trojan.sirefef and others! HELP [Archive]

PolarisRich

2012-05-23, 18:39

Hi,

I have a trojan.sirefef.bv virus on my computer. The virus has been detected mostly in c:/windows/system32 and and it has now disabled my internet connection and sound system from working.

I tried earlier system restoring without succeeding and downloaded another anti-virus program that did not clear the virus either.

I would be grateful for any help in this matter. Please let me know what information you need in order for you to understand more of the problem.

DDS

DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Jennifer at 12:39:26 on 2012-05-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2330 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\dlbtcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
\??\C:\Program Files\AVG\AVG10\avgrsx.exe
\??\C:\Program Files\AVG\AVG10\avgchsvx.exe
\??\C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ca.my.yahoo.com/
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [DLBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBTtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1302067894281
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{AE224C3B-6282-446B-B538-AE5B314698FF} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B9F9ADB8-D1F1-4C0B-BCB2-364B53C26776} : DHCPNameServer = 192.168.2.1
Handler: intu-tt2010 - {97A0575E-2309-4e75-8509-B1F9390C4DE7} - c:\program files\turbotax 2010\ic2010pp.dll
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\turbotax 2011\ic2011pp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2011-4-6 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-4-6 67656]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-6 366152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-6 22216]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys --> c:\windows\system32\drivers\avgrkx86.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-13 136176]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-13 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\avgidseh.sys --> c:\windows\system32\drivers\AVGIDSEH.Sys [?]
S4 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys --> c:\windows\system32\drivers\avgtdix.sys [?]
.
=============== Created Last 30 ================
.
2012-05-23 16:10:25 98816 ----a-w- c:\windows\sed.exe
2012-05-23 16:10:25 256000 ----a-w- c:\windows\PEV.exe
2012-05-23 16:10:25 208896 ----a-w- c:\windows\MBR.exe
2012-04-23 16:47:01 -------- d-sha-r- C:\cmdcons
.
==================== Find3M ====================
.
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 12:39:32.03 ===============

PolarisRich

2012-05-23, 19:08

Here's the Combofix Log

ComboFix 12-05-23.04 - Jennifer 23/05/2012 12:41:35.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2303 [GMT -4:00]
Running from: j:\dcim\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 )))))))))))))))))))))))))))))))
.
.
2012-05-23 14:07 . 2012-05-23 14:14 -------- d-----w- c:\documents and settings\Administrator
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-11 13:14 . 2008-04-14 04:54 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2008-04-14 05:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-01 11:01 . 2008-04-14 09:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-03-01 11:01 . 2008-04-14 09:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2008-04-14 09:41 43520 ------w- c:\windows\system32\licmgr10.dll
2012-02-29 14:10 . 2008-04-14 09:42 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 09:41 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 04:07 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-23_16.23.32 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2012-05-23 16:09 96298 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2012-05-23 16:27 96298 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2012-05-23 16:27 559564 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2012-05-23 16:09 559564 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2007-02-22 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-22 05:05 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2012-01-06 21:30 1446760 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
2008-08-13 19:34 1891416 ----a-w- c:\program files\Garmin\Training Center\gStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 21:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 21:00 449608 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-09-01 22:47 90448 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-17 19:56 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\RUNSAS.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\WINDOWS\\system32\\dlbtcoms.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\digital imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1040:TCP"= 1040:TCP:Akamai NetSession Interface
"1:TCP"= 1:TCP:Photosmart A640 series "Serial Port"
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/01/2011 06:41 AM 248656]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [06/04/2011 03:32 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [06/04/2011 03:32 PM 67656]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [09/03/2011 07:24 PM 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31/01/2012 04:02 PM 7391072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 05:33 AM 269520]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [06/04/2011 02:41 AM 366152]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [27/05/2011 07:05 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10/02/2011 07:53 AM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10/02/2011 07:53 AM 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [06/04/2011 02:41 AM 22216]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 02:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13/04/2011 04:49 PM 136176]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/07/2010 07:33 AM 30432]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13/04/2011 04:49 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [15/04/2011 05:42 PM 47360]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 02:16 PM 753504]
S4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
S4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 94741808
*Deregistered* - 94741808
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NWUSBPort
tcpip6
tmlisten
pensup
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 20:49]
.
2012-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 20:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ca.my.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
Handler: intu-tt2011 - {B3B5DAD9-E96D-45b4-B636-B6CF2F773DE1} - c:\program files\TurboTax 2011\ic2011pp.dll
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-23 12:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(21904)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-05-23 13:07:27
ComboFix-quarantined-files.txt 2012-05-23 17:07
ComboFix2.txt 2012-05-23 16:27
ComboFix3.txt 2012-04-23 17:09
.
Pre-Run: 155,236,474,880 bytes free
Post-Run: 155,214,917,632 bytes free
.
- - End Of File - - 79385BE4588C174C34FE7FA67EE97936

-------------------

Edit

FYI: :-)

"BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288 )

Please DO NOT RUN ComboFix without being asked (http://forums.spybot.info/showthread.php?t=16806 )