John, here's the combo log you asked for.
Lliam.
ComboFix 11-12-17.05 - Owner 18/12/2011 14:37:17.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.202 [GMT 0:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Virgin Media Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Firewall Booster *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\alcrmv.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-18 to 2011-12-18 )))))))))))))))))))))))))))))))
.
.
2011-12-18 12:41 . 2011-12-18 12:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware
2011-12-18 12:22 . 2011-11-21 02:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5DEC67C-2663-43D5-9C31-65018C9AA407}\mpengine.dll
2011-12-17 16:00 . 2011-12-17 16:01 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-17 15:30 . 2011-12-17 15:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-12-17 15:30 . 2011-12-17 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-12-17 15:29 . 2011-08-31 17:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-17 15:29 . 2011-12-17 15:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-15 18:02 . 2011-12-15 18:02 -------- d-----w- c:\program files\CCleaner
2011-12-15 15:29 . 2011-12-15 15:30 -------- d-----w- c:\program files\Opera
2011-12-15 11:17 . 2011-11-21 02:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-12-14 16:28 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-12-14 16:25 . 2011-12-14 16:25 -------- d-----w- c:\program files\Microsoft Security Client
2011-12-14 16:19 . 2011-12-14 16:19 -------- d-----w- c:\documents and settings\Guest\AppData
2011-12-14 16:18 . 2011-12-14 16:18 -------- d-----w- c:\documents and settings\Guest\Application Data\searchquband
2011-12-14 16:17 . 2011-12-14 16:17 -------- d-----w- c:\documents and settings\Guest\Application Data\Radialpoint
2011-12-14 16:16 . 2011-12-14 16:16 -------- d-----w- c:\documents and settings\Guest\Application Data\{{userdatapath.company}}
2011-12-14 16:16 . 2011-12-14 16:19 -------- d-----w- c:\documents and settings\Guest\Application Data\searchqutoolbar
2011-12-14 16:15 . 2011-12-14 16:15 -------- d-----w- c:\documents and settings\Guest\Application Data\Virgin Media
2011-12-12 18:31 . 2011-12-15 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-12-12 18:31 . 2011-12-12 18:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-11 12:28 . 2010-09-17 21:14 341072 ----a-w- c:\windows\system32\drivers\TM_CFW.sys
2011-12-11 12:25 . 2011-12-11 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup
2011-12-11 12:23 . 2011-12-11 12:23 -------- d-----w- c:\documents and settings\Owner\Application Data\{{userdatapath.company}}
2011-12-11 12:14 . 2010-09-17 21:14 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-12-11 12:12 . 2010-09-17 21:14 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-12-11 12:12 . 2010-09-17 21:14 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-12-11 12:12 . 2010-09-17 21:14 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-12-11 12:08 . 2011-12-17 16:00 -------- d-----w- c:\program files\Trend Micro
2011-12-11 11:04 . 2011-12-11 11:04 -------- d-----w- c:\windows\system32\wbem\Repository
2011-12-11 11:04 . 2011-12-11 11:04 -------- d-----w- c:\program files\AVG
2011-12-07 13:49 . 2011-12-07 13:49 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2011-12-06 16:08 . 2011-12-06 16:08 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Radialpoint
2011-12-06 15:49 . 2011-12-06 15:49 -------- d-----w- c:\documents and settings\LocalService\Application Data\Trend Micro
2011-12-06 15:47 . 2011-12-15 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2011-12-06 15:10 . 2011-12-06 15:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Virgin Media
2011-12-06 15:10 . 2011-12-15 10:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Radialpoint
2011-12-06 15:10 . 2011-12-14 14:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Radialpoint
2011-12-06 15:10 . 2011-12-15 11:14 -------- d-----w- c:\program files\Virgin Media
2011-12-06 15:10 . 2011-12-15 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Virgin Media
2011-12-02 18:46 . 2011-12-02 18:46 -------- d--h--w- c:\windows\PIF
2011-12-02 18:36 . 2011-12-03 10:49 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG
2011-11-29 18:38 . 2011-11-29 18:38 -------- d-----w- c:\documents and settings\Owner\Application Data\DivX
2011-11-29 18:29 . 2011-11-29 19:29 -------- d-----w- c:\program files\DivX
2011-11-29 18:26 . 2011-11-29 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-11-28 11:10 . 2011-11-28 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2011-11-27 17:29 . 2011-11-27 17:30 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2011-11-27 17:26 . 2011-11-27 17:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Ilivid Player
2011-11-27 17:24 . 2011-11-27 17:24 -------- d-----w- c:\documents and settings\Owner\AppData
2011-11-27 17:24 . 2011-11-27 17:24 -------- d-----w- c:\documents and settings\Owner\Application Data\searchquband
2011-11-27 15:31 . 2011-11-27 17:26 -------- d-----w- c:\documents and settings\Owner\Application Data\searchqutoolbar
2011-11-27 15:31 . 2011-11-27 15:31 -------- d-----w- c:\program files\Windows iLivid Toolbar
2011-11-23 13:25 . 2011-11-23 13:25 1859584 -c----w- c:\windows\system32\dllcache\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 11:11 . 2011-09-05 15:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2011-09-14 12:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-04 12:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2011-09-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33 . 2011-09-14 11:49 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2011-09-14 11:49 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 12:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-09-05 14:32 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 10:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 04:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2011-06-15 15:16 997920 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
2007-06-11 10:15 176128 ----a-r- c:\windows\system32\S3Trayp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WudfSvc"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WmiApSrv"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"winmgmt"=2 (0x2)
"WebClient"=2 (0x2)
"W32Time"=2 (0x2)
"VSS"=3 (0x3)
"UPS"=3 (0x3)
"upnphost"=3 (0x3)
"TrkWks"=2 (0x2)
"Themes"=2 (0x2)
"TermService"=3 (0x3)
"TapiSrv"=3 (0x3)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"srservice"=2 (0x2)
"Spooler"=2 (0x2)
"ShellHWDetection"=2 (0x2)
"SharedAccess"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"Schedule"=2 (0x2)
"SCardSvr"=3 (0x3)
"SamSs"=2 (0x2)
"RSVP"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PolicyAgent"=2 (0x2)
"PlugPlay"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"Nla"=3 (0x3)
"Netman"=3 (0x3)
"Netlogon"=3 (0x3)
"napagent"=3 (0x3)
"MsMpSvc"=2 (0x2)
"MSIServer"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"lanmanworkstation"=2 (0x2)
"lanmanserver"=2 (0x2)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"helpsvc"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
"EventSystem"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"Dnscache"=2 (0x2)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"Dhcp"=2 (0x2)
"CryptSvc"=2 (0x2)
"COMSysApp"=3 (0x3)
"clr_optimization_v2.0.50727_32"=3 (0x3)
"cisvc"=2 (0x2)
"Browser"=2 (0x2)
"BITS"=2 (0x2)
"AudioSrv"=2 (0x2)
"aspnet_state"=3 (0x3)
"AppMgmt"=3 (0x3)
"ALG"=3 (0x3)
"!SASCORE"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 4:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 9:55 PM 67664]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [12/11/2011 12:28 PM 341072]
S1 MpKsl4da05428;MpKsl4da05428;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5DEC67C-2663-43D5-9C31-65018C9AA407}\MpKsl4da05428.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5DEC67C-2663-43D5-9C31-65018C9AA407}\MpKsl4da05428.sys [?]
S1 MpKsl66a82d02;MpKsl66a82d02;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5DEC67C-2663-43D5-9C31-65018C9AA407}\MpKsl66a82d02.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D5DEC67C-2663-43D5-9C31-65018C9AA407}\MpKsl66a82d02.sys [?]
S1 MpKsle6050b43;MpKsle6050b43;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{48338B2F-7A02-4D26-9511-40D44D0A7B2A}\MpKsle6050b43.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{48338B2F-7A02-4D26-9511-40D44D0A7B2A}\MpKsle6050b43.sys [?]
S3 DCamUSBLTN;M318B Digital Video Camera;c:\windows\system32\drivers\vq318vid.sys [4/22/2002 8:28 AM 113632]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192cu.sys [9/5/2011 3:14 PM 894696]
S4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 11:38 PM 116608]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 15:39]
.
.
------- Supplementary Scan -------
.
uStart Page =
https://dub106.mail.live.com/default.aspx?id=64855
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-12-18 14:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-789336058-1450960922-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(860)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-12-18 14:52:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-18 14:52
.
Pre-Run: 65,898,217,472 bytes free
Post-Run: 66,380,050,432 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - C2426BE50235C5CEADCCCD8BCFD492D5