Machine runs very slowwwww

[savanna]

My computer started running very slow. I ran Spybot but it didn't find anything. Malwarebytes found a few things and removed them, but it is still running very slow. Please help me make sure that I got rid of everything.

Thanks in advance.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Bob at 22:41:25 on 2011-11-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1182 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Documents and Settings\Bob\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\MiMedia LLC\MiMedia\MiMedia.exe
C:\Program Files\Omega Research\Program\orschd.exe
C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = c:\program files\common files\microsoft shared\stationery\Blank.htm
uStart Page = hxxp://twitter.com/
uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10211&home=1
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
mURLSearchHooks: H - No File
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Complitly: {d27fc31c-6e3d-4305-8d53-acdaefa5f862} - c:\documents and settings\bob\application data\complitly\Complitly.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\devices.exe" -RESTART
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [mylbx] c:\program files\my lockbox\mylbx.exe /a
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\aquari~1.lnk - c:\program files\aquarius soft\pc alarm clock pro\alarm.exe
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mimedia.lnk - c:\program files\mimedia llc\mimedia\MiMedia.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\omegar~1.lnk - c:\program files\omega research\program\orschd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 208.67.222.222 192.168.254.254
TCP: Interfaces\{1F50389D-8DEA-49E5-9593-FA09ACC3563A} : DhcpNameServer = 208.67.222.222 192.168.254.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\vw9a9lod.default\
FF - prefs.js: browser.search.selectedEngine - Complitly
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.searchcompletion.com/?bs=1&si=10211&q=
FF - plugin: c:\documents and settings\bob\application data\mozilla\firefox\profiles\vw9a9lod.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\NPDOC.DLL
FF - plugin: c:\program files\netscape\navigator\program\plugins\npdsplay.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\nprjplug.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\npwmsdrm.dll
.
---- FIREFOX POLICIES ----
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.insidefutures.com http://www.futuresknowledge.com
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2011-4-6 41912]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 CrossLoopService;CrossLoop Service;c:\documents and settings\bob\local settings\application data\crossloop\CrossLoopService.exe [2011-6-5 560880]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-5 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-7-13 47640]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-4 5120]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-5-10 127496]
S0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys --> c:\windows\system32\drivers\avgarkt.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\avgarcln.sys --> c:\windows\system32\drivers\AvgArCln.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest home edition\kerneld.wnt [2005-8-18 7168]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys --> c:\windows\system32\drivers\nlndis.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys --> c:\windows\system32\drivers\nlndis.sys [?]
S3 tvnserver;TightVNC Server;c:\documents and settings\bob\local settings\application data\crossloop\tvnserver.exe [2011-6-5 814080]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-11-13 00:29:51 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-11-13 00:27:28 98816 ----a-w- c:\windows\sed.exe
2011-11-13 00:27:28 518144 ----a-w- c:\windows\SWREG.exe
2011-11-13 00:27:28 256000 ----a-w- c:\windows\PEV.exe
2011-11-13 00:27:28 208896 ----a-w- c:\windows\MBR.exe
2011-11-12 19:52:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-12 13:55:53 -------- d-----w- c:\program files\8A95D
2011-11-12 13:55:42 -------- d-----w- c:\documents and settings\bob\application data\w55ssQJ7dELgRqh
2011-11-12 13:55:42 -------- d-----w- c:\documents and settings\bob\application data\UCwwkUVVrlNtP0
2011-11-12 13:55:25 -------- d-----w- c:\documents and settings\bob\application data\SPPP0ycA1ivDo
2011-11-12 13:55:25 -------- d-----w- c:\documents and settings\bob\application data\A448A
2011-11-12 13:55:21 -------- d-----w- c:\documents and settings\bob\application data\w88RRZ9hYw
2011-11-12 12:49:28 -------- d-----w- c:\program files\TS Support
2011-11-12 12:49:28 -------- d-----w- c:\documents and settings\bob\application data\TS Support
2011-11-12 12:48:35 -------- d-----w- c:\documents and settings\bob\local settings\application data\TS Support
2011-11-12 12:48:35 -------- d-----w- c:\documents and settings\all users\application data\TS Support
2011-11-04 12:59:00 -------- d-----w- c:\program files\MiMedia LLC
2011-11-04 12:59:00 -------- d-----w- c:\documents and settings\all users\application data\MiMedia
2011-11-04 00:07:09 -------- d-----w- C:\Junk Non-Backup
2011-10-29 11:09:04 -------- d-----w- C:\TV Shows to DVD
2011-10-28 21:22:25 -------- d-----w- c:\documents and settings\bob\application data\DVD Flick
2011-10-28 21:22:10 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2011-10-28 21:22:10 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2011-10-28 21:22:09 28672 ----a-w- c:\windows\system32\mousewheel.ocx
2011-10-28 21:22:09 -------- d-----w- c:\program files\DVD Flick
2011-10-28 21:00:48 -------- d-----w- c:\documents and settings\bob\application data\AnvSoft
2011-10-28 21:00:16 -------- d-----w- c:\program files\AnvSoft
.
==================== Find3M ====================
.
2011-10-19 10:21:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-05 20:06:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-05 20:06:11 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-10-05 20:06:09 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-10-05 20:06:08 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-10-04 11:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-19 15:01:27 121464 -c--a-w- c:\windows\system32\drivers\AnyDVD.sys
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2009-10-03 16:43:23 8410624 ----a-w- c:\program files\HTML Guardian 7.msi
.
============= FINISH: 22:43:22.53 ===============


http://forums.spybot.info/showthread.php?t=63898

[Blade81]

Hi

I think you missed Please do NOT run 'FIXES' (ComboFix etc) without being asked (ran ComboFix though it shouldn't be used without supervision) sticky.

Post c:\ComboFix.txt contents.

[savanna]

Yes, you caught me. The machine was behaving so poorly, and I desperately needed to use it, so I tried Combo Fix as a last resort. It actually took several attempts. Some in Safe Mode and some in Normal Mode. MalwareBytes found another three viruses yesterday, so I think something is still going on. Thank you very much for your help.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ComboFix 11-11-12.04 - Administrator 11/12/2011 22:09:32.16.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1689 [GMT -6:00]
Running from: c:\documents and settings\Administrator.INSPIRON\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\EA620A85E2A7A2E5.log
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Bob\g2mdlhlpx.exe
c:\program files\LP
c:\program files\LP\454A\172.tmp
c:\program files\LP\454A\175.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-13 to 2011-11-13 )))))))))))))))))))))))))))))))
.
.
2011-11-12 19:52 . 2011-11-12 19:53 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-12 13:55 . 2011-11-12 14:36 -------- d-----w- c:\program files\8A95D
2011-11-12 12:49 . 2011-11-12 12:49 -------- d-----w- c:\program files\TS Support
2011-11-12 12:48 . 2011-11-12 12:48 -------- d-----w- c:\documents and settings\Bob\Local Settings\Application Data\TS Support
2011-11-12 12:48 . 2011-11-12 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\TS Support
2011-11-04 12:59 . 2011-11-04 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MiMedia
2011-11-04 12:59 . 2011-11-04 12:59 -------- d-----w- c:\program files\MiMedia LLC
2011-11-04 00:07 . 2011-11-04 12:46 -------- d-----w- C:\Junk Non-Backup
2011-10-29 11:09 . 2011-11-04 00:10 -------- d-----w- C:\TV Shows to DVD
2011-10-28 21:22 . 2007-08-31 23:36 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2011-10-28 21:22 . 2003-01-26 18:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2011-10-28 21:22 . 2011-10-28 21:22 -------- d-----w- c:\program files\DVD Flick
2011-10-28 21:22 . 2008-08-31 18:27 28672 ----a-w- c:\windows\system32\mousewheel.ocx
2011-10-28 21:00 . 2011-10-28 21:00 -------- d-----w- c:\program files\AnvSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 10:21 . 2011-05-19 10:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2008-01-13 03:20 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 11:23 . 2011-01-07 11:41 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-05 20:06 . 2010-07-13 10:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-05 20:06 . 2010-07-13 10:48 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-10-05 20:06 . 2010-07-13 10:48 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-10-05 20:06 . 2010-07-13 10:48 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-10-04 11:21 . 2011-02-10 12:53 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 11:30 . 2011-01-19 09:32 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 22:00 . 2011-04-10 21:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2011-08-19 15:01 . 2011-08-19 15:01 121464 -c--a-w- c:\windows\system32\drivers\AnyDVD.sys
2011-08-17 13:49 . 2004-08-04 10:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2009-10-03 16:43 . 2009-10-03 16:43 8410624 ----a-w- c:\program files\HTML Guardian 7.msi
2011-05-19 20:22 . 2009-08-20 23:58 113976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2011-07-21 20:16 . 2009-08-20 23:58 550712 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-08-20 23:58 . 2009-08-20 23:58 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2011-11-10 20:18 . 2011-05-07 00:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_MonitoredFolder]
@="{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}"
[HKEY_CLASSES_ROOT\CLSID\{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}]
2011-09-22 21:20 930704 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_SynchronizationPending]
@="{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}"
[HKEY_CLASSES_ROOT\CLSID\{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}]
2011-09-22 21:20 930704 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_Synchronized]
@="{69DE75F6-60E6-4E55-B416-171941A5C73E}"
[HKEY_CLASSES_ROOT\CLSID\{69DE75F6-60E6-4E55-B416-171941A5C73E}]
2011-09-22 21:20 930704 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-05 16859648]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-01-20 2245984]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2005-02-16 221184]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2011-03-27 1900864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-21 13895272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-05-21 111208]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MiMedia.lnk - c:\program files\MiMedia LLC\MiMedia\MiMedia.exe [2011-9-22 55696]
Omega Research Task Scheduler.lnk - c:\program files\Omega Research\Program\orschd.exe [2008-3-19 148480]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [N/A]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-10-05 20:06 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\1stWORKS\\hotCommCL\\BIN\\HotComm.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\NinjaTrader 7\\bin\\NinjaTrader.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
"5910:TCP"= 5910:TCP:vnc5910
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 3:32 AM 32592]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [4/6/2011 1:37 PM 41912]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 230608]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 6:54 AM 295248]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
S2 CrossLoopService;CrossLoop Service;c:\documents and settings\Bob\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [6/5/2011 7:49 AM 560880]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/5/2010 6:39 PM 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/27/2010 11:22 AM 12856]
S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/4/2004 4:00 AM 5120]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3/30/2011 4:17 PM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 16720]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/18/2005 7168]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
S3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 4:13 PM 1553896]
S3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [5/10/2009 3:26 PM 127496]
S3 tvnserver;TightVNC Server;c:\documents and settings\Bob\Local Settings\Application Data\CrossLoop\tvnserver.exe [6/5/2011 7:49 AM 814080]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-13 c:\windows\Tasks\User_Feed_Synchronization-{1FF685FF-AF79-4E0B-A492-555956BF9C7C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 208.67.222.222 192.168.254.254
FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\
FF - prefs.js: browser.search.selectedEngine - Complitly
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.searchcompletion.com/?bs=1&si=10211&q=
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.insidefutures.com http://www.futuresknowledge.com
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-12 22:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\wkep
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,0a,01,d4,80,3d,38,45,8c,08,d6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5a,0a,01,d4,80,3d,38,45,8c,08,d6,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(256)
c:\windows\system32\LMIinit.dll
c:\windows\system32\l3codeca.acm
.
Completion time: 2011-11-12 22:24:18
ComboFix-quarantined-files.txt 2011-11-13 04:24
ComboFix2.txt 2011-09-30 00:13
.
Pre-Run: 10,701,320,192 bytes free
Post-Run: 10,661,699,584 bytes free
.
- - End Of File - - 253879DE25AF71D304D305AF02634DC0

[Blade81]

Hi,

Post Malwarebytes log contents here, please.

[savanna]

I did 3 scans yesterday.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8166

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

11/16/2011 10:28:26 AM
mbam-log-2011-11-16 (10-28-26).txt

Scan type: Full scan (C:\|)
Objects scanned: 379058
Time elapsed: 1 hour(s), 30 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Privacy Protection (Rogue.PrivacyProtection) -> Value: Privacy Protection -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\privacy.exe (Rogue.PrivacyProtection) -> Quarantined and deleted successfully.
c:\documents and settings\Bob\local settings\temp\16C.tmp (Rogue.PrivacyProtection) -> Quarantined and deleted successfully.
c:\documents and settings\Bob\local settings\temp\~!#16A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8178

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/16/2011 4:45:34 PM
mbam-log-2011-11-16 (16-45-34).txt

Scan type: Full scan (C:\|)
Objects scanned: 376847
Time elapsed: 1 hour(s), 40 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Bob\local settings\temp\~!#168.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Bob\local settings\temp\~!#169.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Bob\local settings\temp\0.8538213704063087gtye.exe (Trojan.Downloader.adb) -> Quarantined and deleted successfully.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8178

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/16/2011 6:29:23 PM
mbam-log-2011-11-16 (18-29-23).txt

Scan type: Full scan (C:\|)
Objects scanned: 377193
Time elapsed: 1 hour(s), 38 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[Blade81]

Hi,

Run ComboFix and let it update itself. Post back the log + fresh dds logs.

[savanna]

ComboFix 11-11-17.03 - Bob 11/17/2011 11:27:15.15.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1511 [GMT -6:00]
Running from: c:\documents and settings\Bob\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Desktop\Privacy Protection.lnk
c:\documents and settings\Bob\Start Menu\Programs\AV Security 2012
c:\windows\$NtUninstallKB22685$
c:\windows\$NtUninstallKB22685$\793840843
c:\windows\CSC\d6
c:\windows\EA620A85E2A7A2E5.log
.
.
((((((((((((((((((((((((( Files Created from 2011-10-17 to 2011-11-17 )))))))))))))))))))))))))))))))
.
.
2011-11-13 15:50 . 2011-11-13 19:08 -------- d-----w- C:\! What If Bob Dies
2011-11-13 00:29 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-11-12 13:55 . 2011-11-12 14:36 -------- d-----w- c:\program files\8A95D
2011-11-12 13:55 . 2011-11-12 13:55 -------- d-----w- c:\documents and settings\Bob\Application Data\UCwwkUVVrlNtP0
2011-11-12 13:55 . 2011-11-12 13:55 -------- d-----w- c:\documents and settings\Bob\Application Data\w55ssQJ7dELgRqh
2011-11-12 13:55 . 2011-11-12 14:36 -------- d-----w- c:\documents and settings\Bob\Application Data\A448A
2011-11-12 13:55 . 2011-11-12 13:55 -------- d-----w- c:\documents and settings\Bob\Application Data\SPPP0ycA1ivDo
2011-11-12 13:55 . 2011-11-12 13:55 -------- d-----w- c:\documents and settings\Bob\Application Data\w88RRZ9hYw
2011-11-12 12:49 . 2011-11-12 12:49 -------- d-----w- c:\program files\TS Support
2011-11-12 12:49 . 2011-11-12 12:49 -------- d-----w- c:\documents and settings\Bob\Application Data\TS Support
2011-11-12 12:48 . 2011-11-12 12:48 -------- d-----w- c:\documents and settings\Bob\Local Settings\Application Data\TS Support
2011-11-12 12:48 . 2011-11-12 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\TS Support
2011-11-04 12:59 . 2011-11-04 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\MiMedia
2011-11-04 12:59 . 2011-11-04 12:59 -------- d-----w- c:\program files\MiMedia LLC
2011-11-04 00:07 . 2011-11-04 12:46 -------- d-----w- C:\Junk Non-Backup
2011-10-29 11:09 . 2011-11-04 00:10 -------- d-----w- C:\TV Shows to DVD
2011-10-28 21:22 . 2011-10-30 01:08 -------- d-----w- c:\documents and settings\Bob\Application Data\DVD Flick
2011-10-28 21:22 . 2011-10-28 21:22 -------- d-----w- c:\program files\DVD Flick
2011-10-28 21:22 . 2008-08-31 18:27 28672 ----a-w- c:\windows\system32\mousewheel.ocx
2011-10-28 21:00 . 2011-10-28 21:00 -------- d-----w- c:\documents and settings\Bob\Application Data\AnvSoft
2011-10-28 21:00 . 2011-10-28 21:00 -------- d-----w- c:\program files\AnvSoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-16 11:44 . 2011-05-19 10:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2008-01-13 03:20 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 11:23 . 2011-01-07 11:41 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-05 20:06 . 2010-07-13 10:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-05 20:06 . 2010-07-13 10:48 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-10-05 20:06 . 2010-07-13 10:48 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-10-05 20:06 . 2010-07-13 10:48 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-10-04 11:21 . 2011-02-10 12:53 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41 . 2008-07-30 01:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-04 10:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-04 10:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 11:30 . 2011-01-19 09:32 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20 . 2004-08-04 10:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 22:00 . 2011-04-10 21:40 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-04 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-04 10:00 385024 ----a-w- c:\windows\system32\html.iec
2009-10-03 16:43 . 2009-10-03 16:43 8410624 ----a-w- c:\program files\HTML Guardian 7.msi
2011-05-19 20:22 . 2009-08-20 23:58 113976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2011-07-21 20:16 . 2009-08-20 23:58 550712 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-08-20 23:58 . 2009-08-20 23:58 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2011-11-10 20:18 . 2011-05-07 00:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_MonitoredFolder]
@="{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}"
[HKEY_CLASSES_ROOT\CLSID\{C00213B1-77A8-4F0E-B740-0B36FBF7FAE7}]
2011-09-22 21:20 930704 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_SynchronizationPending]
@="{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}"
[HKEY_CLASSES_ROOT\CLSID\{FAD5EA38-2D1D-485D-9B07-D35EB72B922E}]
2011-09-22 21:20 930704 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\_MiMediaFiles_Synchronized]
@="{69DE75F6-60E6-4E55-B416-171941A5C73E}"
[HKEY_CLASSES_ROOT\CLSID\{69DE75F6-60E6-4E55-B416-171941A5C73E}]
2011-09-22 21:20 930704 ----a-w- c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-10-11 5389944]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26103592]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2011-07-07 9245096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-05 16859648]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-01-20 2245984]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2005-02-16 221184]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]
"mylbx"="c:\program files\My Lockbox\mylbx.exe" [2011-03-27 1900864]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-10-25 2415456]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-21 13895272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-05-21 111208]
.
c:\documents and settings\Bob\Start Menu\Programs\Startup\
Aquarius Soft PC Alarm Clock Pro.lnk - c:\program files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe [2011-9-10 937984]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MiMedia.lnk - c:\program files\MiMedia LLC\MiMedia\MiMedia.exe [2011-9-22 55696]
Omega Research Task Scheduler.lnk - c:\program files\Omega Research\Program\orschd.exe [2008-3-19 148480]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [N/A]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-10-05 20:06 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=DrvTrNTm.dll
"wave"=DrvTrNTm.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\1stWORKS\\hotCommCL\\BIN\\HotComm.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\hkcmd.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\NinjaTrader 7\\bin\\NinjaTrader.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\CrossLoop\\vncviewer.exe"=
"c:\\Documents and Settings\\Bob\\Local Settings\\Application Data\\CrossLoop\\tvnserver.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)
"5910:TCP"= 5910:TCP:vnc5910
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2/22/2011 7:13 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [1/19/2011 3:32 AM 32592]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [4/6/2011 1:37 PM 41912]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [1/7/2011 5:41 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/10/2011 6:54 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 5:09 AM 192776]
R2 CrossLoopService;CrossLoop Service;c:\documents and settings\Bob\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [6/5/2011 7:49 AM 560880]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [10/5/2010 6:39 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [1/27/2010 11:22 AM 12856]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [8/4/2004 4:00 AM 5120]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [12/20/2007 4:13 PM 1553896]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [5/10/2009 3:26 PM 127496]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 5:25 AM 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [3/30/2011 4:17 PM 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2/10/2011 6:53 AM 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2/10/2011 6:53 AM 16720]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/18/2005 7168]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys --> c:\windows\system32\DRIVERS\nlndis.sys [?]
S3 tvnserver;TightVNC Server;c:\documents and settings\Bob\Local Settings\Application Data\CrossLoop\tvnserver.exe [6/5/2011 7:49 AM 814080]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-17 c:\windows\Tasks\User_Feed_Synchronization-{1FF685FF-AF79-4E0B-A492-555956BF9C7C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\program files\Common Files\Microsoft Shared\Stationery\Blank.htm
uStart Page = hxxp://twitter.com/
uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10211&home=1
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Bob\Application Data\Mozilla\Firefox\Profiles\vw9a9lod.default\
FF - prefs.js: browser.search.selectedEngine - Complitly
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.searchcompletion.com/?bs=1&si=10211&q=
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.insidefutures.com http://www.futuresknowledge.com
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-17 11:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\wkep
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(2684)
c:\windows\system32\WININET.dll
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\program files\MiMedia LLC\MiMedia\MiMedia_ShellExtensions.dll
c:\program files\MiMedia LLC\MiMedia\sqlite3.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\program files\Hotspot Shield\bin\hsswd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msdtc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
.
**************************************************************************
.
Completion time: 2011-11-17 11:50:59 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-17 17:50
ComboFix2.txt 2011-11-13 04:24
ComboFix3.txt 2011-09-30 00:13
.
Pre-Run: 11,401,965,568 bytes free
Post-Run: 11,458,584,576 bytes free
.
- - End Of File - - 2974B3510F27E8C8A192E873BD83E13C

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25
Run by Bob at 12:58:26 on 2011-11-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1258 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Documents and Settings\Bob\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\MiMedia LLC\MiMedia\MiMedia.exe
C:\Program Files\Omega Research\Program\orschd.exe
C:\Program Files\Aquarius Soft\PC Alarm Clock Pro\alarm.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = c:\program files\common files\microsoft shared\stationery\Blank.htm
uStart Page = hxxp://twitter.com/
uDefault_Search_URL = hxxp://search.searchcompletion.com/?si=10211&home=1
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10591&gct=&gc=1&q=%s
mURLSearchHooks: H - No File
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\SnagItIEAddin.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [DriverMax_RESTART] "c:\program files\innovative solutions\drivermax\devices.exe" -RESTART
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Norton Ghost 14.0] "c:\program files\norton ghost\agent\VProTray.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [mylbx] c:\program files\my lockbox\mylbx.exe /a
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\aquari~1.lnk - c:\program files\aquarius soft\pc alarm clock pro\alarm.exe
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\bob\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mimedia.lnk - c:\program files\mimedia llc\mimedia\MiMedia.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\omegar~1.lnk - c:\program files\omega research\program\orschd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/TechConsole/x86/RescueControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} - hxxps://secure.logmein.com/activex/RACtrl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1F50389D-8DEA-49E5-9593-FA09ACC3563A} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\bob\application data\mozilla\firefox\profiles\vw9a9lod.default\
FF - prefs.js: browser.search.selectedEngine - Complitly
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.searchcompletion.com/?bs=1&si=10211&q=
FF - plugin: c:\documents and settings\bob\application data\mozilla\firefox\profiles\vw9a9lod.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\NPDOC.DLL
FF - plugin: c:\program files\netscape\navigator\program\plugins\npdsplay.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\nprjplug.dll
FF - plugin: c:\program files\netscape\navigator\program\plugins\npwmsdrm.dll
.
---- FIREFOX POLICIES ----
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.insidefutures.com http://www.futuresknowledge.com
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2011-4-6 41912]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 295248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 CrossLoopService;CrossLoop Service;c:\documents and settings\bob\local settings\application data\crossloop\CrossLoopService.exe [2011-6-5 560880]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-5 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-7-13 47640]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2004-8-4 5120]
R3 SymSnapService;SymSnapService;c:\program files\norton ghost\shared\drivers\SymSnapService.exe [2007-12-20 1553896]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2009-5-10 127496]
S0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys --> c:\windows\system32\drivers\avgarkt.sys [?]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\avgarcln.sys --> c:\windows\system32\drivers\AvgArCln.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" --> c:\program files\lavasoft\ad-aware\AAWService.exe [?]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134608]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\lavalys\everest home edition\kerneld.wnt [2005-8-18 7168]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys --> c:\windows\system32\drivers\nlndis.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys --> c:\windows\system32\drivers\nlndis.sys [?]
S3 tvnserver;TightVNC Server;c:\documents and settings\bob\local settings\application data\crossloop\tvnserver.exe [2011-6-5 814080]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-11-13 15:50:17 -------- d-----w- C:\! What If Bob Dies
2011-11-13 00:29:51 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2011-11-13 00:27:28 98816 ----a-w- c:\windows\sed.exe
2011-11-13 00:27:28 518144 ----a-w- c:\windows\SWREG.exe
2011-11-13 00:27:28 256000 ----a-w- c:\windows\PEV.exe
2011-11-13 00:27:28 208896 ----a-w- c:\windows\MBR.exe
2011-11-12 13:55:53 -------- d-----w- c:\program files\8A95D
2011-11-12 13:55:42 -------- d-----w- c:\documents and settings\bob\application data\w55ssQJ7dELgRqh
2011-11-12 13:55:42 -------- d-----w- c:\documents and settings\bob\application data\UCwwkUVVrlNtP0
2011-11-12 13:55:25 -------- d-----w- c:\documents and settings\bob\application data\SPPP0ycA1ivDo
2011-11-12 13:55:25 -------- d-----w- c:\documents and settings\bob\application data\A448A
2011-11-12 13:55:21 -------- d-----w- c:\documents and settings\bob\application data\w88RRZ9hYw
2011-11-12 12:49:28 -------- d-----w- c:\program files\TS Support
2011-11-12 12:49:28 -------- d-----w- c:\documents and settings\bob\application data\TS Support
2011-11-12 12:48:35 -------- d-----w- c:\documents and settings\bob\local settings\application data\TS Support
2011-11-12 12:48:35 -------- d-----w- c:\documents and settings\all users\application data\TS Support
2011-11-04 12:59:00 -------- d-----w- c:\program files\MiMedia LLC
2011-11-04 12:59:00 -------- d-----w- c:\documents and settings\all users\application data\MiMedia
2011-11-04 00:07:09 -------- d-----w- C:\Junk Non-Backup
2011-10-29 11:09:04 -------- d-----w- C:\TV Shows to DVD
2011-10-28 21:22:25 -------- d-----w- c:\documents and settings\bob\application data\DVD Flick
2011-10-28 21:22:10 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2011-10-28 21:22:10 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2011-10-28 21:22:09 28672 ----a-w- c:\windows\system32\mousewheel.ocx
2011-10-28 21:22:09 -------- d-----w- c:\program files\DVD Flick
2011-10-28 21:00:48 -------- d-----w- c:\documents and settings\bob\application data\AnvSoft
2011-10-28 21:00:16 -------- d-----w- c:\program files\AnvSoft
.
==================== Find3M ====================
.
2011-11-16 11:44:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-05 20:06:12 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-10-05 20:06:11 52096 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-10-05 20:06:09 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-10-05 20:06:08 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-10-04 11:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2009-10-03 16:43:23 8410624 ----a-w- c:\program files\HTML Guardian 7.msi
.
============= FINISH: 12:58:40.25 ===============

[Blade81]

Hi,

Download GMER here by clicking download exe -button and then saving it your desktop:

• Double-click .exe that you downloaded
• Click rootkit-tab, uncheck files option and then click scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

[savanna]

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-17 15:28:28
Windows 5.1.2600 Service Pack 3
Running: z8e5lspy.exe; Driver: C:\DOCUME~1\Bob\LOCALS~1\Temp\axryrpog.sys


---- System - GMER 1.0.15 ----

SSDT speb.sys ZwCreateKey [0xB7EB50E0]
SSDT speb.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT speb.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT speb.sys ZwOpenKey [0xB7EB50C0]
SSDT speb.sys ZwQueryKey [0xB7ECE20A]
SSDT speb.sys ZwQueryValueKey [0xB7ECE08A]
SSDT speb.sys ZwSetValueKey [0xB7ECE29C]

INT 0x73 ? 8AB12BF8
INT 0x73 ? 8AB12BF8
INT 0x73 ? 8AB12BF8
INT 0x73 ? 8AB12BF8
INT 0x73 ? 8AAA1BF8
INT 0x73 ? 8AAA1BF8
INT 0x73 ? 8AB12BF8
INT 0x94 ? 8AAA1BF8
INT 0xA4 ? 8AAA1BF8
INT 0xB4 ? 8AAA1BF8

---- Kernel code sections - GMER 1.0.15 ----

? speb.sys The system cannot find the file specified. !
? Combo-Fix.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB661F3A0, 0x88C445, 0xE8000020]
.text USBPORT.SYS!DllUnload B65BE8AC 5 Bytes JMP 8AAA11D8
.text aoj5nz7h.SYS B634F386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text aoj5nz7h.SYS B634F3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text aoj5nz7h.SYS B634F3C4 3 Bytes [00, 80, 02]
.text aoj5nz7h.SYS B634F3C9 1 Byte [30]
.text aoj5nz7h.SYS B634F3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Bob\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] speb.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] speb.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] speb.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] speb.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] speb.sys
IAT \SystemRoot\System32\Drivers\aoj5nz7h.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\aoj5nz7h.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\aoj5nz7h.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\aoj5nz7h.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\aoj5nz7h.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\aoj5nz7h.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\aoj5nz7h.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\aoj5nz7h.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\aoj5nz7h.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\aoj5nz7h.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\aoj5nz7h.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\aoj5nz7h.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\aoj5nz7h.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\aoj5nz7h.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\aoj5nz7h.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AAA01F8

AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-0 8A4B11F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8AAA21F8
Device \Driver\dmio \Device\DmControl\DmConfig 8AAA21F8
Device \Driver\dmio \Device\DmControl\DmPnP 8AAA21F8
Device \Driver\dmio \Device\DmControl\DmInfo 8AAA21F8
Device \Driver\usbuhci \Device\USBPDO-1 8A4B11F8
Device \Driver\PCI_PNP1316 \Device\00000052 speb.sys
Device \Driver\usbuhci \Device\USBPDO-2 8A4B11F8
Device \Driver\usbehci \Device\USBPDO-3 8A4B2500
Device \Driver\usbehci \Device\USBPDO-4 8A4B2500

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 8A4B11F8
Device \Driver\usbuhci \Device\USBPDO-6 8A4B11F8
Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device 8AB131F8

AttachedDevice symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \Driver\usbuhci \Device\USBPDO-7 8A4B11F8
Device \Driver\Cdrom \Device\CdRom0 8A486500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A486500
Device \Driver\Cdrom \Device\CdRom2 8A486500
Device \Driver\NetBT \Device\NetBt_Wins_Export 89A6F1F8
Device \Driver\sptd \Device\3912411316 speb.sys
Device \Driver\NetBT \Device\NetbiosSmb 89A6F1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{1F50389D-8DEA-49E5-9593-FA09ACC3563A} 89A6F1F8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 8A4B11F8
Device \Driver\usbuhci \Device\USBFDO-1 8A4B11F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89A5D1F8
Device \Driver\usbuhci \Device\USBFDO-2 8A4B11F8
Device 89A5D1F8
Device \Driver\usbehci \Device\USBFDO-3 8A4B2500
Device \Driver\usbuhci \Device\USBFDO-4 8A4B11F8
Device \Driver\Ftdisk \Device\FtControl 8AB131F8
Device \Driver\usbuhci \Device\USBFDO-5 8A4B11F8
Device \Driver\usbuhci \Device\USBFDO-6 8A4B11F8
Device \Driver\usbehci \Device\USBFDO-7 8A4B2500
Device \Driver\aoj5nz7h \Device\Scsi\aoj5nz7h1Port4Path0Target0Lun0 8A3AF500
Device \Driver\aoj5nz7h \Device\Scsi\aoj5nz7h1 8A3AF500
Device \Driver\aoj5nz7h \Device\Scsi\aoj5nz7h1Port4Path0Target1Lun0 8A3AF500
Device rdpdr.sys (Microsoft RDP Device redirector/Microsoft Corporation)
Device 89039500
Device AF465297
Device \FileSystem\Cdfs \Cdfs 8A0F93B8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x54 0x55 0x2F 0x27 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x7D 0xF3 0x29 0x5D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x07 0x1E 0x7E 0x11 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2B 0x58 0x6B 0xDB ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFE 0xC7 0xB7 0xD1 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7D 0x2C 0xA8 0x1A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1921846974
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1918445637
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0x79 0xE3 0xAC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x95 0xDE 0xDC 0x4E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0x73 0x64 0xC5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x45 0xEE 0x6C 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2B 0x58 0x6B 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFE 0xC7 0xB7 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7D 0x2C 0xA8 0x1A ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0xDA 0xDE 0x3A ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x95 0xDE 0xDC 0x4E ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0x73 0x64 0xC5 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x45 0xEE 0x6C 0x16 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x2B 0x58 0x6B 0xDB ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFE 0xC7 0xB7 0xD1 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7D 0x2C 0xA8 0x1A ...

---- EOF - GMER 1.0.15 ----

[Blade81]

Hi,

1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)