Rootkit infection

Ok I have no idea what has happened but when I first clicked on the reply it said something about a master boot repair and to put ib the XPdisc

I then logged on to repky as the repair process was not as indicated in the post I was reading and although I had clicked to repar in the reply, it is just reinstalling windows XP.

So now it is halfway through the process and I find the post on Combofix instead? Now am not sure what to do and computer needs another 36 mins to finish installing Windows. Please tell me I will not lost everything on my computer now! Also once installed do I still run Combi fix

Right - I have completed (accidentally) a total re-installation and then I also re-installed AVG as it was coming up with wierd messages.

The computer has allowed me to do a full computer scan for the first time in a week without a BSOD and both that and the anti-rootkit came up clear.

So now all I need to do is wait and see if the computer continues to BSOD as it has been doing this on a more-than daily basis or if the BSOD's stop.

Thank you for your efforts in trying to help me with this.

Ok.Lets run Combofix just to make sure all is well.

This is the log report from combofix:


ComboFix 12-01-05.02 - Wilsons 05/01/2012 21:18:32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3549.2790 [GMT 0:00]
Running from: c:\documents and settings\Wilsons\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe
c:\windows\system32\SET882.tmp
c:\windows\system32\SET886.tmp
c:\windows\system32\SET88E.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2012-01-05 17:33 . 2012-01-05 17:33 -------- d-----w- c:\documents and settings\Wilsons\Application Data\AVG2012
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\documents and settings\Wilsons\Application Data\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\program files\AVG Secure Search
2012-01-05 17:25 . 2012-01-05 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-01-05 17:25 . 2012-01-05 17:35 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-05 15:15 . 2006-02-28 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2012-01-05 15:14 . 2006-02-28 12:00 369664 -c--a-w- c:\windows\system32\dllcache\asp51.dll
2012-01-05 14:53 . 2006-02-28 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-01-05 14:53 . 2006-02-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-01-05 14:53 . 2006-02-28 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-01-05 14:53 . 2006-02-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-01-05 14:52 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET8D.tmp
2012-01-05 14:52 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET52.tmp
2012-01-05 14:52 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET46.tmp
2012-01-05 14:52 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET43.tmp
2012-01-05 10:50 . 2006-02-28 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-01-05 10:50 . 2006-02-28 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2012-01-05 10:27 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET8C.tmp
2012-01-05 10:27 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET51.tmp
2012-01-05 10:27 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET45.tmp
2012-01-05 10:27 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET42.tmp
2012-01-05 10:19 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET120.tmp
2012-01-05 10:19 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SETE5.tmp
2012-01-05 10:19 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SETD9.tmp
2012-01-05 10:19 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SETD6.tmp
2012-01-04 08:46 . 2012-01-04 08:46 -------- d-----w- C:\_OTL
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Malwarebytes
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-03 11:52 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 16:08 . 2012-01-02 16:08 -------- d-----w- c:\program files\Sophos
2011-12-28 16:26 . 2011-12-28 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2011-12-26 09:58 . 2011-12-26 09:58 -------- d-----w- c:\documents and settings\Wilsons\Local Settings\Application Data\OLYMPUS
2011-12-26 09:52 . 2011-12-26 09:52 -------- d-----w- c:\program files\DIFX
2011-12-26 09:52 . 2009-09-10 15:58 29328 ----a-w- c:\windows\system32\OlyClsInstCC.dll
2011-12-26 09:52 . 2009-09-10 15:58 21648 ----a-w- c:\windows\system32\drivers\OlyCamComm.sys
2011-12-26 09:49 . 2011-12-26 09:49 -------- d-----w- c:\program files\MSXML 4.0
2011-12-26 09:49 . 2005-09-22 22:07 95744 ----a-r- c:\windows\system32\atl80.dll
2011-12-26 09:49 . 2005-09-22 22:05 626688 ----a-r- c:\windows\system32\msvcr80.dll
2011-12-26 09:49 . 2005-09-22 22:05 548864 ----a-r- c:\windows\system32\msvcp80.dll
2011-12-26 09:49 . 2005-09-23 00:16 1079808 ----a-r- c:\windows\system32\mfc80u.dll
2011-12-26 09:49 . 2011-12-26 09:57 -------- d-----w- c:\program files\OLYMPUS
2011-12-25 10:37 . 2001-08-17 13:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\program files\Hewlett-Packard
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\program files\HP Photo Creations
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2011-12-25 10:36 . 2012-01-02 19:15 -------- d-----w- c:\documents and settings\Wilsons\Application Data\HpUpdate
2011-12-25 10:35 . 2011-06-08 18:06 544616 ----a-w- c:\windows\system32\HPDiscoPMa011.dll
2011-12-25 10:35 . 2011-06-08 21:57 488296 ----a-w- c:\windows\system32\HPWia1_DJ3050A_J611.dll
2011-12-25 10:35 . 2011-06-08 21:57 1929576 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2011-12-25 10:35 . 2011-06-08 21:57 429928 ----a-w- c:\windows\system32\hpinkstsa011.dll
2011-12-25 10:35 . 2011-06-08 21:57 270696 ----a-w- c:\windows\system32\hpinkstsa011LM.dll
2011-12-25 10:35 . 2011-06-08 21:57 216424 ----a-w- c:\windows\system32\hpinkcoia011.dll
2011-12-25 10:33 . 2011-12-25 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-12-25 10:32 . 2011-12-25 10:36 -------- d-----w- c:\program files\HP
2011-12-24 13:33 . 2011-12-24 13:33 -------- d-----w- c:\documents and settings\Wilsons\Local Settings\Application Data\HP
2011-12-21 20:14 . 2011-12-26 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2011-12-21 20:13 . 2011-12-26 18:46 -------- d-----w- c:\program files\NCH Software
2011-12-21 20:13 . 2011-12-26 18:46 -------- d-----w- c:\documents and settings\Wilsons\Application Data\NCH Software
2011-12-21 19:49 . 2011-12-21 19:49 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Amazon
2011-12-21 18:28 . 2011-12-21 18:28 -------- d-----w- c:\program files\Amazon
2011-12-21 18:25 . 2011-12-21 18:25 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Windows Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 20:55 . 2011-11-16 20:55 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2011-11-16 20:55 . 2011-11-16 20:55 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-11-16 14:55 . 2011-11-16 14:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-05 17:26 1574240 ----a-w- c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll" [2012-01-05 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 1804648]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" [2011-08-03 231296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-12-17 40995440]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" [2011-08-03 55168]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-25 136192]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-05 892768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F6D4050\v1\BelkinWCUI.exe [2011-11-16 1077248]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Wilsons\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 06:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 06:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 01:14 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17:21 249648]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [05/01/2012 17:26 869216]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 01:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 01:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 06:21 16720]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [16/11/2011 12:05 2135280]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 01:14 23120]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 06:25 4433248]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15:23 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\81.tmp --> c:\windows\system32\81.tmp [?]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [26/12/2011 09:52 21648]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 12:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGIDSAGENT
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGMFX86
*NewlyCreated* - AVGWD
*NewlyCreated* - VTOOLBARUPDATER
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-05 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08 18:06]
.
2012-01-05 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08 18:06]
.
2012-01-05 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08 18:06]
.
2012-01-05 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08 18:06]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003Core.job
- c:\documents and settings\Wilsons\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 12:33]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003UA.job
- c:\documents and settings\Wilsons\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 12:33]
.
2012-01-05 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-01-03 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-12-26 18:46]
.
2012-01-05 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18]
.
2011-11-25 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
2011-12-29 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-12-21 20:13]
.
2011-12-25 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-12-21 20:14]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-05 21:20
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\81.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\igfxdev.dll
.
Completion time: 2012-01-05 21:21:53
ComboFix-quarantined-files.txt 2012-01-05 21:21
.
Pre-Run: 940,631,044,096 bytes free
Post-Run: 941,262,258,176 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6A4F0D69972F85B7A029AF30BCE98194


Cheers

========================================

WARNING these fixes are designed for this user only and may cause damage if run on any other machine.




Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the the text in the quotebox below into it:

File::
c:\windows\*.tmp
Folder::
Registry::
Rootkit::
DDS::
RESTORE::
RegNull::
ATJob::
FireFox::
MBR::
TDL::
Netsvcs::

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*

Hi Pancake, here it is:


ComboFix 12-01-05.02 - Wilsons 05/01/2012 22:06:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3549.3079 [GMT 0:00]
Running from: c:\documents and settings\Wilsons\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wilsons\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2012-01-05 17:33 . 2012-01-05 17:33 -------- d-----w- c:\documents and settings\Wilsons\Application Data\AVG2012
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\documents and settings\Wilsons\Application Data\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\program files\AVG Secure Search
2012-01-05 17:25 . 2012-01-05 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-01-05 17:25 . 2012-01-05 17:35 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-05 15:15 . 2006-02-28 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2012-01-05 15:14 . 2006-02-28 12:00 369664 -c--a-w- c:\windows\system32\dllcache\asp51.dll
2012-01-05 14:53 . 2006-02-28 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-01-05 14:53 . 2006-02-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-01-05 14:53 . 2006-02-28 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-01-05 14:53 . 2006-02-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-01-05 14:52 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET8D.tmp
2012-01-05 14:52 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET52.tmp
2012-01-05 14:52 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET46.tmp
2012-01-05 14:52 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET43.tmp
2012-01-05 10:50 . 2006-02-28 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-01-05 10:50 . 2006-02-28 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2012-01-05 10:27 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET8C.tmp
2012-01-05 10:27 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET51.tmp
2012-01-05 10:27 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET45.tmp
2012-01-05 10:27 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET42.tmp
2012-01-05 10:19 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET120.tmp
2012-01-05 10:19 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SETE5.tmp
2012-01-05 10:19 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SETD9.tmp
2012-01-05 10:19 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SETD6.tmp
2012-01-04 08:46 . 2012-01-04 08:46 -------- d-----w- C:\_OTL
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Malwarebytes
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-03 11:52 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 16:08 . 2012-01-02 16:08 -------- d-----w- c:\program files\Sophos
2011-12-28 16:26 . 2011-12-28 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2011-12-26 09:58 . 2011-12-26 09:58 -------- d-----w- c:\documents and settings\Wilsons\Local Settings\Application Data\OLYMPUS
2011-12-26 09:52 . 2011-12-26 09:52 -------- d-----w- c:\program files\DIFX
2011-12-26 09:52 . 2009-09-10 15:58 29328 ----a-w- c:\windows\system32\OlyClsInstCC.dll
2011-12-26 09:52 . 2009-09-10 15:58 21648 ----a-w- c:\windows\system32\drivers\OlyCamComm.sys
2011-12-26 09:49 . 2011-12-26 09:49 -------- d-----w- c:\program files\MSXML 4.0
2011-12-26 09:49 . 2005-09-22 22:07 95744 ----a-r- c:\windows\system32\atl80.dll
2011-12-26 09:49 . 2005-09-22 22:05 626688 ----a-r- c:\windows\system32\msvcr80.dll
2011-12-26 09:49 . 2005-09-22 22:05 548864 ----a-r- c:\windows\system32\msvcp80.dll
2011-12-26 09:49 . 2005-09-23 00:16 1079808 ----a-r- c:\windows\system32\mfc80u.dll
2011-12-26 09:49 . 2011-12-26 09:57 -------- d-----w- c:\program files\OLYMPUS
2011-12-25 10:37 . 2001-08-17 13:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\program files\Hewlett-Packard
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\program files\HP Photo Creations
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2011-12-25 10:36 . 2012-01-02 19:15 -------- d-----w- c:\documents and settings\Wilsons\Application Data\HpUpdate
2011-12-25 10:35 . 2011-06-08 18:06 544616 ----a-w- c:\windows\system32\HPDiscoPMa011.dll
2011-12-25 10:35 . 2011-06-08 21:57 488296 ----a-w- c:\windows\system32\HPWia1_DJ3050A_J611.dll
2011-12-25 10:35 . 2011-06-08 21:57 1929576 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2011-12-25 10:35 . 2011-06-08 21:57 429928 ----a-w- c:\windows\system32\hpinkstsa011.dll
2011-12-25 10:35 . 2011-06-08 21:57 270696 ----a-w- c:\windows\system32\hpinkstsa011LM.dll
2011-12-25 10:35 . 2011-06-08 21:57 216424 ----a-w- c:\windows\system32\hpinkcoia011.dll
2011-12-25 10:33 . 2011-12-25 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-12-25 10:32 . 2011-12-25 10:36 -------- d-----w- c:\program files\HP
2011-12-24 13:33 . 2011-12-24 13:33 -------- d-----w- c:\documents and settings\Wilsons\Local Settings\Application Data\HP
2011-12-21 20:14 . 2011-12-26 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2011-12-21 20:13 . 2011-12-26 18:46 -------- d-----w- c:\program files\NCH Software
2011-12-21 20:13 . 2011-12-26 18:46 -------- d-----w- c:\documents and settings\Wilsons\Application Data\NCH Software
2011-12-21 19:49 . 2011-12-21 19:49 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Amazon
2011-12-21 18:28 . 2011-12-21 18:28 -------- d-----w- c:\program files\Amazon
2011-12-21 18:25 . 2011-12-21 18:25 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Windows Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 20:55 . 2011-11-16 20:55 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2011-11-16 20:55 . 2011-11-16 20:55 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-11-16 14:55 . 2011-11-16 14:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-05 17:26 1574240 ----a-w- c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll" [2012-01-05 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 1804648]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" [2011-08-03 231296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-12-17 40995440]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" [2011-08-03 55168]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-25 136192]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-05 892768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F6D4050\v1\BelkinWCUI.exe [2011-11-16 1077248]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Wilsons\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 01:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 06:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 06:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 01:14 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17:21 249648]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [05/01/2012 17:26 869216]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 01:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 01:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 06:21 16720]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [16/11/2011 12:05 2135280]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 06:25 4433248]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15:23 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\81.tmp --> c:\windows\system32\81.tmp [?]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [26/12/2011 09:52 21648]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 12:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003Core.job
- c:\documents and settings\Wilsons\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 12:33]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003UA.job
- c:\documents and settings\Wilsons\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 12:33]
.
2012-01-05 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-01-03 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-12-26 18:46]
.
2012-01-05 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18]
.
2011-11-25 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
2011-12-29 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-12-21 20:13]
.
2011-12-25 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-12-21 20:14]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-05 22:11
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\81.tmp"
.
Completion time: 2012-01-05 22:12:29
ComboFix-quarantined-files.txt 2012-01-05 22:12
ComboFix2.txt 2012-01-05 21:21
.
Pre-Run: 941,177,196,544 bytes free
Post-Run: 941,163,724,800 bytes free
.
- - End Of File - - AEB7147C6787BC1E175C666889472A3C

Thanks

Ok.Just this to do and we should be done..




========================================

WARNING these fixes are designed for this user only and may cause damage if run on any other machine.




Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open *notepad* and copy/paste the the text in the quotebox below into it:

File::
c:\windows\*.tmp

Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe


When finished, it shall produce a log for you at C:\ComboFix.txt

Please copy and paste the ComboFix.txt in your next reply please.


*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.Altering this script in any way could damage your computer*

Ok here it is:


ComboFix 12-01-05.04 - Wilsons 06/01/2012 9:05.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3549.2825 [GMT 0:00]
Running from: c:\documents and settings\Wilsons\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wilsons\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-06 to 2012-01-06 )))))))))))))))))))))))))))))))
.
.
2012-01-06 08:59 . 2012-01-06 09:00 -------- d-----w- c:\windows\LastGood
2012-01-05 22:24 . 2004-08-03 23:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2012-01-05 22:24 . 2004-08-03 23:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2012-01-05 22:24 . 2008-11-07 18:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-01-05 22:22 . 2012-01-05 22:23 -------- d-----w- c:\documents and settings\Wilsons\Local Settings\Application Data\Nokia
2012-01-05 22:22 . 2012-01-05 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2012-01-05 22:22 . 2012-01-05 22:29 -------- d-----w- c:\documents and settings\Wilsons\Application Data\PC Suite
2012-01-05 22:22 . 2012-01-05 22:22 -------- d-----w- c:\program files\Common Files\Nokia
2012-01-05 22:22 . 2012-01-05 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2012-01-05 17:33 . 2012-01-05 17:33 -------- d-----w- c:\documents and settings\Wilsons\Application Data\AVG2012
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\documents and settings\Wilsons\Application Data\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\program files\AVG Secure Search
2012-01-05 17:25 . 2012-01-05 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-01-05 17:25 . 2012-01-05 17:35 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-05 15:15 . 2006-02-28 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2012-01-05 15:14 . 2006-02-28 12:00 369664 -c--a-w- c:\windows\system32\dllcache\asp51.dll
2012-01-05 14:53 . 2006-02-28 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-01-05 14:53 . 2006-02-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-01-05 14:53 . 2006-02-28 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-01-05 14:53 . 2006-02-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-01-05 14:52 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET8D.tmp
2012-01-05 14:52 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET52.tmp
2012-01-05 14:52 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET46.tmp
2012-01-05 14:52 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET43.tmp
2012-01-05 10:50 . 2006-02-28 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-01-05 10:50 . 2006-02-28 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2012-01-05 10:27 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET8C.tmp
2012-01-05 10:27 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET51.tmp
2012-01-05 10:27 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET45.tmp
2012-01-05 10:27 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET42.tmp
2012-01-05 10:19 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET120.tmp
2012-01-05 10:19 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SETE5.tmp
2012-01-05 10:19 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SETD9.tmp
2012-01-05 10:19 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SETD6.tmp
2012-01-04 08:46 . 2012-01-04 08:46 -------- d-----w- C:\_OTL
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Malwarebytes
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-03 11:52 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 16:08 . 2012-01-02 16:08 -------- d-----w- c:\program files\Sophos
2011-12-28 16:26 . 2011-12-28 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2011-12-26 09:58 . 2011-12-26 09:58 -------- d-----w- c:\documents and settings\Wilsons\Local Settings\Application Data\OLYMPUS
2011-12-26 09:52 . 2012-01-05 22:22 -------- d-----w- c:\program files\DIFX
2011-12-26 09:52 . 2009-09-10 15:58 29328 ----a-w- c:\windows\system32\OlyClsInstCC.dll
2011-12-26 09:52 . 2009-09-10 15:58 21648 ----a-w- c:\windows\system32\drivers\OlyCamComm.sys
2011-12-26 09:49 . 2011-12-26 09:49 -------- d-----w- c:\program files\MSXML 4.0
2011-12-26 09:49 . 2005-09-22 22:07 95744 ----a-r- c:\windows\system32\atl80.dll
2011-12-26 09:49 . 2005-09-22 22:05 626688 ----a-r- c:\windows\system32\msvcr80.dll
2011-12-26 09:49 . 2005-09-22 22:05 548864 ----a-r- c:\windows\system32\msvcp80.dll
2011-12-26 09:49 . 2005-09-23 00:16 1079808 ----a-r- c:\windows\system32\mfc80u.dll
2011-12-26 09:49 . 2011-12-26 09:57 -------- d-----w- c:\program files\OLYMPUS
2011-12-25 10:37 . 2001-08-17 13:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\program files\Hewlett-Packard
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\program files\HP Photo Creations
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2011-12-25 10:36 . 2012-01-02 19:15 -------- d-----w- c:\documents and settings\Wilsons\Application Data\HpUpdate
2011-12-25 10:35 . 2011-06-08 18:06 544616 ----a-w- c:\windows\system32\HPDiscoPMa011.dll
2011-12-25 10:35 . 2011-06-08 21:57 488296 ----a-w- c:\windows\system32\HPWia1_DJ3050A_J611.dll
2011-12-25 10:35 . 2011-06-08 21:57 1929576 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2011-12-25 10:35 . 2011-06-08 21:57 429928 ----a-w- c:\windows\system32\hpinkstsa011.dll
2011-12-25 10:35 . 2011-06-08 21:57 270696 ----a-w- c:\windows\system32\hpinkstsa011LM.dll
2011-12-25 10:35 . 2011-06-08 21:57 216424 ----a-w- c:\windows\system32\hpinkcoia011.dll
2011-12-25 10:33 . 2011-12-25 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-12-25 10:32 . 2011-12-25 10:36 -------- d-----w- c:\program files\HP
2011-12-24 13:33 . 2011-12-24 13:33 -------- d-----w- c:\documents and settings\Wilsons\Local Settings\Application Data\HP
2011-12-21 20:14 . 2011-12-26 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2011-12-21 20:13 . 2011-12-26 18:46 -------- d-----w- c:\program files\NCH Software
2011-12-21 20:13 . 2011-12-26 18:46 -------- d-----w- c:\documents and settings\Wilsons\Application Data\NCH Software
2011-12-21 19:49 . 2011-12-21 19:49 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Amazon
2011-12-21 18:28 . 2011-12-21 18:28 -------- d-----w- c:\program files\Amazon
2011-12-21 18:25 . 2011-12-21 18:25 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Windows Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 20:55 . 2011-11-16 20:55 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2011-11-16 20:55 . 2011-11-16 20:55 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-11-16 14:55 . 2011-11-16 14:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-05_21.21.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 01:07 . 2009-07-12 01:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 01:19 . 2009-07-12 01:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2009-07-11 19:41 . 2009-07-11 19:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2011-11-16 20:26 . 2009-08-06 19:24 53472 c:\windows\system32\wuauclt.exe
+ 2011-11-16 20:50 . 2008-11-07 18:55 26144 c:\windows\system32\spupdsvc.exe
- 2011-11-16 20:50 . 2009-05-12 15:12 26144 c:\windows\system32\spupdsvc.exe
+ 2006-02-28 12:00 . 2012-01-05 22:26 86656 c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2012-01-05 17:16 86656 c:\windows\system32\perfc009.dat
+ 2012-01-05 22:21 . 2011-08-17 12:57 75264 c:\windows\system32\nmwcdcls.dll
+ 2012-01-05 22:21 . 2008-08-26 10:26 18816 c:\windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.sys
+ 2012-01-05 22:21 . 2011-08-17 12:57 75264 c:\windows\system32\DRVSTORE\nmwcdnsuc_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdcls.dll
+ 2012-01-05 22:21 . 2011-08-17 12:57 75264 c:\windows\system32\DRVSTORE\nmwcdnsu_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdcls.dll
+ 2012-01-05 22:21 . 2011-08-17 12:57 75264 c:\windows\system32\DRVSTORE\ccdcmbo_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdcls.dll
+ 2012-01-05 22:21 . 2011-08-17 12:56 23168 c:\windows\system32\DRVSTORE\ccdcmbo_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\ccdcmbo.sys
+ 2012-01-05 22:21 . 2011-08-17 12:57 75264 c:\windows\system32\DRVSTORE\ccdcmb_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdcls.dll
+ 2012-01-05 22:21 . 2011-08-17 12:56 18176 c:\windows\system32\DRVSTORE\ccdcmb_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\ccdcmb.sys
+ 2009-07-14 10:35 . 2009-07-14 10:35 37608 c:\windows\system32\drivers\wdfldr.sys
+ 2012-01-05 22:21 . 2008-08-26 10:26 18816 c:\windows\system32\drivers\pccsmcfd.sys
+ 2012-01-05 22:21 . 2011-08-17 12:56 23168 c:\windows\system32\drivers\ccdcmbo.sys
+ 2012-01-05 22:21 . 2011-08-17 12:56 18176 c:\windows\system32\drivers\ccdcmb.sys
+ 2011-11-16 20:26 . 2009-08-06 19:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2006-02-28 12:00 . 2009-08-06 19:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2006-02-28 12:00 . 2009-08-06 19:24 96480 c:\windows\system32\cdm.dll
+ 2012-01-06 08:59 . 2006-02-28 12:00 36864 c:\windows\LastGood\system32\wups.dll
+ 2012-01-06 08:59 . 2006-02-28 12:00 66560 c:\windows\LastGood\system32\cdm.dll
+ 2012-01-05 22:21 . 2012-01-05 22:21 29184 c:\windows\Installer\1a74bd.msi
+ 2012-01-05 22:21 . 2012-01-05 22:21 78336 c:\windows\Installer\1a74b8.msi
+ 2012-01-05 22:22 . 2012-01-05 22:22 54489 c:\windows\Installer\{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}\ARPPRODUCTICON.exe
+ 2012-01-05 22:22 . 2012-01-05 22:22 10134 c:\windows\Installer\{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}\ARPPRODUCTICON.exe
+ 2012-01-05 22:21 . 2011-08-17 13:03 8576 c:\windows\system32\DRVSTORE\nmwcdnsuc_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdnsuc.sys
+ 2012-01-05 22:21 . 2011-08-17 12:56 8192 c:\windows\system32\DRVSTORE\ccdcmbm_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\usbser_lowerflt.sys
+ 2012-01-05 22:21 . 2011-08-17 12:56 8192 c:\windows\system32\DRVSTORE\ccdcmbj_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\usbser_lowerfltj.sys
+ 2012-01-05 22:21 . 2011-08-17 12:56 8192 c:\windows\system32\drivers\usbser_lowerfltj.sys
+ 2012-01-05 22:21 . 2011-08-17 12:56 8192 c:\windows\system32\drivers\usbser_lowerflt.sys
+ 2012-01-05 22:21 . 2011-08-17 13:03 8576 c:\windows\system32\drivers\nmwcdnsuc.sys
+ 2012-01-05 22:21 . 2012-01-05 22:21 3262 c:\windows\Installer\{AF88496B-4BBA-4922-97E9-2582D3A28358}\ARPPRODUCTICON.exe
+ 2009-07-12 01:12 . 2009-07-12 01:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 01:09 . 2009-07-12 01:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 01:08 . 2009-07-12 01:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2011-11-16 20:26 . 2009-08-06 19:24 327896 c:\windows\system32\wucltui.dll
+ 2011-11-16 20:26 . 2009-08-06 19:23 575704 c:\windows\system32\wuapi.dll
+ 2006-02-28 12:00 . 2012-01-05 22:26 502174 c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2012-01-05 17:16 502174 c:\windows\system32\perfh009.dat
+ 2012-01-05 22:21 . 2011-08-17 12:57 605696 c:\windows\system32\nmwcdcocls.dll
+ 2011-02-19 00:40 . 2011-02-19 00:40 773968 c:\windows\system32\msvcr100.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 421200 c:\windows\system32\msvcp100.dll
+ 2012-01-05 22:21 . 2011-01-03 14:50 592896 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\PCCSWpdDriver.dll
+ 2012-01-05 22:21 . 2011-08-17 13:03 137472 c:\windows\system32\DRVSTORE\nmwcdnsu_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdnsu.sys
+ 2012-01-05 22:21 . 2011-08-17 12:57 605696 c:\windows\system32\DRVSTORE\ccdcmb_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\nmwcdcocls.dll
+ 2012-01-05 22:21 . 2011-08-17 12:57 123904 c:\windows\system32\DRVSTORE\ccdcmb_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\ccdcmbwu.dll
+ 2009-07-14 10:35 . 2009-07-14 10:35 444136 c:\windows\system32\drivers\wdf01000.sys
+ 2012-01-05 22:21 . 2011-08-17 13:03 137472 c:\windows\system32\drivers\nmwcdnsu.sys
+ 2011-11-16 20:26 . 2009-08-06 19:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2011-11-16 20:26 . 2009-08-06 19:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2012-01-05 22:21 . 2011-08-17 12:57 123904 c:\windows\system32\ccdcmbwu.dll
+ 2011-02-19 23:03 . 2011-02-19 23:03 138056 c:\windows\system32\atl100.dll
+ 2012-01-06 08:59 . 2006-02-28 12:00 112640 c:\windows\LastGood\system32\wucltui.dll
+ 2012-01-06 08:59 . 2006-02-28 12:00 111104 c:\windows\LastGood\system32\wuauclt.exe
+ 2012-01-06 08:59 . 2006-02-28 12:00 430592 c:\windows\LastGood\system32\wuapi.dll
+ 2012-01-05 22:21 . 2012-01-05 22:21 496128 c:\windows\Installer\1a74c7.msi
+ 2012-01-05 22:21 . 2012-01-05 22:21 337408 c:\windows\Installer\1a74c2.msi
+ 2012-01-05 22:21 . 2012-01-05 22:21 215552 c:\windows\Installer\1a74ad.msi
+ 2012-01-05 22:21 . 2012-01-05 22:21 868864 c:\windows\Installer\1a74a8.msi
+ 2009-07-11 20:46 . 2009-07-11 20:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-11 20:46 . 2009-07-11 20:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2011-11-16 20:26 . 2009-08-06 19:23 1929952 c:\windows\system32\wuaueng.dll
+ 2012-01-05 22:21 . 2011-05-18 10:09 1461992 c:\windows\system32\wdfcoinstaller01009.dll
+ 2012-01-05 22:21 . 2011-01-03 13:05 1837296 c:\windows\system32\DRVSTORE\pccswpddri_58E92219CA3FF6890A1AA097BB664B7DC817D147\WUDFUpdate_01009.dll
+ 2012-01-05 22:21 . 2011-05-18 10:09 1461992 c:\windows\system32\DRVSTORE\ccdcmb_34D20FBA5015D947903A4F9DA9EDFC6C14206D0F\wdfcoinstaller01009.dll
+ 2011-11-16 20:26 . 2009-08-06 19:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
+ 2012-01-06 08:59 . 2006-02-28 12:00 1134592 c:\windows\LastGood\system32\wuaueng.dll
+ 2012-01-05 22:22 . 2012-01-05 22:22 1298432 c:\windows\Installer\1a74cd.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-05 17:26 1574240 ----a-w- c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll" [2012-01-05 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 1804648]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" [2011-08-03 231296]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2011-11-01 1053056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-12-17 40995440]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" [2011-08-03 55168]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-25 136192]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-05 892768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F6D4050\v1\BelkinWCUI.exe [2011-11-16 1077248]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Wilsons\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 01:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 06:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 06:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 01:14 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15:23 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17:21 249648]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [05/01/2012 17:26 869216]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 01:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 01:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 06:21 16720]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [16/11/2011 12:05 2135280]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 06:25 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\81.tmp --> c:\windows\system32\81.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [05/01/2012 22:21 137472]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [05/01/2012 22:21 8576]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [26/12/2011 09:52 21648]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 12:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003Core.job
- c:\documents and settings\Wilsons\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 12:33]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003UA.job
- c:\documents and settings\Wilsons\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 12:33]
.
2012-01-06 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-01-03 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-12-26 18:46]
.
2012-01-05 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18]
.
2011-11-25 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
2011-12-29 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-12-21 20:13]
.
2011-12-25 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-12-21 20:14]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-06 09:10
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\81.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2272)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-01-06 09:11:31
ComboFix-quarantined-files.txt 2012-01-06 09:11
ComboFix2.txt 2012-01-05 22:12
ComboFix3.txt 2012-01-05 21:21
.
Pre-Run: 940,283,355,136 bytes free
Post-Run: 940,269,600,768 bytes free
.
- - End Of File - - 61BC4B70479E9906D3C4AAAB698857B8

Thanks

Ok.All done.I see no more malware.Log looks good! All that was detected is now either in quarantine or system restore, both of which we'll be cleaning out in just a minute. Congratulations, well done.


Go to :
Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.


ComboFix /uninstall






Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.


Please download OTC to your desktop.


Double-click OTC to run it. (Vista users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


Here are some tips to reduce the potential for malware infection in the future; I strongly suggest that you read them and take them to heart so that you don't have to endure the process of cleaning your computer again.

Afterwork

Malware Prevention

How Did I Get Infected

More Tips on Prevention

=============================

Thanks for all of this - funnily enough when uninstalling COMbofix AVG detected two threats and removed to virus vault so now am in the process of installing one of the sites recomended firewalls, and am trying out Firefox!

Thanks once again - I have ordered the e-book as a token of my appreciation