Dear Forum Gurus,

My flatmate referred me to this site after you successfully solved a nasty problem with his machine, I hoped you might be able to assist me with a less bothersome issue. His thread is here:

http://forums.spybot.info/showthread.php?t=59598

The infection on my machine has been resident since July (before the above, and behaves differently): Internet explorer windows are launched in the background and disappear before I can see them. They are signalled by a flurry of page-change 'click's, loss of focus and the occasional explorer.exe in the processes tab of task manager. Around the time the infection became evident, I had issues with system volume being 0, but I have since recovered this.

It occasionally does things to get the attention of AVG, and the remnants of its activities are caught by Spybot S&D. I have in the past used MBAM, Kaspersky online scanner and Avira, but to little effect. Under advice from the internets, I have moved from using a main Administrator account to a normal User account in my name.

Thanks in advance for any help you can offer.

The logs requested, DDS first, then Spybot:


=== DDS


DDS (Ver_10-03-17.01) - NTFSx86
Run by Admin at 20:01:48.04 on 12/10/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2402 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Soluto\soluto.exe
C:\WINDOWS\Explorer.EXE
svchost.exe 4
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Soluto\SolutoService.exe
svchost.exe 4
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Desktop\WinSCP.exe
C:\Program Files\Notepad++\notepad++.exe
C:\Program Files\PuTTY\putty.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Admin\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\admin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [<NO NAME>]
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [NokiaMusic FastStart] "c:\program files\nokia\ovi player\NokiaOviPlayer.exe" /command:faststart
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221309503046
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\go35yxmx.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\admin\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-7-24 11608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-13 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-13 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-13 243024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-24 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-24 267432]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-24 60936]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2010-6-30 336728]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-9-12 176128]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2010-2-19 13532]
R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [2009-10-20 31872]
S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2010-7-31 179144]
S2 gupdate1c993a2ebec990a;Google Update Service (gupdate1c993a2ebec990a);c:\program files\google\update\GoogleUpdate.exe [2009-2-20 133104]
S3 Apache2.2;Apache2.2;c:\server\xampp\apache\bin\httpd.exe [2010-2-14 29416]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-11-24 25728]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 qcusbmdm6k;WP-S1 Proprietary USB Driver;c:\windows\system32\drivers\qcusbmdm6k.sys [2008-10-21 65024]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-7-20 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-7-20 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-7-20 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-7-20 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-7-20 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-7-20 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-7-20 115752]

=============== Created Last 30 ================

2010-10-01 07:16:22 0 d-----w- c:\docume~1\admin\applic~1\Avira
2010-09-26 17:56:17 599 ----a-w- c:\documents and settings\admin\_viminfo
2010-09-22 15:49:27 0 d-s---w- c:\documents and settings\admin\UserData
2010-09-22 10:39:19 0 d-----w- c:\program files\PC Connectivity Solution
2010-09-22 10:36:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Nokia
2010-09-22 10:36:11 0 d-----w- c:\docume~1\admin\applic~1\OpenOffice.org
2010-09-22 10:34:02 0 d-----w- c:\docume~1\admin\applic~1\Nokia Ovi Suite
2010-09-22 10:11:34 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-09-22 10:11:32 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-09-22 10:07:39 0 d-----w- c:\program files\common files\muvee Technologies
2010-09-22 10:05:04 0 d-----w- c:\program files\common files\Nokia
2010-09-22 10:04:07 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-09-22 10:04:06 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-09-22 10:04:05 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-09-22 10:04:03 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-09-22 10:04:03 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-09-22 10:04:02 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-09-22 10:03:20 0 d-----w- c:\docume~1\alluse~1\applic~1\NokiaInstallerCache

==================== Find3M ====================

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 17:11:54 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2006-06-23 06:48:54 32768 ----a-r- c:\windows\inf\UpdateUSB.exe

============= FINISH: 20:02:25.59 ===============





== Spybot


DoubleClick: Tracking cookie (Internet Explorer: Admin) (Cookie, nothing done)


DoubleClick: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


Tradedoubler: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


Tradedoubler: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


MediaPlex: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


MediaPlex: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


MediaPlex: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


FastClick: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


Tradedoubler: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


Adviva: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


Zedo: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


AdBrite: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


AdBrite: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


AdBrite: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


AdBrite: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


HitBox: Tracking cookie (Firefox: Admin (default)) (Cookie, nothing done)


AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


LinkSynergy: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


LinkSynergy: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


LinkSynergy: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


WebTrends live: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Adviva: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Adviva: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)


BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)



--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-07-12 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-06-29 Includes\Adware.sbi (*)
2010-08-24 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-09-22 Includes\Dialer.sbi (*)
2010-09-22 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-07-27 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-08-02 Includes\Keyloggers.sbi (*)
2010-08-31 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-09-13 Includes\Malware.sbi (*)
2010-10-05 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-10-05 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-07-27 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-06-29 Includes\Spyware.sbi (*)
2010-07-27 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-08-04 Includes\Trojans.sbi (*)
2010-09-28 Includes\TrojansC-02.sbi (*)
2010-07-28 Includes\TrojansC-03.sbi (*)
2010-09-28 Includes\TrojansC-04.sbi (*)
2010-10-05 Includes\TrojansC-05.sbi (*)
2010-09-13 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

hi japes,

Sorry for the delay. Your post is a few days old. If you still need help simply reply back.

No change to my situation, help much appreciated!

ok.we will get two downloads to use. The first is called combofix, the second is Malwarebytes. There is a guide to read first before you use combofix. Read through the guide and apply the directions on your own machine. Post the log in your next reply. Use combofix first followed by Malwarebytes.

Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

MBAM:

Please download the free version of Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

Dear Shelf Life,

Combofix and MBAM logs follow. Couple of things to note:

- My AVG (9.0) installation is corrupted in some way - I can't bring up the control panel, nor can I uninstall it, repair it or replace it with AVG2011. Thus I ran Combofix with it still on the machine, in some form. (I would like to get rid and install the newer version, but don't know how)

- Oddly my default browser changed away from Chrome in the course of running the two programs. Dunno what this means, if anything.

I'm yet to see any symptoms of the issue since running the above, but as it's kind of sporadic in it's nature I'll need to wait a bit before I'm sure there's been a change.

Let me know what the logs tell you!

Japes



== Combofix


ComboFix 10-10-15.03 - Admin 16/10/2010 13:21:32.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2809 [GMT 1:00]
Running from: c:\documents and settings\Admin\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\hpe29.dll

.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-09-16 to 2010-10-16 )))))))))))))))))))))))))))))))
.

2010-10-16 11:21 . 2010-10-16 11:21 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-10-16 11:03 . 2010-10-16 11:03 -------- d-----w- c:\program files\CCleaner
2010-10-16 10:18 . 2010-10-16 11:16 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-10-16 10:10 . 2010-10-16 10:10 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2010-10-15 06:58 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-10-15 06:58 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-15 06:58 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2010-10-05 18:16 . 2010-10-07 07:00 -------- d-----w- c:\documents and settings\Admin\Application Data\skypePM
2010-10-05 18:14 . 2010-10-07 07:12 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
2010-09-27 18:48 . 2010-09-27 18:48 -------- d-----w- c:\program files\ERUNT
2010-09-22 17:10 . 2010-09-22 17:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-09-22 17:10 . 2010-09-22 17:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-09-22 15:49 . 2010-09-22 15:49 -------- d-s---w- c:\documents and settings\Admin\UserData
2010-09-22 10:45 . 2010-09-22 10:45 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\IsolatedStorage
2010-09-22 10:39 . 2010-09-22 10:39 -------- d-----w- c:\program files\PC Connectivity Solution
2010-09-22 10:36 . 2010-09-22 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2010-09-22 10:36 . 2010-09-22 10:36 -------- d-----w- c:\documents and settings\Admin\Application Data\OpenOffice.org
2010-09-22 10:34 . 2010-09-22 10:34 -------- d-----w- c:\documents and settings\Admin\Application Data\Nokia Ovi Suite
2010-09-22 10:10 . 2010-09-22 10:34 -------- d-----w- c:\documents and settings\Admin\Application Data\Nokia
2010-09-22 10:07 . 2010-09-22 10:07 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-09-22 10:06 . 2010-09-22 10:57 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Nokia
2010-09-22 10:06 . 2010-09-22 10:14 -------- d-----w- c:\documents and settings\Admin\Application Data\PC Suite
2010-09-22 10:05 . 2010-09-22 10:40 -------- d-----w- c:\program files\Common Files\Nokia
2010-09-22 10:04 . 2010-02-26 13:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2010-09-22 10:04 . 2010-02-26 13:32 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2010-09-22 10:04 . 2010-02-26 13:32 22528 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2010-09-22 10:04 . 2010-02-26 13:32 662016 ----a-w- c:\windows\system32\nmwcdcocls.dll
2010-09-22 10:04 . 2010-02-26 13:32 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2010-09-22 10:04 . 2010-02-26 13:19 1461992 ----a-w- c:\windows\system32\wdfcoinstaller01009.dll
2010-09-18 11:23 . 2010-09-18 11:23 974848 -c----w- c:\windows\system32\dllcache\mfc42u.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 17:11 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-10-04 20:32 2067808 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Connectivity Suite]
2009-05-27 15:46 598016 ----a-r- c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-02-19 08:35 13500416 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-02-19 08:35 86016 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-02-19 08:35 1626112 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Documents and Settings\\Administrator\\My Documents\\Programming\\eclipse\\eclipse.exe"=
"c:\\Python26\\pythonw.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\grand theft auto san andreas\\gta-sa.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Notepad++\\notepad++.exe"=
"c:\\Program Files\\DC Software\\DL10XP.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Steam\\steamapps\\masterpeem\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\masterpeem\\counter-strike source\\hl2.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13/09/2008 00:45 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13/09/2008 00:45 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [15/07/2010 18:11 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/07/2010 18:11 308136]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [30/06/2010 16:08 336728]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [12/09/2008 20:12 176128]
R3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;c:\windows\system32\drivers\superwebcam.sys [20/10/2009 21:35 31872]
S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [31/07/2010 08:43 179144]
S2 gupdate1c993a2ebec990a;Google Update Service (gupdate1c993a2ebec990a);c:\program files\Google\Update\GoogleUpdate.exe [20/02/2009 22:33 133104]
S3 Apache2.2;Apache2.2;c:\server\xampp\apache\bin\httpd.exe [14/02/2010 19:35 29416]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [24/11/2009 00:16 25728]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 qcusbmdm6k;WP-S1 Proprietary USB Driver;c:\windows\system32\drivers\qcusbmdm6k.sys [21/10/2008 12:26 65024]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [20/07/2009 19:13 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [20/07/2009 19:13 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [20/07/2009 19:13 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [20/07/2009 19:13 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [20/07/2009 19:13 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [20/07/2009 19:13 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [20/07/2009 19:13 115752]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [19/02/2010 09:26 13532]
.
Contents of the 'Scheduled Tasks' folder

2010-10-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-20 20:32]

2010-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 21:33]

2010-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 21:33]

2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-776561741-839522115-1003Core.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-30 19:06]

2010-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-776561741-839522115-1003UA.job
- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-30 19:06]

2010-10-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-776561741-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-12 19:25]

2010-10-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-776561741-839522115-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-12 19:25]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\go35yxmx.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe


.
Completion time: 2010-10-16 13:37:21
ComboFix-quarantined-files.txt 2010-10-16 12:37

Pre-Run: 60,467,920,896 bytes free
Post-Run: 63,052,828,672 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 197DB605556DC2D15A238BC601A058CE



== MBAM



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4854

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

17/10/2010 01:21:18
mbam-log-2010-10-17 (01-21-18).txt

Scan type: Full scan (C:\|)
Objects scanned: 414890
Time elapsed: 1 hour(s), 38 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ok good. Combofix removed a nasty rootkit you had on board. Cruise around and make sure the signs are gone. AVG has a uninstaller tool (http://www.avg.com/us-en/download-tools) you can try.
Are you using the free version of AVG? In any case I wouldnt be without AV for long. Try the uninstaller then get the 2011 version installed, or another AV installed.

Uninstaller tool did the trick, thanks for the pointer. AVG2011 free now in place.

None of the previous signs of infection exist - is there anything I should do to check all is well/keep all well in future?

Thanks very much for your help, greatly appreciated.

We will get one more download to use as a check. Directions:

Please also download MBRCheck (http://ad13.geekstogo.com/MBRCheck.exe) to your desktop

* Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
* It will show a Black screen with some information that will contain either the below line if no problem is found:
Done! Press ENTER to exit...

* Or you will see more information like below if a problem is found:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

* Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
* MBRCheck will create a log on your desktop named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
* Attach this log to your next message.

You can also do a online scan

ESET (http://www.eset.com/onlinescan/) online scanner:

Use Internet Explorer
check "YES" to accept terms
click start button
allow the ActiveX component to install
click the start button. the Scanner will update.
check both "Remove found threats" and "Scan archives" Leave the defaults checked under Advanced settings
click scan. When it completes click "List found threats"
click "Export to text file.." and save it to your desktop. Post the saved log.
Click "back" and "finish"

Dear shelf life,

I ran MBRCheck with no issues, log attached.

I was unable to get ESET to run for me - no option to install the activeX (possibly as the only IE I have is ie6). Your message made this sound like it was not necessary - is it something I should still look to do?

Let me know if there's anything further required - from my point of view my system shown none of the previous signs of infection. I'd like to buy you a beer for your help - do pm me with paypal/account details so I can :beerbeerb:

Thanks again for your help!

You forgot to attach the MBR log. Eset should work with IE 6.0, I wouldnt worry about it. Do a scan with your AVG instead.
IE is up to 8.0 now. Do you have auto-updates turned on or do you visit Windows update? if not you need to so you can get "patched." The patches plug vulnerabilities that could under the right circumstances install malware to your machine.

Thanks for the offer, I do enjoy a good pint or three once in a while but I dont have a pay-pal account. If you like you can make a donation to SpyBot S&D.

Oops, log attached this time.

AVG scanned without issue.

I keep IE6 by choice - cross-browser check (and there really is nothing quite like ie6). As such, it's only used to visit my own pages. Does this still pose a risk? Do you know of better way to test in ie6 without risking its security issues? (not keen on browser-shots type of service, feedback not quick enough to develop with)

Auto-updates are turned on, and my XP should be as up to date as possible.

I'll go throw beer at spybot ...

IE 6.0 is fine as long as MS continues to support it with patches. As long as you have auto-updates on you should be golden. MS may pull support for it at some point though.
You can delete the MBRcheck icon form your desktop. You can remove combofix like this:
start>run and type in combofix /uninstall
click ok or enter
note the space after the x and before the /
Note that the free version of Malwarebytes must be updated manually and a scan started manually.

If all is good, some tips to help you remain malware free:

10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.

No software can think for you. Help yourself. In no special order:

1) It is essential to keep your OS (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us),(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for other web based applications like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Not sure if you are using the latest version of software? Check their version status here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.malwarevault.com/signs.html)that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. See also E-mail phishing Tricks (http://www.fraud.org/tips/internet/phishing.htm).

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.

8) Install and understand the *limitations* of a software firewall.

9) A tool (http://nsslabs.com/general/ie8-hardening-tool.html)for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's. Or see a slide show Here (http://threatpost.com/en_us/slideshow/How%20to%20configure%20Internet%20Explorer%20for%20secure%20surfing) and do it yourself. How to harden FireFox. (http://threatpost.com/en_us/slideshow/How-to-configure-Mozilla-Firefox-for-secure-surfing?utm_source=Second+Sidebar&utm_medium=Featured+Slideshows&utm_campaign=Configure+Mozilla+Firefox) for safer surfing.

10) Warez, cracks etc are very popular for carrying malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks you will encounter malware. Can you really trust the source of the file?


More info/tips with pictures in links below.

Happy Safe Surfing.