Computer wont boot from USB

[teafan]

I am trying to boot the AVG Rescue CD file off of a USB drive (ignore the name - it works on a USB drive too) to clear a virus/malware and I cannot do it.

I have adjusted the BIOS to boot from USB and it simply ignores the instruction and boots as normal. I even tried disabling all boot options besides USB to see if that would work - it ended up displaying a load of jargon and the command Boot:

I'm basically trying to remove the trojan horse called psw.generic9.rdx

 

[johnb35]

What have you already tried using to remove the infection?

Forget running the boot cd and just do the following.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

 

[teafan]

Malware Log:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.25.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
DARC :: DARC-837875C7DB [administrator]

25/02/2012 14:18:14
mbam-log-2012-02-25 (14-18-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 242211
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:25:09, on 25/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
D:\PROGRA~1\AVG\AVG2012\avgrsx.exe
D:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
D:\Program Files\AVG\AVG2012\avgwdsvc.exe
D:\Program Files\Digidesign\Drivers\MMERefresh.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
D:\PROGRA~1\WINDOW~3\Datamngr\DATAMN~1.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
D:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\VirtualSearchProtocolHost.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] D:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [AVG_TRAY] "D:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [DATAMNGR] D:\PROGRA~1\WINDOW~3\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: REALTEK 11n USB Wireless LAN Utility.lnk = D:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
O4 - Global Startup: Windows Search.lnk = D:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG2012\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Avid, Inc. All rights reserved. - D:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Avid, Inc. All rights reserved. - D:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10895 bytes

 

[johnb35]

Which program is telling you that you have this trojan and where is the trojan located?

You have a lot of running processes there. I'm sure you are suffereing from system performance as well. Since malwarebytes didn't find anything lets continue.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running

 

[teafan]

The program that detected this was AVG 2011 - It could detect it but not cure it.

ComboFix rebooted my machine but the mouse stopped working at the User Select screen (this happens every now an again) and I had to switch off and on again to correct. It looks as if it's continuing form where it left off... will it still do what you need it to do?

 

[johnb35]

The program that detected this was AVG 2011 - It could detect it but not cure it.

running combofix now...

I asked 2 questions. Where did avg say this trojan was located? Continue with the combofix scan. Make sure you disable AVG resident shield before running.

 

[teafan]

I can't remember the exact location - if you need me to run AVG again and tell you what it says I can. It's a registry location.

ComboFix 12-02-25.01 - DARC 25/02/2012 14:41:16.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3326.2705 [GMT 0:00]
Running from: c:\documents and settings\DARC\Desktop\LatestComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_xcpip
.
.
((((((((((((((((((((((((( Files Created from 2012-01-25 to 2012-02-25 )))))))))))))))))))))))))))))))
.
.
2012-02-25 14:36 . 2012-02-25 14:39 -------- d-----w- C:\ComboFix
2012-02-25 14:21 . 2012-02-25 14:21 388096 ----a-r- c:\documents and settings\DARC\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-25 14:21 . 2012-02-25 14:21 -------- d-----w- d:\program files\Trend Micro
2012-02-17 17:20 . 2012-02-17 17:20 -------- d-----w- c:\documents and settings\Online\Application Data\Blue Cat Audio
2012-02-17 14:53 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-17 14:53 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-13 18:07 . 2012-02-13 18:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-02-13 18:04 . 2012-02-13 18:04 -------- d-----w- c:\documents and settings\Online\Local Settings\Application Data\Google
2012-02-13 17:48 . 2012-02-13 17:48 -------- d-----w- c:\documents and settings\Online\Application Data\AVG2012
2012-02-13 17:48 . 2012-02-13 17:48 -------- d-----w- c:\documents and settings\Online\Application Data\Windows Desktop Search
2012-02-12 14:33 . 2012-02-12 14:33 -------- d-----w- c:\documents and settings\DARC\Application Data\Windows Desktop Search
2012-02-12 14:32 . 2012-02-13 19:48 -------- d-----w- d:\program files\Windows Desktop Search
2012-02-12 14:32 . 2012-02-12 14:32 -------- d-----w- c:\windows\system32\GroupPolicy
2012-02-12 14:30 . 2012-02-12 14:30 -------- d-----w- d:\program files\MSECache
2012-02-11 11:55 . 2012-02-11 11:59 -------- d-----w- C:\MGtools
2012-02-11 11:42 . 2012-02-11 11:42 -------- d-----w- c:\documents and settings\DARC\Application Data\NCH Software
2012-02-11 11:03 . 2012-02-11 11:03 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2012-02-11 11:03 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-11 10:26 . 2012-02-11 10:26 -------- d-----w- c:\documents and settings\DARC\Application Data\SUPERAntiSpyware.com
2012-02-11 10:25 . 2012-02-11 10:26 -------- d-----w- d:\program files\SUPERAntiSpyware
2012-02-11 10:25 . 2012-02-11 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-02-11 09:18 . 2012-02-11 09:48 -------- d-----w- C:\sh4ldr
2012-02-11 09:18 . 2012-02-11 09:18 -------- d-----w- d:\program files\Enigma Software Group
2012-02-11 09:17 . 2012-02-11 09:48 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-11 09:17 . 2012-02-11 09:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-02-10 22:46 . 2012-02-11 12:37 -------- d-----w- c:\documents and settings\Administrator.DARC-837875C7DB
2012-02-10 20:24 . 2012-02-10 20:24 -------- d-----w- c:\documents and settings\DARC\Application Data\AVG
2012-02-08 21:40 . 2012-02-08 21:40 -------- d-----w- C:\temp
2012-02-08 20:19 . 2012-02-08 20:19 -------- d-----w- C:\$AVG
2012-02-08 19:43 . 2012-02-08 19:43 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-02-08 19:43 . 2012-02-11 08:55 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-08 19:43 . 2012-02-08 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-02-08 19:43 . 2012-02-11 11:19 -------- d-----w- d:\program files\AVG
2012-02-08 19:41 . 2012-02-11 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-02-07 20:50 . 2012-02-07 20:50 -------- d-----w- c:\documents and settings\DARC\Local Settings\Application Data\PCHealth
2012-02-05 15:48 . 2012-02-05 15:48 -------- d-----w- c:\documents and settings\DARC\Application Data\Flux
2012-02-03 19:29 . 2012-02-05 15:52 -------- d-----w- c:\documents and settings\DARC\Application Data\Blue Cat Audio
2012-01-28 10:27 . 2012-01-28 10:27 -------- d-----w- d:\program files\M-Audio
2012-01-27 21:33 . 2011-04-11 12:59 95312 ----a-w- c:\windows\system32\drivers\rig2usb.sys
2012-01-27 21:33 . 2009-07-14 11:27 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2012-01-27 21:32 . 2011-04-11 12:59 346192 ----a-w- c:\windows\system32\drivers\rig2avs.sys
2012-01-27 21:32 . 2012-01-27 21:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{6C538E46-E1F9-4CD9-8F66-60004C54D305}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-11 11:59 . 2012-02-11 11:55 189868 ----a-w- C:\MGlogs.zip
2012-01-12 16:53 . 2008-04-14 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DigidesignMMERefresh"="d:\program files\Digidesign\Drivers\MMERefresh.exe" [2009-12-18 77824]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2011-04-29 765744]
"AVG_TRAY"="d:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
.
c:\documents and settings\Online\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\DARC\Application Data\Dropbox\bin\Dropbox.exe [2011-8-18 24182160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK 11n USB Wireless LAN Utility.lnk - d:\program files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe [2011-8-7 1044480]
Windows Search.lnk - d:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi3"=ma_cmidn.dll
"wave2"=Digi32.dll
"MIDI2"=diomidi.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0d:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\SimCity™ 4 Deluxe Edition\\Apps\\SimCity 4.exe"=
"d:\\Steam\\Steam.exe"=
"d:\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=
"d:\\Program Files\\SquareEnix\\FINAL FANTASY XIV\\ffxivboot.exe"=
"d:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"d:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Documents and Settings\\DARC\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 01:14 23120]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 06:23 230608]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
R2 !SASCORE;SAS Core Service;d:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 23:38 116608]
R2 avgwd;AVG WatchDog;d:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [04/01/2012 14:22 822624]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [23/08/2011 21:23 16400]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/02/2012 11:03 652360]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [01/10/2011 08:30 508776]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/02/2012 11:03 20464]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [06/10/2010 17:59 606440]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 21:23 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 21:23 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 21:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 21:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [01/10/2011 08:30 219496]
R3 UAD2System;UAD-2 Global System Service;c:\windows\system32\drivers\UAD2System.sys [07/04/2009 19:02 39040]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys --> c:\windows\system32\drivers\DigiFilt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [21/08/2011 10:05 136176]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys --> c:\windows\system32\drivers\AtihdXP3.sys [?]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 01:14 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 01:14 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 06:21 16720]
S3 AXIOM;Service for M-Audio Axiom;c:\windows\system32\drivers\MAudioAxiom.sys [11/04/2011 19:32 115336]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [01/03/2011 20:23 183560]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [08/12/2010 18:40 23456]
S3 esgiguard;esgiguard;\??\d:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> d:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [21/08/2011 10:05 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [07/03/2011 20:50 25728]
S3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [03/11/2010 17:40 21112]
S3 MADFUFTU8R;Service for M-Audio FastTrackUltra8R DFU;c:\windows\system32\DRIVERS\MAudioFastTrackUltra8R_DFU.sys --> c:\windows\system32\DRIVERS\MAudioFastTrackUltra8R_DFU.sys [?]
S3 MAUSBFASTTRACKULTRA8R;Service for M-Audio Fast Track Ultra 8R;c:\windows\system32\drivers\MAudioFastTrackUltra8R.sys [29/04/2011 19:35 137776]
S3 MAUSBRI;MAUSBRI;c:\windows\system32\DRIVERS\mausbft8r.sys --> c:\windows\system32\DRIVERS\mausbft8r.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 20:37 4640000]
S3 qup6lbx.sys;qup6lbx.sys;\??\c:\windows\system32\drivers\qup6lbx.sys --> c:\windows\system32\drivers\qup6lbx.sys [?]
S3 rig2avs;Rig Kontrol 2 WDM Audio;c:\windows\system32\drivers\rig2avs.sys [27/01/2012 21:32 346192]
S3 rig2usb;rig2usb;c:\windows\system32\drivers\rig2usb.sys [27/01/2012 21:33 95312]
S3 rig2usb_svc;Rig Kontrol 2;c:\windows\system32\drivers\rig2usb.sys [27/01/2012 21:33 95312]
S3 UAD2Pcie;Universal Audio UAD-2 DSP Accelerator;c:\windows\system32\drivers\UAD2Pcie.sys [07/04/2009 19:02 27136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - xcpip
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-25 c:\windows\Tasks\expresszipShakeIcon.job
- d:\program files\NCH Software\ExpressZip\expresszip.exe [2012-02-11 11:42]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 10:05]
.
2012-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 10:05]
.
2011-10-16 c:\windows\Tasks\prismShakeIcon.job
- d:\program files\NCH Software\Prism\prism.exe [2011-10-09 10:59]
.
2011-12-31 c:\windows\Tasks\switchDowngrade.job
- d:\program files\NCH Software\Switch\switch.exe [2011-10-09 10:59]
.
2011-12-17 c:\windows\Tasks\switchShakeIcon.job
- d:\program files\NCH Software\Switch\switch.exe [2011-10-09 10:59]
.
2011-12-31 c:\windows\Tasks\wavepadDowngrade.job
- d:\program files\NCH Software\WavePad\wavepad.exe [2011-10-09 10:59]
.
2011-12-17 c:\windows\Tasks\wavepadShakeIcon.job
- d:\program files\NCH Software\WavePad\wavepad.exe [2011-10-09 10:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: line6.net
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-25 14:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1120)
d:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
- - - - - - - > 'explorer.exe'(176)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
d:\program files\Windows Desktop Search\deskbar.dll
d:\program files\Windows Desktop Search\en-us\dbres.dll.mui
d:\program files\Windows Desktop Search\dbres.dll
d:\program files\Windows Desktop Search\wordwheel.dll
d:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
d:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\progra~1\AVG\AVG2012\avgrsx.exe
d:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
d:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\progra~1\WINDOW~3\Datamngr\DATAMN~1.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\Common Files\Teleca Shared\logger.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
c:\windows\system32\SearchProtocolHost.exe
c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
c:\program files\Common Files\microsoft shared\virtualization handler\VirtualSearchProtocolHost.exe
c:\program files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
c:\windows\system32\SearchFilterHost.exe
c:\windows\system32\SearchProtocolHost.exe
.
**************************************************************************
.
Completion time: 2012-02-25 14:54:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-25 14:54
ComboFix2.txt 2012-02-11 11:34
.
Pre-Run: 19,735,781,376 bytes free
Post-Run: 19,923,791,872 bytes free
.
- - End Of File - - F163D757F0F3128C20BD6ECDEB50B602

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:57:25, on 25/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
D:\PROGRA~1\AVG\AVG2012\avgrsx.exe
D:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\AVG\AVG2012\avgwdsvc.exe
D:\Program Files\Digidesign\Drivers\MMERefresh.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
D:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
D:\PROGRA~1\WINDOW~3\Datamngr\DATAMN~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
D:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\regedit.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DigidesignMMERefresh] D:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
O4 - HKLM\..\Run: [AVG_TRAY] "D:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [DATAMNGR] D:\PROGRA~1\WINDOW~3\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: REALTEK 11n USB Wireless LAN Utility.lnk = D:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
O4 - Global Startup: Windows Search.lnk = D:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG2012\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - D:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Avid, Inc. All rights reserved. - D:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Avid, Inc. All rights reserved. - D:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 10696 bytes

 

[johnb35]

Yes, rerun avg and tell me the exact registry key or put up a screen shot of the results. I'm gonna be out for most of the day but will check back in when I get home later this evening. Most likely its just a adware infection. It might also help to do the following. That way we have a couple different scanners telling us whats going on.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates, install and then start scanning your system.
When the scan is done, push list of found threats
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply.

Also do the following.

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.
If no threats are found then it won't produce a log.

 

[teafan]

C:\Documents and Settings\DARC\Application Data\AVG\Rescue\PC Tuneup 2011\120210202431859.rsc_tmp a variant of Win32/InstallCore.D application
C:\Documents and Settings\Online\Application Data\OpenCandy\OpenCandy_DD3EB1E84CE54050B382CA8DBB1A8C4E\p1v1_PPIRegistryReviver_w.exe a variant of Win32/SlowPCfighter application
C:\Documents and Settings\Online\Application Data\OpenCandy\OpenCandy_DD3EB1E84CE54050B382CA8DBB1A8C4E\PPIRegistryReviverSetup.exe a variant of Win32/SlowPCfighter application
C:\Documents and Settings\Online\Application Data\Sun\Java\Deployment\cache\6.0\14\1339680e-51613420 a variant of Win32/Kryptik.AAVK trojan
C:\Documents and Settings\Online\Application Data\Sun\Java\Deployment\cache\6.0\34\6c3f7322-23aecd8f Java/Exploit.CVE-2011-3544.AK trojan
C:\Documents and Settings\Online\Application Data\Sun\Java\Deployment\cache\6.0\63\268c943f-52cd6f09 Java/Exploit.CVE-2011-3544.AK trojan
D:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
D:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
D:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll probably a variant of Win32/Toolbar.SearchSuite application
Operating memory a variant of Win32/Toolbar.SearchSuite application

 

[johnb35]

Ok a few more things to do, but I'm still waiting on a current scan from AVG.

1.

Follow the instructions here on how to clear your java cache.

http://www.java.com/en/download/help/plugin_cache.xml

2.

When you ran combofix it created a log but didn't automatically show you. I need you to navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt. I need you to open that file and copy and paste the contents back here.

 

[teafan]

AVG results

Scan "Whole computer scan" completed.
No infection was found during this scan
Folders selected for scanning:;"Whole computer scan"
Scan started:;"26 February 2012, 09:19:47"
Scan finished:;"26 February 2012, 09:27:52 (8 minute(s) 4 second(s))"
Total object scanned:;"920007"
User who launched the scan:;"DARC"

1

Done

2

Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.4.5
Amazon MP3 Downloader 1.0.9
AMD APP SDK Runtime
AmpegSVX
AppInventor Setup
Apple Software Update
ATI Catalyst Install Manager
ATI Catalyst Registration
Audacity 1.3.14 (Unicode)
AVG 2012
Bing Bar
Blue Cat's FreqAnalyst RTAS 1.71
Bomb Factory BF-3A
BPM Counter 1.2.0.0
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
ccc-utility
CCC Help English
CCleaner
Classic Compressors
Digidesign Audio Drivers 8.0.3
Digidesign ElevenRack Driver 1.0.8 (x86)
Digidesign Pro Tools M-Powered 8.0.3
Driver Sweeper version 2.5.0
DriverAgent by eSupport.com
Dropbox
EA Download Manager
Enigma
Express Zip File Compression Software
Fairchild Bundle
FINAL FANTASY XIV
Flux_BitterSweetII
Flux_StereoTool
Free DigiRack Plug-Ins 8.0.3
Google Toolbar for Internet Explorer
Google Update Helper
Half-Life 2
Half-Life 2: Lost Coast
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
HTC Driver
HTC Sync
iLok Client Helper
Interlok driver setup x32
iZotope Vinyl
Java Auto Updater
Java(TM) 6 Update 26
Line 6 Uninstaller
Live 8.2.2
M-Audio FastTrackUltra8R Driver 6.0.10 (x86)
Malwarebytes Anti-Malware version 1.60.1.1000
Melodyne 3.2 Demo
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Business 2010 - English
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Xbox 360 Accessories 1.2
Microsoft XNA Framework Redistributable 4.0
moogerfooger Bundle
Native Instruments Akoustik Piano
Native Instruments Battery 3
Native Instruments FM8
Native Instruments Guitar Rig 3
Native Instruments Komplete 5
Native Instruments Kontakt 3
Native Instruments Massive
Native Instruments Reaktor 5
Native Instruments Rig Kontrol 2
Native Instruments Rig Kontrol 2 Driver
Native Instruments Service Center
Nokia Connectivity Cable Driver
Nokia Ovi Application Installer
Nokia Ovi Application Installer 6.85.3010
Nokia Ovi Content Copier
Nokia Ovi Content Copier 6.85.3010
Nokia Ovi System Utilities
Nokia Ovi System Utilities 6.85.3010
PC-Linq
PC Connectivity Solution
Prism Video File Converter
Pultec Bundle
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
REALTEK Wireless LAN Driver and Utility
REAPER
SansAmp PSA-1
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SimCity 4 Deluxe
Sky Broadband
Sky Broadband Browser Branding
Slightly Rude Compressor
Spelling Dictionaries Support For Adobe Reader 9
Steam
SUPERAntiSpyware
Switch Sound File Converter
System Requirements Lab CYRI
The Lord of the Rings FREE Trial
The Witcher 2
TL Space Native 9.0.2
UAD Powered Plug-Ins
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2641690)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WavePad Sound Editor
WebFldrs XP
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Driver Package - Universal Audio Inc. (UAD2Pcie) UAD2DSP (03/22/2009 5.03.0071)
Windows Driver Package - Universal Audio Inc. (UAD2Pcie) UAD2DSP (08/14/2008 5.00.0090)
Windows Driver Package - Universal Audio Inc. (UAD2System) UAD2DSP (03/22/2009 5.03.0071)
Windows Driver Package - Universal Audio Inc. (UAD2System) UAD2DSP (08/14/2008 5.00.0090)
Windows iLivid Toolbar
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0

 

[johnb35]

Okay, it seems combofix removed the infection. You need to update your java to the latest version and then uninstall the Ilivid toolbar.

Get the latest java here.

www.java.com.

I need you to run a specialized combofix script for me.

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box

Killall::

Dirlook::

c:\documents and settings\All Users\Application Data\{6C538E46-E1F9-4CD9-8F66-60004C54D305}
c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

 

[teafan]

ComboFix 12-02-25.01 - DARC 27/02/2012 20:50:37.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.3326.2613 [GMT 0:00]
Running from: c:\documents and settings\DARC\Desktop\LatestComboFix.exe
Command switches used :: c:\documents and settings\DARC\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-27 to 2012-02-27 )))))))))))))))))))))))))))))))
.
.
2012-02-27 20:58 . 2012-02-27 20:58 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-02-27 20:47 . 2012-02-27 20:47 -------- d-----w- c:\program files\Common Files\Java
2012-02-27 20:47 . 2012-02-27 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask
2012-02-27 20:47 . 2012-02-27 20:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-02-27 20:47 . 2012-02-27 20:47 -------- d-----w- d:\program files\Java
2012-02-26 09:45 . 2012-02-26 09:45 -------- d-----r- C:\MSOCache
2012-02-25 17:17 . 2012-02-25 17:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-25 15:21 . 2012-02-25 15:21 -------- d-----w- d:\program files\ESET
2012-02-25 14:36 . 2012-02-25 14:39 -------- d-----w- C:\ComboFix
2012-02-25 14:21 . 2012-02-25 14:21 388096 ----a-r- c:\documents and settings\DARC\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-25 14:21 . 2012-02-25 14:21 -------- d-----w- d:\program files\Trend Micro
2012-02-17 17:20 . 2012-02-17 17:20 -------- d-----w- c:\documents and settings\Online\Application Data\Blue Cat Audio
2012-02-17 14:53 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-17 14:53 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-13 18:07 . 2012-02-13 18:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2012-02-13 18:04 . 2012-02-13 18:04 -------- d-----w- c:\documents and settings\Online\Local Settings\Application Data\Google
2012-02-13 17:48 . 2012-02-13 17:48 -------- d-----w- c:\documents and settings\Online\Application Data\AVG2012
2012-02-13 17:48 . 2012-02-13 17:48 -------- d-----w- c:\documents and settings\Online\Application Data\Windows Desktop Search
2012-02-12 14:33 . 2012-02-12 14:33 -------- d-----w- c:\documents and settings\DARC\Application Data\Windows Desktop Search
2012-02-12 14:32 . 2012-02-13 19:48 -------- d-----w- d:\program files\Windows Desktop Search
2012-02-12 14:32 . 2012-02-12 14:32 -------- d-----w- c:\windows\system32\GroupPolicy
2012-02-12 14:30 . 2012-02-12 14:30 -------- d-----w- d:\program files\MSECache
2012-02-11 11:55 . 2012-02-11 11:59 -------- d-----w- C:\MGtools
2012-02-11 11:42 . 2012-02-11 11:42 -------- d-----w- c:\documents and settings\DARC\Application Data\NCH Software
2012-02-11 11:03 . 2012-02-11 11:03 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2012-02-11 11:03 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-11 10:26 . 2012-02-11 10:26 -------- d-----w- c:\documents and settings\DARC\Application Data\SUPERAntiSpyware.com
2012-02-11 10:25 . 2012-02-11 10:26 -------- d-----w- d:\program files\SUPERAntiSpyware
2012-02-11 10:25 . 2012-02-11 10:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2012-02-11 09:18 . 2012-02-11 09:48 -------- d-----w- C:\sh4ldr
2012-02-11 09:18 . 2012-02-11 09:18 -------- d-----w- d:\program files\Enigma Software Group
2012-02-11 09:17 . 2012-02-11 09:48 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-11 09:17 . 2012-02-11 09:17 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-02-10 22:46 . 2012-02-11 12:37 -------- d-----w- c:\documents and settings\Administrator.DARC-837875C7DB
2012-02-10 20:24 . 2012-02-10 20:24 -------- d-----w- c:\documents and settings\DARC\Application Data\AVG
2012-02-08 21:40 . 2012-02-08 21:40 -------- d-----w- C:\temp
2012-02-08 20:19 . 2012-02-08 20:19 -------- d-----w- C:\$AVG
2012-02-08 19:43 . 2012-02-08 19:43 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-02-08 19:43 . 2012-02-11 08:55 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-08 19:43 . 2012-02-08 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-02-08 19:43 . 2012-02-11 11:19 -------- d-----w- d:\program files\AVG
2012-02-08 19:41 . 2012-02-11 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-02-07 20:50 . 2012-02-07 20:50 -------- d-----w- c:\documents and settings\DARC\Local Settings\Application Data\PCHealth
2012-02-05 15:48 . 2012-02-05 15:48 -------- d-----w- c:\documents and settings\DARC\Application Data\Flux
2012-02-03 19:29 . 2012-02-05 15:52 -------- d-----w- c:\documents and settings\DARC\Application Data\Blue Cat Audio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-27 20:47 . 2011-06-27 19:18 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2012-02-11 11:59 . 2012-02-11 11:55 189868 ----a-w- C:\MGlogs.zip
2012-01-12 16:53 . 2008-04-14 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\{6C538E46-E1F9-4CD9-8F66-60004C54D305} ----
.
2012-01-27 21:32 . 2012-01-27 21:32 114 -c--a-w- c:\documents and settings\All Users\Application Data\{6C538E46-E1F9-4CD9-8F66-60004C54D305}\instance.dat
2012-01-27 21:32 . 2011-04-11 13:34 579156 -c--a-w- c:\documents and settings\All Users\Application Data\{6C538E46-E1F9-4CD9-8F66-60004C54D305}\mia.lib
2012-01-27 21:32 . 2012-01-27 21:33 459 -c--a-w- c:\documents and settings\All Users\Application Data\{6C538E46-E1F9-4CD9-8F66-60004C54D305}\Rig Kontrol 2 Setup PC.dat
2012-01-27 21:32 . 2011-04-11 13:34 279040 -c--a-w- c:\documents and settings\All Users\Application Data\{6C538E46-E1F9-4CD9-8F66-60004C54D305}\Rig Kontrol 2 Setup PC.msi
2012-01-27 21:32 . 2012-01-27 21:32 5577 -c--a-w- c:\documents and settings\All Users\Application Data\{6C538E46-E1F9-4CD9-8F66-60004C54D305}\Rig Kontrol 2 Setup PC.par
2012-01-27 21:32 . 2011-04-11 13:34 3325978 -c--a-w- c:\documents and settings\All Users\Application Data\{6C538E46-E1F9-4CD9-8F66-60004C54D305}\Rig Kontrol 2 Setup PC.res
2012-01-27 21:32 . 2011-04-11 13:34 2705616 -c--a-w- c:\documents and settings\All Users\Application Data\{6C538E46-E1F9-4CD9-8F66-60004C54D305}\Rig Kontrol 2 Setup PC.exe
.
---- Directory of c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP ----
.
2012-02-11 09:48 . 2012-02-11 09:48 7446 ----a-w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseData.ini
2012-02-11 09:48 . 2012-02-11 09:48 179526 ----a-w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla18.dll
2012-02-11 09:47 . 2012-02-11 09:48 180482 ----a-w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla21.dll
2012-02-11 09:47 . 2012-02-11 09:48 175992 ----a-w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla20.dll
2012-02-11 09:47 . 2012-02-11 09:47 179526 ----a-w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla18.exe
2012-02-11 09:47 . 2012-02-11 09:48 176035 ----a-w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla19.dll
2012-02-11 09:47 . 2012-02-11 09:48 179526 ----a-w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla.dll
2012-02-11 09:47 . 2012-02-11 09:48 176035 ----a-w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla2.dll
2012-02-11 09:47 . 2012-02-11 09:48 176545 ----a-w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla17.dll
2012-02-11 09:47 . 2012-02-11 09:48 27499 ----a-w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCall.dll
2012-02-11 09:17 . 2012-02-11 09:17 180482 ----a-w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP\WiseCustomCalla21.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-02-25_14.50.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-27 20:58 . 2012-02-27 20:58 16384 c:\windows\temp\Perflib_Perfdata_1e0.dat
+ 2009-03-08 18:49 . 2012-02-27 19:31 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-08 18:49 . 2012-01-16 20:26 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-08 18:49 . 2012-02-27 19:31 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-08 18:49 . 2012-01-16 20:26 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-02-27 19:31 . 2012-02-27 19:31 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-02-27 20:47 . 2012-02-27 20:47 157472 c:\windows\system32\javaws.exe
- 2011-06-27 19:18 . 2011-06-27 19:18 157472 c:\windows\system32\javaws.exe
+ 2012-02-27 20:47 . 2012-02-27 20:47 149280 c:\windows\system32\javaw.exe
+ 2012-02-27 20:47 . 2012-02-27 20:47 149280 c:\windows\system32\java.exe
+ 2012-02-27 20:47 . 2012-02-27 20:47 203776 c:\windows\Installer\5d88b4.msi
+ 2012-02-27 20:47 . 2012-02-27 20:47 901120 c:\windows\Installer\5d889a.msi
+ 2012-02-27 20:59 . 2012-02-27 20:59 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2012-02-27 20:59 . 2012-02-27 21:00 2283520 c:\windows\Installer\12ea4.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "d:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 16:31 1514152 ----a-w- d:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "d:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 98304]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"DigidesignMMERefresh"="d:\program files\Digidesign\Drivers\MMERefresh.exe" [2009-12-18 77824]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2011-04-29 765744]
"AVG_TRAY"="d:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-05-27 598016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ApnUpdater"="d:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
.
c:\documents and settings\Online\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\DARC\Application Data\Dropbox\bin\Dropbox.exe [2011-8-18 24182160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK 11n USB Wireless LAN Utility.lnk - d:\program files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe [2011-8-7 1044480]
Windows Search.lnk - d:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "d:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi3"=ma_cmidn.dll
"wave2"=Digi32.dll
"MIDI2"=diomidi.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0d:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\SimCity™ 4 Deluxe Edition\\Apps\\SimCity 4.exe"=
"d:\\Steam\\Steam.exe"=
"d:\\Steam\\steamapps\\common\\amd driver updater, xp, 32 bit\\Setup.exe"=
"d:\\Program Files\\SquareEnix\\FINAL FANTASY XIV\\ffxivboot.exe"=
"d:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
"d:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Documents and Settings\\DARC\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
"3389:TCP"= 3389:TCP:Remote Desktop
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 01:14 23120]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 06:23 230608]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 16:27 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 21:55 67664]
R2 !SASCORE;SAS Core Service;d:\program files\SUPERAntiSpyware\SASCore.exe [11/08/2011 23:38 116608]
R2 avgwd;AVG WatchDog;d:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [04/01/2012 14:22 822624]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [23/08/2011 21:23 16400]
R2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/02/2012 11:03 652360]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [01/10/2011 08:30 508776]
R3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [03/11/2010 17:40 21112]
R3 MAUSBFASTTRACKULTRA8R;Service for M-Audio Fast Track Ultra 8R;c:\windows\system32\drivers\MAudioFastTrackUltra8R.sys [29/04/2011 19:35 137776]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/02/2012 11:03 20464]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [06/10/2010 17:59 606440]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 21:23 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 21:23 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 21:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 21:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [01/10/2011 08:30 219496]
R3 UAD2System;UAD-2 Global System Service;c:\windows\system32\drivers\UAD2System.sys [07/04/2009 19:02 39040]
S0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys --> c:\windows\system32\drivers\DigiFilt.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Google Update Service (gupdate);d:\program files\Google\Update\GoogleUpdate.exe [21/08/2011 10:05 136176]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys --> c:\windows\system32\drivers\AtihdXP3.sys [?]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 01:14 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 01:14 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 06:21 16720]
S3 AXIOM;Service for M-Audio Axiom;c:\windows\system32\drivers\MAudioAxiom.sys [11/04/2011 19:32 115336]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [01/03/2011 20:23 183560]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [08/12/2010 18:40 23456]
S3 esgiguard;esgiguard;\??\d:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> d:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 gupdatem;Google Update Service (gupdatem);d:\program files\Google\Update\GoogleUpdate.exe [21/08/2011 10:05 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [07/03/2011 20:50 25728]
S3 MADFUFTU8R;Service for M-Audio FastTrackUltra8R DFU;c:\windows\system32\DRIVERS\MAudioFastTrackUltra8R_DFU.sys --> c:\windows\system32\DRIVERS\MAudioFastTrackUltra8R_DFU.sys [?]
S3 MAUSBRI;MAUSBRI;c:\windows\system32\DRIVERS\mausbft8r.sys --> c:\windows\system32\DRIVERS\mausbft8r.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 20:37 4640000]
S3 qup6lbx.sys;qup6lbx.sys;\??\c:\windows\system32\drivers\qup6lbx.sys --> c:\windows\system32\drivers\qup6lbx.sys [?]
S3 rig2avs;Rig Kontrol 2 WDM Audio;c:\windows\system32\drivers\rig2avs.sys [27/01/2012 21:32 346192]
S3 rig2usb;rig2usb;c:\windows\system32\drivers\rig2usb.sys [27/01/2012 21:33 95312]
S3 rig2usb_svc;Rig Kontrol 2;c:\windows\system32\drivers\rig2usb.sys [27/01/2012 21:33 95312]
S3 UAD2Pcie;Universal Audio UAD-2 DSP Accelerator;c:\windows\system32\drivers\UAD2Pcie.sys [07/04/2009 19:02 27136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-25 c:\windows\Tasks\expresszipShakeIcon.job
- d:\program files\NCH Software\ExpressZip\expresszip.exe [2012-02-11 11:42]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 10:05]
.
2012-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 10:05]
.
2011-10-16 c:\windows\Tasks\prismShakeIcon.job
- d:\program files\NCH Software\Prism\prism.exe [2011-10-09 10:59]
.
2012-02-27 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- d:\program files\Ask.com\UpdateTask.exe [2012-01-03 16:31]
.
2011-12-31 c:\windows\Tasks\switchDowngrade.job
- d:\program files\NCH Software\Switch\switch.exe [2011-10-09 10:59]
.
2011-12-17 c:\windows\Tasks\switchShakeIcon.job
- d:\program files\NCH Software\Switch\switch.exe [2011-10-09 10:59]
.
2011-12-31 c:\windows\Tasks\wavepadDowngrade.job
- d:\program files\NCH Software\WavePad\wavepad.exe [2011-10-09 10:59]
.
2011-12-17 c:\windows\Tasks\wavepadShakeIcon.job
- d:\program files\NCH Software\WavePad\wavepad.exe [2011-10-09 10:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: line6.net
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-<NO NAME> - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-27 20:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1120)
d:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
.
- - - - - - - > 'explorer.exe'(4696)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
d:\program files\Windows Desktop Search\deskbar.dll
d:\program files\Windows Desktop Search\en-us\dbres.dll.mui
d:\program files\Windows Desktop Search\dbres.dll
d:\program files\Windows Desktop Search\wordwheel.dll
d:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
d:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
d:\progra~1\AVG\AVG2012\avgrsx.exe
d:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
d:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
d:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msiexec.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
d:\progra~1\WINDOW~3\Datamngr\DATAMN~1.EXE
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Common Files\Teleca Shared\logger.exe
c:\program files\Common Files\Teleca Shared\CapabilityManager.exe
c:\program files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\DbgOut.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
c:\program files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-02-27 21:03:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-27 21:03
ComboFix2.txt 2012-02-25 14:54
ComboFix3.txt 2012-02-11 11:34
.
Pre-Run: 19,514,036,224 bytes free
Post-Run: 19,661,762,560 bytes free
.
- - End Of File - - 46173F008FB938A68EE9C43B53B6594A

 

[johnb35]

Ok, those directories are nothing to be concerned about. Seems your doing better now. I did notice that combofix said that avg was outdated, have you updated it recently?