 2008-08-21 12:00:00 33280 ----a-w- C:\WINDOWS\system32\csrsrv.dll
2011-10-18 11:13:22 . 2008-08-21 12:00:00 186880 ----a-w- C:\WINDOWS\system32\encdec.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-08 17:10:23 1574240 ----a-w- C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "C:\Program Files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll" [2012-01-08 17:10:23 1574240]
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="C:\Program Files\AVG\AVG10\avgtray.exe" [2011-09-10 11:28:50 2338656]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 18:35:40 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 18:32:24 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 18:36:20 114688]
"vProt"="C:\Program Files\AVG Secure Search\vprot.exe" [2012-01-08 17:10:23 892768]
"PPort12reminder"="C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe" [2010-02-09 18:42:26 328992]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 19:10:50 63048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2011-03-28 20:02:08 421888]


----------



## dnoto99

...also, as far as what symptoms remail. I'm still getting popups, google redirect and most files need to be run as administrator or they ask what program I'd like to open them in, which doesn't make sense because they are .exe files...


----------



## Ried

The ComboFix.txt you posted is incomplete. Please navigate to C:\ComboFix.txt and try again to copy/paste the entire log.

Also, see if you can run TDSSKiller now. Download TDSSKiller.exe and save it to your desktop
Execute TDSSKiller.exe by doubleclicking on it.
Press *Start Scan*

If Malicious objects are found, *do NOT *select * Cure*. *Change the action to Skip*, and save the log.

Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.


----------

