Hi Pancake, here it is:
ComboFix 12-01-05.02 - Wilsons 05/01/2012 22:06:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3549.3079 [GMT 0:00]
Running from: c:\documents and settings\Wilsons\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wilsons\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2012-01-05 17:33 . 2012-01-05 17:33 -------- d-----w- c:\documents and settings\Wilsons\Application Data\AVG2012
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\documents and settings\Wilsons\Application Data\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\program files\AVG Secure Search
2012-01-05 17:25 . 2012-01-05 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-01-05 17:25 . 2012-01-05 17:35 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-05 15:15 . 2006-02-28 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2012-01-05 15:14 . 2006-02-28 12:00 369664 -c--a-w- c:\windows\system32\dllcache\asp51.dll
2012-01-05 14:53 . 2006-02-28 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-01-05 14:53 . 2006-02-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-01-05 14:53 . 2006-02-28 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-01-05 14:53 . 2006-02-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-01-05 14:52 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET8D.tmp
2012-01-05 14:52 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET52.tmp
2012-01-05 14:52 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET46.tmp
2012-01-05 14:52 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET43.tmp
2012-01-05 10:50 . 2006-02-28 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-01-05 10:50 . 2006-02-28 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2012-01-05 10:27 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET8C.tmp
2012-01-05 10:27 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET51.tmp
2012-01-05 10:27 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET45.tmp
2012-01-05 10:27 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET42.tmp
2012-01-05 10:19 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET120.tmp
2012-01-05 10:19 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SETE5.tmp
2012-01-05 10:19 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SETD9.tmp
2012-01-05 10:19 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SETD6.tmp
2012-01-04 08:46 . 2012-01-04 08:46 -------- d-----w- C:\_OTL
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Malwarebytes
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-03 11:52 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 16:08 . 2012-01-02 16:08 -------- d-----w- c:\program files\Sophos
2011-12-28 16:26 . 2011-12-28 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2011-12-26 09:58 . 2011-12-26 09:58 -------- d-----w- c:\documents and settings\Wilsons\Local Settings\Application Data\OLYMPUS
2011-12-26 09:52 . 2011-12-26 09:52 -------- d-----w- c:\program files\DIFX
2011-12-26 09:52 . 2009-09-10 15:58 29328 ----a-w- c:\windows\system32\OlyClsInstCC.dll
2011-12-26 09:52 . 2009-09-10 15:58 21648 ----a-w- c:\windows\system32\drivers\OlyCamComm.sys
2011-12-26 09:49 . 2011-12-26 09:49 -------- d-----w- c:\program files\MSXML 4.0
2011-12-26 09:49 . 2005-09-22 22:07 95744 ----a-r- c:\windows\system32\atl80.dll
2011-12-26 09:49 . 2005-09-22 22:05 626688 ----a-r- c:\windows\system32\msvcr80.dll
2011-12-26 09:49 . 2005-09-22 22:05 548864 ----a-r- c:\windows\system32\msvcp80.dll
2011-12-26 09:49 . 2005-09-23 00:16 1079808 ----a-r- c:\windows\system32\mfc80u.dll
2011-12-26 09:49 . 2011-12-26 09:57 -------- d-----w- c:\program files\OLYMPUS
2011-12-25 10:37 . 2001-08-17 13:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\program files\Hewlett-Packard
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\program files\HP Photo Creations
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2011-12-25 10:36 . 2012-01-02 19:15 -------- d-----w- c:\documents and settings\Wilsons\Application Data\HpUpdate
2011-12-25 10:35 . 2011-06-08 18:06 544616 ----a-w- c:\windows\system32\HPDiscoPMa011.dll
2011-12-25 10:35 . 2011-06-08 21:57 488296 ----a-w- c:\windows\system32\HPWia1_DJ3050A_J611.dll
2011-12-25 10:35 . 2011-06-08 21:57 1929576 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2011-12-25 10:35 . 2011-06-08 21:57 429928 ----a-w- c:\windows\system32\hpinkstsa011.dll
2011-12-25 10:35 . 2011-06-08 21:57 270696 ----a-w- c:\windows\system32\hpinkstsa011LM.dll
2011-12-25 10:35 . 2011-06-08 21:57 216424 ----a-w- c:\windows\system32\hpinkcoia011.dll
2011-12-25 10:33 . 2011-12-25 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-12-25 10:32 . 2011-12-25 10:36 -------- d-----w- c:\program files\HP
2011-12-24 13:33 . 2011-12-24 13:33 -------- d-----w- c:\documents and settings\Wilsons\Local Settings\Application Data\HP
2011-12-21 20:14 . 2011-12-26 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2011-12-21 20:13 . 2011-12-26 18:46 -------- d-----w- c:\program files\NCH Software
2011-12-21 20:13 . 2011-12-26 18:46 -------- d-----w- c:\documents and settings\Wilsons\Application Data\NCH Software
2011-12-21 19:49 . 2011-12-21 19:49 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Amazon
2011-12-21 18:28 . 2011-12-21 18:28 -------- d-----w- c:\program files\Amazon
2011-12-21 18:25 . 2011-12-21 18:25 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Windows Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 20:55 . 2011-11-16 20:55 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2011-11-16 20:55 . 2011-11-16 20:55 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-11-16 14:55 . 2011-11-16 14:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-05 17:26 1574240 ----a-w- c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll" [2012-01-05 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 1804648]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" [2011-08-03 231296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-12-17 40995440]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" [2011-08-03 55168]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-25 136192]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-05 892768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F6D4050\v1\BelkinWCUI.exe [2011-11-16 1077248]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Wilsons\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 01:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 06:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 06:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 01:14 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17:21 249648]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [05/01/2012 17:26 869216]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 01:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 01:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 06:21 16720]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [16/11/2011 12:05 2135280]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 06:25 4433248]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15:23 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\81.tmp --> c:\windows\system32\81.tmp [?]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [26/12/2011 09:52 21648]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 12:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003Core.job
- c:\documents and settings\Wilsons\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 12:33]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003UA.job
- c:\documents and settings\Wilsons\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 12:33]
.
2012-01-05 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-01-03 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-12-26 18:46]
.
2012-01-05 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18]
.
2011-11-25 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
2011-12-29 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-12-21 20:13]
.
2011-12-25 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-12-21 20:14]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-05 22:11
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\81.tmp"
.
Completion time: 2012-01-05 22:12:29
ComboFix-quarantined-files.txt 2012-01-05 22:12
ComboFix2.txt 2012-01-05 21:21
.
Pre-Run: 941,177,196,544 bytes free
Post-Run: 941,163,724,800 bytes free
.
- - End Of File - - AEB7147C6787BC1E175C666889472A3C
Thanks
ComboFix 12-01-05.02 - Wilsons 05/01/2012 22:06:34.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3549.3079 [GMT 0:00]
Running from: c:\documents and settings\Wilsons\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wilsons\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\At1.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2012-01-05 17:33 . 2012-01-05 17:33 -------- d-----w- c:\documents and settings\Wilsons\Application Data\AVG2012
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\documents and settings\Wilsons\Application Data\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-01-05 17:26 . 2012-01-05 17:26 -------- d-----w- c:\program files\AVG Secure Search
2012-01-05 17:25 . 2012-01-05 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-01-05 17:25 . 2012-01-05 17:35 -------- d-----w- c:\windows\system32\drivers\AVG
2012-01-05 15:15 . 2006-02-28 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2012-01-05 15:14 . 2006-02-28 12:00 369664 -c--a-w- c:\windows\system32\dllcache\asp51.dll
2012-01-05 14:53 . 2006-02-28 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2012-01-05 14:53 . 2006-02-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2012-01-05 14:53 . 2006-02-28 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2012-01-05 14:53 . 2006-02-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2012-01-05 14:52 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET8D.tmp
2012-01-05 14:52 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET52.tmp
2012-01-05 14:52 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET46.tmp
2012-01-05 14:52 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET43.tmp
2012-01-05 10:50 . 2006-02-28 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2012-01-05 10:50 . 2006-02-28 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2012-01-05 10:27 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET8C.tmp
2012-01-05 10:27 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SET51.tmp
2012-01-05 10:27 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SET45.tmp
2012-01-05 10:27 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SET42.tmp
2012-01-05 10:19 . 2006-02-28 12:00 14573 ----a-r- c:\windows\SET120.tmp
2012-01-05 10:19 . 2006-02-28 12:00 13753 ----a-r- c:\windows\SETE5.tmp
2012-01-05 10:19 . 2006-02-28 12:00 1086058 ----a-r- c:\windows\SETD9.tmp
2012-01-05 10:19 . 2006-02-28 12:00 1042903 ----a-r- c:\windows\SETD6.tmp
2012-01-04 08:46 . 2012-01-04 08:46 -------- d-----w- C:\_OTL
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Malwarebytes
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-03 11:52 . 2012-01-03 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-01-03 11:52 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-02 16:08 . 2012-01-02 16:08 -------- d-----w- c:\program files\Sophos
2011-12-28 16:26 . 2011-12-28 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2011-12-26 09:58 . 2011-12-26 09:58 -------- d-----w- c:\documents and settings\Wilsons\Local Settings\Application Data\OLYMPUS
2011-12-26 09:52 . 2011-12-26 09:52 -------- d-----w- c:\program files\DIFX
2011-12-26 09:52 . 2009-09-10 15:58 29328 ----a-w- c:\windows\system32\OlyClsInstCC.dll
2011-12-26 09:52 . 2009-09-10 15:58 21648 ----a-w- c:\windows\system32\drivers\OlyCamComm.sys
2011-12-26 09:49 . 2011-12-26 09:49 -------- d-----w- c:\program files\MSXML 4.0
2011-12-26 09:49 . 2005-09-22 22:07 95744 ----a-r- c:\windows\system32\atl80.dll
2011-12-26 09:49 . 2005-09-22 22:05 626688 ----a-r- c:\windows\system32\msvcr80.dll
2011-12-26 09:49 . 2005-09-22 22:05 548864 ----a-r- c:\windows\system32\msvcp80.dll
2011-12-26 09:49 . 2005-09-23 00:16 1079808 ----a-r- c:\windows\system32\mfc80u.dll
2011-12-26 09:49 . 2011-12-26 09:57 -------- d-----w- c:\program files\OLYMPUS
2011-12-25 10:37 . 2001-08-17 13:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\program files\Hewlett-Packard
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\program files\HP Photo Creations
2011-12-25 10:36 . 2011-12-25 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2011-12-25 10:36 . 2012-01-02 19:15 -------- d-----w- c:\documents and settings\Wilsons\Application Data\HpUpdate
2011-12-25 10:35 . 2011-06-08 18:06 544616 ----a-w- c:\windows\system32\HPDiscoPMa011.dll
2011-12-25 10:35 . 2011-06-08 21:57 488296 ----a-w- c:\windows\system32\HPWia1_DJ3050A_J611.dll
2011-12-25 10:35 . 2011-06-08 21:57 1929576 ----a-w- c:\windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2011-12-25 10:35 . 2011-06-08 21:57 429928 ----a-w- c:\windows\system32\hpinkstsa011.dll
2011-12-25 10:35 . 2011-06-08 21:57 270696 ----a-w- c:\windows\system32\hpinkstsa011LM.dll
2011-12-25 10:35 . 2011-06-08 21:57 216424 ----a-w- c:\windows\system32\hpinkcoia011.dll
2011-12-25 10:33 . 2011-12-25 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2011-12-25 10:32 . 2011-12-25 10:36 -------- d-----w- c:\program files\HP
2011-12-24 13:33 . 2011-12-24 13:33 -------- d-----w- c:\documents and settings\Wilsons\Local Settings\Application Data\HP
2011-12-21 20:14 . 2011-12-26 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2011-12-21 20:13 . 2011-12-26 18:46 -------- d-----w- c:\program files\NCH Software
2011-12-21 20:13 . 2011-12-26 18:46 -------- d-----w- c:\documents and settings\Wilsons\Application Data\NCH Software
2011-12-21 19:49 . 2011-12-21 19:49 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Amazon
2011-12-21 18:28 . 2011-12-21 18:28 -------- d-----w- c:\program files\Amazon
2011-12-21 18:25 . 2011-12-21 18:25 -------- d-----w- c:\documents and settings\Wilsons\Application Data\Windows Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 20:55 . 2011-11-16 20:55 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2011-11-16 20:55 . 2011-11-16 20:55 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-11-16 14:55 . 2011-11-16 14:55 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-05 17:26 1574240 ----a-w- c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\9.0.0.23\AVG Secure Search_toolbar.dll" [2012-01-05 1574240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 1804648]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" [2011-08-03 231296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2010-12-17 40995440]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe" [2011-08-03 55168]
"Olympus ib"="c:\program files\Olympus\ib\olycamdetect.exe" [2010-09-30 93360]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2010-07-01 220336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-25 136192]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-01-05 892768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless Networking Utility.lnk - c:\program files\Belkin\F6D4050\v1\BelkinWCUI.exe [2011-11-16 1077248]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\Wilsons\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 01:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 06:30 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/10/2011 06:23 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/07/2011 01:14 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17:21 249648]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe [05/01/2012 17:26 869216]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 01:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 01:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 06:21 16720]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [16/11/2011 12:05 2135280]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 06:25 4433248]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15:23 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\81.tmp --> c:\windows\system32\81.tmp [?]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [26/12/2011 09:52 21648]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [28/02/2006 12:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003Core.job
- c:\documents and settings\Wilsons\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 12:33]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-484061587-682003330-1003UA.job
- c:\documents and settings\Wilsons\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 12:33]
.
2012-01-05 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\documents and settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-01-03 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2011-12-26 18:46]
.
2012-01-05 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18]
.
2011-11-25 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
2011-12-29 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2011-12-21 20:13]
.
2011-12-25 c:\windows\Tasks\wavepadShakeIcon.job
- c:\program files\NCH Software\WavePad\wavepad.exe [2011-12-21 20:14]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-05 22:11
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\81.tmp"
.
Completion time: 2012-01-05 22:12:29
ComboFix-quarantined-files.txt 2012-01-05 22:12
ComboFix2.txt 2012-01-05 21:21
.
Pre-Run: 941,177,196,544 bytes free
Post-Run: 941,163,724,800 bytes free
.
- - End Of File - - AEB7147C6787BC1E175C666889472A3C
Thanks