0

Good morning.
I read and followed the instructions posted on this site. I ran the Microsoft Malicious software removal tool and it identified the Alureon.h virus. I could not fully delete the virus as I was unable to access the Internet and get the rest of the manual steps to fully eradicate it. I was successful with the GMER and Malwarebytes, but the DDR program displays a message in Notepad and it looks like garbage. No DDR program runs as I checked. I am pasting the logs created by GMER and Malwarebytes here. I am also having to use another PC (lucky I have one) to send this as the infected PC cannot access the internet and I don't know enough to see why I can't.

I appreciate any help that can be given.

Cheers,
Ian

GMER One
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-09-05 16:01:31
Windows 5.1.2600 Service Pack 3
Running: u1munlx1.exe; Driver: C:\DOCUME~1\Nick\LOCALS~1\Temp\awnyiaob.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xEB11FB9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xEB11F9C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xEB11FAFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

GMER Two
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-05 19:12:31
Windows 5.1.2600 Service Pack 3
Running: u1munlx1.exe; Driver: C:\DOCUME~1\Nick\LOCALS~1\Temp\awnyiaob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEB112CD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEB112B8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xEB113142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEB11306C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEB112764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEB112C68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEB1126A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEB112708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEB112D88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xEB113210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEB112D48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEB112EC8]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEDDD3620]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xEB11FB9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xEB11F9C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xEB11FAFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\.application\bootstrap@ bootstrap.application.1
Reg HKLM\SOFTWARE\Classes\.xaml\bootstrap@ bootstrap.xaml.1
Reg HKLM\SOFTWARE\Classes\.xbap\bootstrap@ bootstrap.xbap.1
Reg HKLM\SOFTWARE\Classes\.xps\bootstrap@ bootstrap.xps.1
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0xF3 0x20 0x25 0xDC ...

---- EOF - GMER 1.0.15 ----

MBAM Log
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4550

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/6/2010 4:39:22 AM
mbam-log-2010-09-06 (04-39-22).txt

Scan type: Full scan (C:\|)
Objects scanned: 284916
Time elapsed: 9 hour(s), 24 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

3
Contributors
9
Replies
10
Views
6 Years
Discussion Span
Last Post by crunchie
0

I have also run HiJackThis and am posting the log. This program was run after the others listed in my previous post.
Cheers,
Ian


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:48 AM, on 9/6/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\QuickTime\QTTask .exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\ZyXEL\G-302v2\G-302v2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ZyXEL\G-302v2\tiwlnsvc.exe
C:\WINDOWS\System32\ups.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask .exe" -atboottime
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\ZyXEL\G-302v2\G-302v2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspce.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspce.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspce.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspce.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspce.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\lspce.dll
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/bingame/amad/default/atomaders.cab
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca1a0ed30463a8) (gupdate1ca1a0ed30463a8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\ZyXEL\G-302v2\tiwlnsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: My Current Home Page - About:Home

--
End of file - 11436 bytes

0

Please download ComboFix by sUBs from HERE or HERE

  • You must download it to and run it from your Desktop
  • Physically disconnect from the internet.
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply.
  • Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

0

Hello Crunchie and thanks for getting back to me so quickly.
I ran Combofix and it produced one log. It is pasted below.
I did not realise AVG is running automatically and was unable to uninstall it. It does not show up in the tray and so I did not realise it just keeps on running. There is no documentation on how to stop it either.
Otherwise ComboFix installed the Microsoft recovery console and appeared to run properly.
If you could, please let me know my next move.

Thanks very much,
Cheers,
Ian
ComboFix 10-09-04.06 - Nick 09/06/2010 11:21:57.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.555 [GMT -4:00]
Running from: c:\documents and settings\Nick\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\fsc.txt
c:\windows\system32\ide.txt
c:\windows\system32\lspCE.dll
c:\windows\system32\skinboxer43.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-06 to 2010-09-06 )))))))))))))))))))))))))))))))
.

2010-09-06 13:38 . 2010-09-06 13:38 -------- d-----w- c:\program files\Trend Micro
2010-09-06 12:40 . 2004-12-01 22:35 438912 ----a-w- c:\windows\system32\drivers\TNET1130.sys
2010-09-06 12:40 . 2004-11-04 22:55 94192 ----a-w- c:\windows\system32\drivers\FwRad17.bin
2010-09-06 12:40 . 2004-11-04 22:55 92836 ----a-w- c:\windows\system32\drivers\FwRad16.bin
2010-09-06 12:40 . 2010-09-06 12:40 -------- d-----w- c:\program files\ZyXEL
2010-09-05 19:27 . 2010-09-05 19:27 52480 ----a-w- c:\windows\system32\drivers\I8042PRT.SYS
2010-09-05 15:46 . 2010-09-05 19:50 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-29 00:06 . 2010-08-29 00:06 437 ----a-w- c:\program files\0828201020060393.bat
2010-08-29 00:02 . 2010-08-29 00:02 -------- d-----w- c:\documents and settings\Nick\Application Data\Oberon Media
2010-08-23 20:31 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-23 20:31 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-23 20:31 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-23 20:31 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-23 20:31 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-23 20:31 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-23 20:31 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-23 20:30 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-08-23 20:30 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-23 20:30 . 2010-08-23 20:30 -------- d-----w- c:\program files\Alwil Software
2010-08-23 20:30 . 2010-08-23 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 15:31 . 2009-09-20 15:52 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-06 15:12 . 2009-11-13 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-09-06 15:02 . 2009-01-27 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-06 14:24 . 2010-07-20 01:26 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-09-06 12:40 . 2005-04-08 14:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-04 15:13 . 2010-07-16 18:43 63488 ----a-w- c:\documents and settings\Nick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-04 15:13 . 2010-07-16 18:43 117760 ----a-w- c:\documents and settings\Nick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-03 14:20 . 2010-09-03 14:20 0 ----a-w- c:\windows\system32\lspCE.tmp
2010-09-02 00:09 . 2009-04-15 20:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-30 17:51 . 2010-06-24 16:53 466448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-29 00:06 . 2009-08-11 16:25 -------- d-----w- c:\program files\MSN Games
2010-08-29 00:02 . 2007-05-25 18:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-28 14:38 . 2010-07-16 18:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-06 00:51 . 2010-08-06 00:51 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-08-05 01:58 . 2005-08-14 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-08-05 01:58 . 2005-08-14 20:34 -------- d-----w- c:\program files\Viewpoint
2010-07-29 13:54 . 2009-11-19 15:02 -------- d-----w- c:\documents and settings\Nick\Application Data\WebEx
2010-07-29 13:54 . 2009-09-20 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-29 01:27 . 2005-05-08 02:54 -------- d-----w- c:\documents and settings\Nick\Application Data\AdobeUM
2010-07-20 00:52 . 2010-07-20 00:52 -------- d-----w- c:\documents and settings\Nick\Application Data\AVG9
2010-07-19 12:52 . 2008-06-14 19:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-19 12:52 . 2010-07-19 12:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-19 12:52 . 2008-06-14 19:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-19 12:52 . 2008-06-14 19:52 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-19 12:31 . 2005-04-17 00:10 -------- d-----w- c:\program files\QuickTime
2010-07-18 01:34 . 2010-07-17 14:09 112 ----a-w- c:\documents and settings\All Users\Application Data\lkHuwI.dat
2010-07-17 15:40 . 2009-06-21 19:03 -------- d-----w- c:\program files\iTunes
2010-07-16 18:43 . 2010-07-16 18:43 52224 ----a-w- c:\documents and settings\Nick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-16 18:42 . 2010-07-16 18:42 -------- d-----w- c:\documents and settings\Nick\Application Data\SUPERAntiSpyware.com
2010-07-16 18:42 . 2010-07-16 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-15 19:19 . 2009-11-14 02:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-15 19:19 . 2010-08-05 23:46 161834 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2010-07-04 00:50 . 2010-03-19 13:24 439816 ----a-w- c:\documents and settings\Nick\Application Data\Real\Update\setup3.10\setup.exe
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-04-09 01:07 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

<pre>
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\CyberLink\PowerDVD\PDVDServ .exe
c:\program files\Epson Software\Event Manager\EEventManager .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\MSI\Live Update 3\LMonitor .exe
c:\program files\QuickTime\QTTask     .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-28 2424560]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"TI WLAN"="c:\program files\ZyXEL\G-302v2\G-302v2.exe" [2005-05-31 1294336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]

c:\documents and settings\Nick\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-5-13 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-5-13 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-5-5 221247]
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2008-7-13 36864]
CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2005-4-8 826880]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-10-10 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-10-10 51984]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2008-7-13 36864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-19 12:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_DUPA30.EXE"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager .exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1037:TCP"= 1037:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/23/2010 4:31 PM 165456]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/14/2008 3:52 PM 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/14/2008 3:52 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 8:00 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/23/2010 4:31 PM 17744]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/19/2010 8:52 AM 308136]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [3/12/2009 5:36 PM 86016]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/13/2007 9:02 PM 24652]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [4/8/2005 9:52 PM 44032]
R3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [9/6/2010 8:40 AM 438912]
S1 modvzhuc;modvzhuc;\??\c:\windows\system32\drivers\modvzhuc.sys --> c:\windows\system32\drivers\modvzhuc.sys [?]
S2 gupdate1ca1a0ed30463a8;Google Update Service (gupdate1ca1a0ed30463a8);c:\program files\Google\Update\GoogleUpdate.exe [8/10/2009 7:03 PM 133104]
S3 aaudstum;aaudstum;\??\c:\docume~1\Nick\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\Nick\LOCALS~1\Temp\aaudstum.sys [?]
S3 Aox402Camera;Eye-Q Mini (Video);c:\windows\system32\drivers\aox402vc.sys [8/14/2005 8:27 PM 129084]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [7/28/2008 6:06 PM 2944]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\BrFiltLo.sys [7/28/2008 6:06 PM 12160]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\BrFiltUp.sys [7/28/2008 6:06 PM 3968]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [7/28/2008 6:06 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [7/28/2008 6:06 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [7/28/2008 6:06 PM 10368]
S3 HwIOctl;HwIOctl;\??\c:\program files\Setup Files\MS-7043 v2.00\HwIOctl.sys --> c:\program files\Setup Files\MS-7043 v2.00\HwIOctl.sys [?]
S3 SE402RefCameraStill;Eye-Q Mini (WDM);c:\windows\system32\drivers\aox402sc.sys [8/14/2005 8:28 PM 67332]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - RUSHTOPDEVICE
*Deregistered* - RushTopDevice

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 23:03]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 23:03]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.msn.com
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-06 11:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,bf,7a,0b,4d,69,a9,4a,bf,b5,db,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b3,bf,7a,0b,4d,69,a9,4a,bf,b5,db,\

[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
@DACL=(02 0000)
@="bootstrap.application.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap]
@DACL=(02 0000)
@="bootstrap.xps.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f3,20,25,dc,a2,62,81,ed,10,30,f9,e7,bd,fc,7e,29,73,ee,d2,a2,6a,
fa,fc,8e,cf,22,06,37,8d,ed,bf,cd,b8,c5,90,6e,98,37,23,8c,de,22,e7,62,36,57,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f3,20,25,dc,a2,62,81,ed,10,30,f9,e7,bd,fc,7e,29,73,ee,d2,a2,6a,
fa,fc,8e,cf,22,06,37,8d,ed,bf,cd,b8,c5,90,6e,98,37,23,8c,de,22,e7,62,36,57,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3932)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ZyXEL\G-302v2\tiwlnsvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\QuickTime\QTTask .exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-09-06 11:38:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-06 15:38

Pre-Run: 41,253,482,496 bytes free
Post-Run: 41,331,822,592 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 829C5B4CA5176332DD573D68B85E2C11

0

You must uninstall one of the AV programs as more than one running on one machine will cause conflicts.

==

1. Please open Notepad

  • Click Start , then Run
  • Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

RENV::
c:\program files\ATI Technologies\ATI Control Panel\atiptaxx .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\CyberLink\PowerDVD\PDVDServ .exe
c:\program files\Epson Software\Event Manager\EEventManager .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\MSI\Live Update 3\LMonitor .exe
c:\program files\QuickTime\QTTask     .exe

Reglock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap]
[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

[IMG]http://i5.photobucket.com/albums/y153/crunchie1/CFScript.gif[/IMG]


7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

  • Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

0

Win32/Alureon is a multi-component family of trojans involved in a broad range of subversive activities online in order to generate revenue from various sources for its controllers. Mostly, Win32/Alureon is associated with moderating affected user's activities online to the attacker's benefit.
Take the following steps to help prevent infection on your system:
Enable a firewall on your computer.
Get the latest computer updates for all your installed software.
Use up-to-date antivirus software.
Use caution when opening attachments and accepting file transfers.
Use caution when clicking on links to Web pages.
Avoid downloading pirated software.
Protect yourself against social engineering attacks.
Use strong passwords.

Enable a firewall on your computer

0

Hello crunchie and kristain,
Thanks again for your continuing help.
I am pasting the log from the ComboFix run after I created the .txt file per your instructions.

The computer is running with no problem since the first combofix run.

Thanks again,
Cheers,
Ian

ComboFix 10-09-04.06 - Nick 09/09/2010 14:30:33.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.511 [GMT -4:00]
Running from: c:\documents and settings\Nick\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nick\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-08-09 to 2010-09-09 )))))))))))))))))))))))))))))))
.

2010-09-06 17:35 . 2010-04-19 14:25 2117704 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-09-06 17:34 . 2010-09-06 17:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-09-06 13:38 . 2010-09-06 13:38 -------- d-----w- c:\program files\Trend Micro
2010-09-06 12:40 . 2004-12-01 22:35 438912 ----a-w- c:\windows\system32\drivers\TNET1130.sys
2010-09-06 12:40 . 2004-11-04 22:55 94192 ----a-w- c:\windows\system32\drivers\FwRad17.bin
2010-09-06 12:40 . 2004-11-04 22:55 92836 ----a-w- c:\windows\system32\drivers\FwRad16.bin
2010-09-06 12:40 . 2010-09-06 12:40 -------- d-----w- c:\program files\ZyXEL
2010-09-05 19:27 . 2010-09-05 19:27 52480 ----a-w- c:\windows\system32\drivers\I8042PRT.SYS
2010-09-05 15:46 . 2010-09-05 19:50 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-29 00:06 . 2010-08-29 00:06 437 ----a-w- c:\program files\0828201020060393.bat
2010-08-29 00:02 . 2010-08-29 00:02 -------- d-----w- c:\documents and settings\Nick\Application Data\Oberon Media
2010-08-23 20:31 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-08-23 20:31 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-08-23 20:31 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-08-23 20:31 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-08-23 20:31 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-08-23 20:31 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-23 20:31 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-08-23 20:30 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-08-23 20:30 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-08-23 20:30 . 2010-08-23 20:30 -------- d-----w- c:\program files\Alwil Software
2010-08-23 20:30 . 2010-08-23 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-09 18:30 . 2005-04-17 00:10 -------- d-----w- c:\program files\QuickTime
2010-09-09 18:30 . 2009-06-21 19:03 -------- d-----w- c:\program files\iTunes
2010-09-09 18:16 . 2009-09-20 15:52 -------- d-----w- c:\program files\Common Files\Akamai
2010-09-09 15:02 . 2009-01-27 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-08 20:10 . 2009-04-15 20:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-06 15:12 . 2009-11-13 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-09-06 14:24 . 2010-07-20 01:26 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2010-09-06 12:40 . 2005-04-08 14:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-04 15:13 . 2010-07-16 18:43 63488 ----a-w- c:\documents and settings\Nick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-04 15:13 . 2010-07-16 18:43 117760 ----a-w- c:\documents and settings\Nick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-03 14:20 . 2010-09-03 14:20 0 ----a-w- c:\windows\system32\lspCE.tmp
2010-08-30 17:51 . 2010-06-24 16:53 466448 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-29 00:06 . 2009-08-11 16:25 -------- d-----w- c:\program files\MSN Games
2010-08-29 00:02 . 2007-05-25 18:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-28 14:38 . 2010-07-16 18:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-06 00:51 . 2010-08-06 00:51 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-08-05 01:58 . 2005-08-14 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-08-05 01:58 . 2005-08-14 20:34 -------- d-----w- c:\program files\Viewpoint
2010-07-29 13:54 . 2009-11-19 15:02 -------- d-----w- c:\documents and settings\Nick\Application Data\WebEx
2010-07-29 13:54 . 2009-09-20 23:50 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-29 01:27 . 2005-05-08 02:54 -------- d-----w- c:\documents and settings\Nick\Application Data\AdobeUM
2010-07-20 00:52 . 2010-07-20 00:52 -------- d-----w- c:\documents and settings\Nick\Application Data\AVG9
2010-07-19 12:52 . 2008-06-14 19:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-19 12:52 . 2010-07-19 12:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-19 12:52 . 2008-06-14 19:52 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-19 12:52 . 2008-06-14 19:52 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-18 01:34 . 2010-07-17 14:09 112 ----a-w- c:\documents and settings\All Users\Application Data\lkHuwI.dat
2010-07-16 18:43 . 2010-07-16 18:43 52224 ----a-w- c:\documents and settings\Nick\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-16 18:42 . 2010-07-16 18:42 -------- d-----w- c:\documents and settings\Nick\Application Data\SUPERAntiSpyware.com
2010-07-16 18:42 . 2010-07-16 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-15 19:19 . 2009-11-14 02:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-15 19:19 . 2010-08-05 23:46 161834 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2010-07-04 00:50 . 2010-03-19 13:24 439816 ----a-w- c:\documents and settings\Nick\Application Data\Real\Update\setup3.10\setup.exe
2010-06-30 12:31 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-04-09 01:07 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-08-10 2349776]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-08-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask .exe -atboottime" [X]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"TI WLAN"="c:\program files\ZyXEL\G-302v2\G-302v2.exe" [2005-05-31 1294336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]

c:\documents and settings\Nick\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-5-13 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-5-13 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-5-5 221247]
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2008-7-13 36864]
CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2005-4-8 826880]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-10-10 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-10-10 51984]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2008-7-13 36864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-19 12:52 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_DUPA30.EXE"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8/23/2010 4:31 PM 165584]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/14/2008 3:52 PM 216400]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/14/2008 3:52 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 8:00 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/23/2010 4:31 PM 17744]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/19/2010 8:52 AM 308136]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/13/2007 9:02 PM 24652]
R3 GETNDIS;VIA Networking Velocity Family Giga-bit Ethernet Adapter Driver;c:\windows\system32\drivers\getnd5b.sys [4/8/2005 9:52 PM 44032]
R3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [9/6/2010 8:40 AM 438912]
S1 modvzhuc;modvzhuc;\??\c:\windows\system32\drivers\modvzhuc.sys --> c:\windows\system32\drivers\modvzhuc.sys [?]
S2 gupdate1ca1a0ed30463a8;Google Update Service (gupdate1ca1a0ed30463a8);c:\program files\Google\Update\GoogleUpdate.exe [8/10/2009 7:03 PM 133104]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [3/12/2009 5:36 PM 86016]
S3 aaudstum;aaudstum;\??\c:\docume~1\Nick\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\Nick\LOCALS~1\Temp\aaudstum.sys [?]
S3 Aox402Camera;Eye-Q Mini (Video);c:\windows\system32\drivers\aox402vc.sys [8/14/2005 8:27 PM 129084]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [9/6/2010 1:34 PM 430152]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [7/28/2008 6:06 PM 2944]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;c:\windows\system32\drivers\BrFiltLo.sys [7/28/2008 6:06 PM 12160]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;c:\windows\system32\drivers\BrFiltUp.sys [7/28/2008 6:06 PM 3968]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [7/28/2008 6:06 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [7/28/2008 6:06 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [7/28/2008 6:06 PM 10368]
S3 HwIOctl;HwIOctl;\??\c:\program files\Setup Files\MS-7043 v2.00\HwIOctl.sys --> c:\program files\Setup Files\MS-7043 v2.00\HwIOctl.sys [?]
S3 SE402RefCameraStill;Eye-Q Mini (WDM);c:\windows\system32\drivers\aox402sc.sys [8/14/2005 8:28 PM 67332]

--- Other Services/Drivers In Memory ---

*Deregistered* - PCAlertDriver
*Deregistered* - RushTopDevice

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2010-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 23:03]

2010-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-10 23:03]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.msn.com
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-09 14:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f3,20,25,dc,a2,62,81,ed,10,30,f9,e7,bd,fc,7e,29,73,ee,d2,a2,6a,
fa,fc,8e,cf,22,06,37,8d,ed,bf,cd,b8,c5,90,6e,98,37,23,8c,de,22,e7,62,36,57,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f3,20,25,dc,a2,62,81,ed,10,30,f9,e7,bd,fc,7e,29,73,ee,d2,a2,6a,
fa,fc,8e,cf,22,06,37,8d,ed,bf,cd,b8,c5,90,6e,98,37,23,8c,de,22,e7,62,36,57,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(592)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3132)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-09-09 14:45:16
ComboFix-quarantined-files.txt 2010-09-09 18:44
ComboFix2.txt 2010-09-06 15:38

Pre-Run: 48,908,251,136 bytes free
Post-Run: 48,919,650,304 bytes free

- - End Of File - - 3E19BC06CB446DDF9FC3A5317F819004

0

Looks good. Just do the following and you are free to go :):


  • Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

    ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

========

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC by OldTimer:
Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

0

Thanks very much for all your help. You have been a fantastic resource.
Cheers,
Ian

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.