Inactive XP antivirus (ave.exe)

[Inactive] XP antivirus (ave.exe)

Have a problem with this XP antivirus that keeps starting up. It looks official but is false and it has switched my firewall off.

I have searched on the internet for this virus and it looks like it has been arond before wit the general concensus that Malwarebytes removes it. I have an old setup file on my PC which I tried running too install but after the confirm to run install it then does nothing.

I downloaded a new copy but the same happens. I tried renaming and running from safe mode but still the same issue. Have been to the Malwayre bytes site but nothing there has helped me solve this problem.

I am currently doing a system scan with SUPER antispyware and Avira (my antivirus that is always running) but nothing thus far and to be honest I am not holding out a huge amount of hope on these.

Any ideas?

 

Please read the post here; http://www.windowsbbs.com/malware-virus-removal/announcements.html then post the logs requested.

 

DDS.txt


DDS (Ver_10-03-17.01) - NTFSx86
Run by spare 1 at 13:55:24.70 on 26/04/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.369 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR DESKTOP\AVGNT.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 8.0\ACROBAT\ACROTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\NOKIA\MPLATFORM\NOKIAMSERVER.EXE
C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMINDEXSTORESVR.EXE
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Dell\RAID Storage Manager\StorServ.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUMENTS AND SETTINGS\SPARE 1\DESKTOP\DDS.EXE
C:\Documents and Settings\spare 1\Local Settings\Application Data\ave.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMINDEXSTORESVR.EXE" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\spare 1\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [<NO NAME>]
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [PMA_ENT] c:\program files\antimalware pro\AntiMalwarePro.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTASK.EXE" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://wow.wiltshire.gov.uk/dana/download/icaweb.cab?url=/dana/term/winlaunchterm.cgi?op=DownloadCitrixCab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204056491812
DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - hxxp://launch.gamespyarcade.com/software/launch/alaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AD58C149-8AE2-4878-99DC-3A164E32F814} - hxxp://appsnet.bentley.com/myselectcd/SAXFileEE.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://wow.wiltshire.gov.uk/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 AFAmgt;AFAmgt;c:\windows\system32\drivers\afamgt.sys [2004-4-21 92411]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-17 11608]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-3-15 58984]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-15 116328]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-12-16 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-17 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-17 185089]
R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2004-2-8 118784]
R2 AsfAlrt;AsfAlrt;c:\windows\system32\drivers\Asfalrt.sys [2002-12-18 36064]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-17 56816]
R2 RAIDStorAgent;RAID Storage Manager Agent;c:\program files\dell\raid storage manager\StorServ.exe [2004-6-16 49152]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-3-15 779496]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
R3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);c:\windows\system32\drivers\webc3vid.sys [2008-3-30 166504]
R3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [2005-1-3 15104]
S2 gupdate1c9c0f24b9fdc5a;Google Update Service (gupdate1c9c0f24b9fdc5a);c:\program files\google\update\GoogleUpdate.exe [2009-4-19 133104]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\progra~1\belkin\belkin~1.11g\DNINDIS5.SYS [2008-3-30 17149]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 12872]
S3 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]

============== File Associations ===============

.exe=secfile
.scr=AutoCADScriptFile

=============== Created Last 30 ================

2010-04-26 07:01:52 0 d-----w- c:\docume~1\spare1~1\applic~1\AVP 2009
2010-04-26 06:27:56 5550080 ----a-w- c:\documents and settings\spare 1\ntuser.tmp
2010-04-08 08:53:59 0 d-----w- c:\program files\Dotted Eyes
2010-04-08 08:53:58 0 d-----w- c:\program files\common files\Dotted Eyes

==================== Find3M ====================

2010-04-05 10:13:20 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-05 10:13:11 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-10 17:39:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-03-10 17:39:49 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-03-10 17:39:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-03-10 17:39:11 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-20 17:22:59 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-01 13:06:30 5487 ----a-w- c:\windows\system32\WING32.zip
2010-01-17 12:39:07 32768 --sha-w- c:\windows\system32\config\systemprofile\application data\microsoft\internet explorer\userdata\index.dat
2010-01-21 18:12:18 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-10-10 19:55:37 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101020081011\index.dat
2010-01-13 12:20:13 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010011320100114\index.dat
2010-01-13 15:30:18 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010011420100115\index.dat

============= FINISH: 13:56:48.39 ===============











attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 03/01/2005 13:48:35
System Uptime: 26/04/2010 13:45:43 (0 hours ago)

Motherboard: Dell Inc. | | 0P7996
Processor: Intel(R) Xeon(TM) CPU 2.80GHz | Microprocessor | 2793/800mhz
Processor: Intel(R) Xeon(TM) CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 69 GiB total, 19.493 GiB free.
D: is CDROM ()
E: is CDROM ()
G: is FIXED (NTFS) - 233 GiB total, 94.604 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia N9a5
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N95
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

3dsmax ancillary install
7-Zip 4.57
AAC Decoder
AC3Filter (remove only)
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.4 Professional
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.4
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Any DWF to DWG Converter 2010
Apple Mobile Device Support
Apple Software Update
AutoCAD 2008 - English
Autodesk 3ds Max 9 32-bit
Autodesk Design Review 2010
Autodesk Ecotect v5.60 (rc2)
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Backburner
BBC iPlayer Download Manager
Belkin 802.11g Wireless PCI Card
Bentley Architecture US Ncs Dataset V8 XM Edition (V 08.09.04.09) - 1
Bentley Architecture V8 XM Edition (V 08.09.04.33) - 1
Bentley MicroStation V8 XM Edition 08.09.04.51
Bentley MicroStation V8i 08.11.05.17
Bentley TriForma V8 XM Edition (V 08.09.04.63) - 1
Bing Maps 3D
Bonjour
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
Canon Utilities PhotoStitch 3.1
Citrix Presentation Server Web Client for Win32
Company of Heroes
Company of Heroes - FAKEMSI
Convert AVI to MP4 1.3
Critical Update for Windows Media Player 11 (KB959772)
Dell ResourceCD
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EASYnatMAX
EPSON Printer Software
FBX Plugin 2006.08 for Max 9.0
GameSpy Arcade
Gamesurround Muse 5.1 DVD - User Manual
Google Chrome
Google Earth
Google SketchUp 6
Google SketchUp 6 Exporters
Google SketchUp 7
Google SketchUp LayOut 6
Google SketchUp Pro 6
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
H.264 Decoder
Hearts of Iron 2
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix 4 for PSfA 1.0.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
IDrop
IES VE-Ware/Toolkits 5.9
Intel (R) Pro Alerting Agent
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
InterpOSe for Digimap v4.6 From Dotted Eyes
Java(TM) 6 Update 17
Juniper Citrix Services Client
Juniper Networks Host Checker
Juniper Networks Setup Client
Juniper Networks Setup Client Activex Control
Magic DVD Ripper V5.0
Magic ISO Maker v5.5 (build 0276)
Medieval II Total War
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKV Splitter
MobileMe Control Panel
Monopoly Tycoon
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
MUSTEK 1200 UB v2.1
Nero 8 Trial
neroxml
Nidesoft DVD Ripper v5.6
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Nokia PC Suite
nokian95
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Ovi Desktop Sync Engine
OviMPlatform
Paint Shop Pro 7 ESD
PC Connectivity Solution
PCI Audio Driver
PDF Settings
PhotoStitch
Picasa 3
PunkBuster Services
Quake Live Internet Explorer Plugin
QuickTime
RAID Storage Manager
Rapport
RarZilla Free Unrar 2.52
RealPlayer
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Recover My Files
Runtime 8.0 Libraries
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
SIW version 2008-12-16
Sonic Foundry ACID 2.0d
SoundMAX
SUPERAntiSpyware Free Edition
TalkTalk Assist & Go
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb981433)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
V-Ray for SketchUp
VBA (2627.01)
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
VideoLAN VLC media player 0.8.6e
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
WebCam Monitor
WebFldrs XP
WinAce Archiver 2.0
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinTar ver 3.0 Build 1500
XML Paper Specification Shared Components Pack 1.0
Xvid 1.2.1 final uninstall

==== Event Viewer Messages From Past Week ========

26/04/2010 08:13:59, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ASPI32 avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss SASDIFSV SASKUTIL ssmdrv StarOpen Tcpip
26/04/2010 08:13:59, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
26/04/2010 08:13:59, error: Service Control Manager [7001] - The Messenger service depends on the NetBIOS Interface service which failed to start because of the following error: A device attached to the system is not functioning.
26/04/2010 08:13:59, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/04/2010 08:13:59, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/04/2010 08:13:59, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
26/04/2010 08:13:59, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
26/04/2010 08:13:32, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
26/04/2010 08:13:20, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
26/04/2010 08:13:17, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
26/04/2010 07:29:30, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
26/04/2010 07:29:30, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
25/04/2010 19:50:24, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00115090C274. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
23/04/2010 07:45:46, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00115090C274 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

 

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

Disabled myAvira, but combofix restarted the computer and when restarting a couple warnings came up from Avira. Hope this hasnt affected it. HJT on next post.


ComboFix 10-04-26.02 - spare 1 27/04/2010 6:56.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.582 [GMT 1:00]
Running from: c:\documents and settings\SPARE 1\DESKTOP\COMBOFIX.EXE
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\spare 1\Local Settings\Application Data\ave.exe
c:\documents and settings\spare 1\Local Settings\Temporary Internet Files\P6p2CIs.jpg
c:\documents and settings\spare 1\Local Settings\Temporary Internet Files\x7T7q5c.jpg
c:\documents and settings\spare 1\Local Settings\Temporary Internet Files\xcV48EfH.jpg
c:\documents and settings\spare 1\Local Settings\Temporary Internet Files\yy7TK.jpg
c:\documents and settings\spare 1\Recent\Thumbs.db
C:\Thumbs.db

Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-03-27 to 2010-04-27 )))))))))))))))))))))))))))))))
.

2010-04-26 07:01 . 2010-04-26 07:01 -------- d-----w- c:\documents and settings\spare 1\Application Data\AVP 2009
2010-04-20 19:31 . 2010-04-20 19:31 -------- d-----w- c:\documents and settings\spare 1\Local Settings\Application Data\Identities
2010-04-20 19:31 . 2010-04-20 19:31 -------- d-----w- c:\documents and settings\spare 1\Application Data\MSN6
2010-04-20 19:31 . 2010-04-20 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2010-04-12 18:18 . 2010-04-12 18:18 162656 ----a-w- c:\documents and settings\spare 1\Application Data\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTP_8.0.50727.762.exe
2010-04-12 18:18 . 2010-02-19 00:08 548864 ----a-w- c:\documents and settings\spare 1\Application Data\Juniper Networks\Host Checker\Microsoft.VC80.CRT\msvcp80.dll
2010-04-12 18:18 . 2009-11-13 01:15 626688 ----a-w- c:\documents and settings\spare 1\Application Data\Juniper Networks\Host Checker\Microsoft.VC80.CRT\msvcr80.dll
2010-04-12 18:17 . 2010-04-12 18:18 292704 ----a-w- c:\documents and settings\spare 1\Application Data\Juniper Networks\Setup Client\x86_Microsoft.VC80.CRTR_8.0.50727.762.exe
2010-04-08 08:55 . 2010-04-08 08:55 40960 ----a-r- c:\documents and settings\spare 1\Application Data\Microsoft\Installer\{0E07210B-D5B9-4E07-87DE-36F04D2BB63B}\NewShortcut3_0E07210BD5B94E0787DE36F04D2BB63B.exe
2010-04-08 08:55 . 2010-04-08 08:55 40960 ----a-r- c:\documents and settings\spare 1\Application Data\Microsoft\Installer\{0E07210B-D5B9-4E07-87DE-36F04D2BB63B}\NewShortcut1_0E07210BD5B94E0787DE36F04D2BB63B.exe
2010-04-08 08:55 . 2010-04-08 08:55 40960 ----a-r- c:\documents and settings\spare 1\Application Data\Microsoft\Installer\{0E07210B-D5B9-4E07-87DE-36F04D2BB63B}\ARPPRODUCTICON.exe
2010-04-08 08:53 . 2010-04-08 08:53 -------- d-----w- c:\program files\Dotted Eyes
2010-04-08 08:53 . 2010-04-08 08:53 -------- d-----w- c:\program files\Common Files\Dotted Eyes
2010-04-01 07:28 . 2010-04-01 07:29 20895216 ----a-w- c:\documents and settings\spare 1\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-04-01 07:28 . 2010-04-01 07:28 8405312 ----a-w- c:\documents and settings\spare 1\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-04-01 07:27 . 2010-04-01 07:27 149000 ----a-w- c:\documents and settings\spare 1\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-04-01 07:27 . 2010-04-01 07:27 10309448 ----a-w- c:\documents and settings\spare 1\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-04-01 07:27 . 2010-04-01 07:27 79368 ----a-w- c:\documents and settings\spare 1\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-04-01 07:27 . 2010-04-01 07:27 64000 ----a-w- c:\documents and settings\spare 1\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-04-01 07:27 . 2010-04-01 07:27 52288 ----a-w- c:\documents and settings\spare 1\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-04-01 07:27 . 2010-04-01 07:27 50688 ----a-w- c:\documents and settings\spare 1\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-04-01 07:27 . 2010-04-01 07:27 118784 ----a-w- c:\documents and settings\spare 1\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-04-01 07:27 . 2010-04-01 07:27 49152 ----a-w- c:\documents and settings\spare 1\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-31 19:22 . 2010-03-31 19:22 439816 ----a-w- c:\documents and settings\spare 1\Application Data\Real\Update\setup3.10\setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 09:23 . 2005-01-03 14:52 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-26 06:27 . 2010-04-26 06:27 5550080 ----a-w- c:\documents and settings\spare 1\ntuser.tmp
2010-04-15 14:33 . 2009-12-01 11:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-12 18:17 . 2010-02-03 20:01 -------- d-----w- c:\documents and settings\spare 1\Application Data\Juniper Networks
2010-04-12 18:17 . 2010-02-03 20:01 37464 ----a-w- c:\documents and settings\spare 1\Application Data\Juniper Networks\Setup\uninstall.exe
2010-04-12 08:32 . 2008-02-27 07:09 -------- d-----w- c:\program files\Google
2010-04-08 08:11 . 2009-12-31 18:03 -------- d-----w- c:\documents and settings\spare 1\Application Data\Autodesk
2010-04-05 10:14 . 2009-12-20 13:18 371776 ----a-w- c:\documents and settings\spare 1\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2010-04-05 10:14 . 2009-12-20 13:18 187456 ----a-w- c:\documents and settings\spare 1\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2010-04-05 10:14 . 2009-12-20 13:18 461888 ----a-w- c:\documents and settings\spare 1\Application Data\id Software\quakelive\home\baseq3\qagamex86.dll
2010-04-05 10:14 . 2009-12-20 13:18 887856 ----a-w- c:\documents and settings\spare 1\Application Data\id Software\quakelive\home\pb\pbcl.dll
2010-04-05 10:14 . 2009-12-20 13:18 57344 ----a-w- c:\documents and settings\spare 1\Application Data\id Software\quakelive\home\pb\pbag.dll
2010-04-05 10:14 . 2009-12-20 13:18 2427968 ----a-w- c:\documents and settings\spare 1\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2010-04-05 10:13 . 2009-08-12 18:06 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-05 10:13 . 2009-08-12 16:08 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-19 08:14 . 2010-03-19 08:14 -------- d-----w- c:\documents and settings\Default User\Application Data\Trusteer
2010-03-18 09:13 . 2010-03-18 09:13 -------- d-----w- c:\documents and settings\LocalService\Application Data\Trusteer
2010-03-15 11:51 . 2010-03-15 11:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2010-03-11 07:17 . 2010-03-11 07:17 64164264 ----a-w- c:\documents and settings\spare 1\Application Data\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-03-10 17:58 . 2010-03-10 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2010-03-10 17:56 . 2010-03-10 17:38 -------- d-----w- c:\documents and settings\spare 1\Application Data\Nokia
2010-03-10 17:45 . 2010-03-10 17:37 -------- d-----w- c:\program files\Common Files\Nokia
2010-03-10 17:43 . 2010-03-10 17:36 -------- d-----w- c:\program files\Nokia
2010-03-10 17:43 . 2010-03-10 17:43 -------- d-----w- c:\program files\PC Connectivity Solution
2010-03-10 17:41 . 2010-03-10 17:41 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-03-10 17:41 . 2010-03-10 17:41 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-03-10 17:41 . 2010-03-10 17:41 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-03-10 17:41 . 2010-03-10 17:41 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-03-10 17:41 . 2010-03-10 17:41 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-03-10 17:41 . 2010-03-10 17:41 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Installer\CommonCustomActions\pcswpc.exe
2010-03-10 17:41 . 2010-03-10 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache
2010-03-10 17:41 . 2010-03-10 17:41 98302544 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{927AA2A2-7631-4EA2-A1F9-252D27B9D0A2}\Nokia_Ovi_Suite_webinstaller_ALL.exe
2010-03-10 17:39 . 2010-03-10 17:39 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2010-03-10 17:39 . 2010-03-10 17:39 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2010-03-10 17:39 . 2010-03-10 17:38 -------- d-----w- c:\documents and settings\spare 1\Application Data\PC Suite
2010-03-10 17:39 . 2010-03-10 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-03-10 17:39 . 2010-03-10 17:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2010-03-10 17:39 . 2010-03-10 17:39 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-03-10 17:37 . 2010-03-10 17:37 -------- d-----w- c:\program files\DIFX
2010-03-10 17:37 . 2010-03-10 17:37 -------- d-----w- c:\program files\Common Files\PCSuite
2010-03-10 17:36 . 2010-03-10 17:36 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-03-10 17:36 . 2010-03-10 17:36 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-03-10 17:36 . 2010-03-10 17:36 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-03-10 17:36 . 2010-03-10 17:36 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-03-10 17:35 . 2010-03-10 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2010-03-10 17:35 . 2010-03-10 17:36 34399664 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_eng_web.exe
2010-03-10 16:21 . 2010-03-10 16:21 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Juniper Networks
2010-03-10 06:15 . 2002-09-03 20:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-04 16:30 . 2010-03-04 16:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\Trusteer
2010-03-03 10:27 . 2010-03-03 10:27 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trusteer
2010-03-03 09:35 . 2010-03-03 09:35 -------- d-----w- c:\documents and settings\spare 1\Application Data\Trusteer
2010-03-03 09:35 . 2010-03-03 09:35 -------- d-----w- c:\program files\Trusteer
2010-03-03 09:33 . 2010-03-03 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer
2010-02-26 14:24 . 2010-02-26 14:24 0 ----a-w- c:\windows\PowerReg.dat
2010-02-26 14:23 . 2010-02-26 14:23 -------- d-----w- c:\program files\Infogrames Interactive
2010-02-26 14:23 . 2005-01-05 13:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-25 06:24 . 2006-06-23 11:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2002-09-03 19:45 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-20 17:22 . 2008-10-10 20:02 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-19 00:32 . 2010-02-19 00:32 56072 ----a-w- c:\documents and settings\spare 1\Application Data\Juniper Networks\Host Checker\uninstall.exe
2010-02-19 00:32 . 2010-02-19 00:32 157040 ----a-w- c:\documents and settings\spare 1\Application Data\Juniper Networks\Host Checker\InstallHelper.exe
2010-02-19 00:32 . 2010-02-19 00:32 300400 ----a-w- c:\documents and settings\spare 1\Application Data\Juniper Networks\Host Checker\dsHostChecker.exe
2010-02-19 00:32 . 2010-02-19 00:32 234864 ----a-w- c:\documents and settings\spare 1\Application Data\Juniper Networks\Host Checker\dsHostCheckerProxy.exe
2010-02-19 00:30 . 2010-02-19 00:30 159744 ----a-w- c:\documents and settings\spare 1\Application Data\Juniper Networks\Host Checker\PluginClient.dll
2010-02-19 00:19 . 2010-02-19 00:19 18944 ----a-w- c:\documents and settings\spare 1\Application Data\Juniper Networks\Juniper Citrix Services Client\dsWinClientResource_FR.dll
2010-02-19 00:19 . 2010-02-19 00:19 18944 ----a-w- c:\documents and settings\spare 1\Application Data\Juniper Networks\Juniper Citrix Services Client\dsWinClientResource_DE.dll
2010-02-19 00:19 . 2010-02-19 00:19 16896 ----a-w- c:\documents and settings\spare 1\Application Data\Juniper Networks\Juniper Citrix Services Client\dsWinClientResource_KO.dll
2010-02-19 00:19 . 2010-02-19 00:19 16384 ----a-w- c:\documents and settings\spare 1\Application Data\Juniper Networks\Juniper Citrix Services Client\dsWinClientResource_ZH_CN.dll
2010-02-19 00:19 . 2010-02-19 00:19 16384 ----a-w- c:\documents and settings\spare 1\Application Data\Juniper Networks\Juniper Citrix Services Client\dsWinClientResource_ZH.dll
2010-02-19 00:19 . 2010-02-19 00:19 18432 ----a-w- c:\documents and settings\spare 1\Application Data\Juniper Networks\Juniper Citrix Services Client\dsWinClientResource_ES.dll
2010-02-19 00:19 . 2010-02-19 00:19 16896 ----a-w- c:\documents and settings\spare 1\Application Data\Juniper Networks\Juniper Citrix Services Client\dsWinClientResource_JA.dll
2010-02-19 00:08 . 2010-02-19 00:08 401462 ----a-w- c:\documents and settings\spare 1\Application Data\Juniper Networks\Host Checker\msvcp60.dll
2010-02-16 14:08 . 2002-09-03 19:50 2146304 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2002-08-29 01:04 2024448 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-03 08:11 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33 . 2006-08-16 12:14 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2002-09-03 19:58 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-01 13:06 . 2010-02-01 13:06 5487 ----a-w- c:\windows\system32\WING32.zip
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-18 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "= "c:\program files\COMMON FILES\NERO\LIB\NMINDEXSTORESVR.EXE" [2008-02-28 1828136]
"Google Update "= "c:\documents and settings\spare 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-02 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer "= "c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Acrobat Assistant 8.0 "= "c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"QuickTime Task "= "c:\program files\QUICKTIME\QTTASK.EXE" [2009-01-05 413696]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-02-01 8523776]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=" "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
"DisableNotifications "= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe "=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe "=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe "=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Google\\Google SketchUp 6\\SketchUp.exe "=
"c:\\Documents and Settings\\All Users\\Application Data\\ASGvis\\DRSpawner\\DRSpawner.exe "=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe "=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe "=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe "=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe "=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe "=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe "=
"c:\\Program Files\\SEGA\\Medieval II Total War\\medieval2.exe "=
"c:\\WINDOWS\\system32\\PnkBstrA.exe "=
"c:\\WINDOWS\\system32\\PnkBstrB.exe "=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe "=
"c:\\WINDOWS\\system32\\javaw.exe "=
"c:\\Documents and Settings\\spare 1\\Application Data\\Juniper Networks\\Juniper Citrix Services Client\\dsCitrixProxy.exe "=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe "=
"c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14400:TCP "= 14400:TCP:Service
"14416:TCP "= 14416:TCP:Service

R0 AFAmgt;AFAmgt;c:\windows\system32\drivers\afamgt.sys [21/04/2004 12:36 92411]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [15/03/2010 14:47 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [15/03/2010 14:47 116328]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [16/12/2009 17:26 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 17:26 66632]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [17/12/2009 20:35 108289]
R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [08/02/2004 17:02 118784]
R2 AsfAlrt;AsfAlrt;c:\windows\system32\drivers\Asfalrt.sys [18/12/2002 13:31 36064]
R2 RAIDStorAgent;RAID Storage Manager Agent;c:\program files\Dell\RAID Storage Manager\StorServ.exe [16/06/2004 23:10 49152]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/03/2010 14:47 779496]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 10:33 202016]
R3 CTL511Plus;Video Blaster WebCam 3/WebCam Plus (WDM);c:\windows\system32\drivers\webc3vid.sys [30/03/2008 20:35 166504]
R3 S6U12BScanner;MUSTEK 1200 UB Still Image Device Service;c:\windows\system32\drivers\usbscan.sys [03/01/2005 18:08 15104]
S2 gupdate1c9c0f24b9fdc5a;Google Update Service (gupdate1c9c0f24b9fdc5a);c:\program files\Google\Update\GoogleUpdate.exe [19/04/2009 14:25 133104]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\progra~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [30/03/2008 09:45 17149]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 17:27 12872]
S3 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 15:42 148768]
.
Contents of the 'Scheduled Tasks' folder

2010-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-04-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-02-10 22:56]

2010-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 13:25]

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-19 13:25]

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1844237615-839522115-1008Core.job
- c:\documents and settings\spare 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-30 19:14]

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1844237615-839522115-1008UA.job
- c:\documents and settings\spare 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-30 19:14]

2010-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1844237615-839522115-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-30 19:14]

2010-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1844237615-839522115-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-30 19:14]

2010-04-27 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {AD58C149-8AE2-4878-99DC-3A164E32F814} - hxxp://appsnet.bentley.com/myselectcd/SAXFileEE.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PMA_ENT - c:\program files\AntiMalware Pro\AntiMalwarePro.exe
Notify-!SASWinLogon - (no file)



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-343818398-1844237615-839522115-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:97,ab,cc,a8,20,3f,eb,79,c8,31,62,a4,2a,fc,68,ee,d5,ef,a4,f8,16,eb,5a,
69,27,ff,43,2a,99,1b,4f,74,be,9a,b7,24,71,17,fb,b4,00,55,a6,ce,16,a2,55,49,\
"?? "=hex:6d,77,c1,5e,09,b0,35,eb,ea,b5,6c,b2,8e,1f,6c,34
.
Completion time: 2010-04-27 07:06:32
ComboFix-quarantined-files.txt 2010-04-27 06:06
ComboFix2.txt 2010-01-22 08:14

Pre-Run: 20,788,903,936 bytes free
Post-Run: 21,384,687,616 bytes free

- - End Of File - - 3657306D63EE8BC97A1ED3BBCC381065

 

HJT log

Forgot to also mention the virus that randomly redirects google searches for 3 or so go's also arrived yesterday later on.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 07:14:57, on 27/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Dell\RAID Storage Manager\StorServ.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\spare 1\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\PROGRAM FILES\COMMON FILES\NERO\LIB\NMINDEXSTORESVR.EXE" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\spare 1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://wow.wiltshire.gov.uk/dana/d...a/term/winlaunchterm.cgi?op=DownloadCitrixCab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1204056491812
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {AD58C149-8AE2-4878-99DC-3A164E32F814} (SAXFileEE FileDownload ActiveX Control) - http://appsnet.bentley.com/myselectcd/SAXFileEE.cab
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} (Java Plug-in 1.6.0_04) -
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Plug-in 1.6.0_05) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553550000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://wow.wiltshire.gov.uk/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9c0f24b9fdc5a) (gupdate1c9c0f24b9fdc5a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: RAID Storage Manager Agent (RAIDStorAgent) - Dell - C:\Program Files\Dell\RAID Storage Manager\StorServ.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

--
End of file - 11604 bytes

 

Did you have any more trouble with combofix other than what you mentioned? Reason i ask is because the log tells me it has run 4 times.

Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

c:\windows\system32\drivers\tcpip6.sys

 

VirusTotal report



Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.24 -
AhnLab-V3 5.0.0.2 2010.04.24 -
AntiVir 8.2.1.224 2010.04.23 -
Antiy-AVL 2.0.3.7 2010.04.23 -
Authentium 5.2.0.5 2010.04.24 -
Avast 4.8.1351.0 2010.04.24 -
Avast5 5.0.332.0 2010.04.24 -
AVG 9.0.0.787 2010.04.24 -
BitDefender 7.2 2010.04.24 -
CAT-QuickHeal 10.00 2010.04.23 -
ClamAV 0.96.0.3-git 2010.04.24 -
Comodo 4675 2010.04.24 -
DrWeb 5.0.2.03300 2010.04.24 -
eSafe 7.0.17.0 2010.04.22 -
eTrust-Vet 35.2.7448 2010.04.24 -
F-Prot 4.5.1.85 2010.04.24 -
F-Secure 9.0.15370.0 2010.04.24 -
Fortinet 4.0.14.0 2010.04.21 -
GData 21 2010.04.24 -
Ikarus T3.1.1.80.0 2010.04.24 -
Jiangmin 13.0.900 2010.04.24 -
Kaspersky 7.0.0.125 2010.04.24 -
McAfee 5.400.0.1158 2010.04.24 -
McAfee-GW-Edition 6.8.5 2010.04.23 -
Microsoft 1.5703 2010.04.24 -
NOD32 5056 2010.04.24 -
Norman 6.04.11 2010.04.24 -
nProtect 2010-04-24.01 2010.04.24 -
Panda 10.0.2.7 2010.04.24 -
PCTools 7.0.3.5 2010.04.24 -
Prevx 3.0 2010.04.24 -
Rising 22.44.05.04 2010.04.24 -
Sophos 4.53.0 2010.04.24 -
Sunbelt 6215 2010.04.24 -
Symantec 20091.2.0.41 2010.04.24 -
TheHacker 6.5.2.0.268 2010.04.23 -
TrendMicro 9.120.0.1004 2010.04.24 -
VBA32 3.12.12.4 2010.04.23 -
ViRobot 2010.4.24.2293 2010.04.24 -
VirusBuster 5.0.27.0 2010.04.23 -
Additional information
File size: 226880 bytes
MD5 : 4e53bbcc4be37d7a4bd6ef1098c89ff7
SHA1 : acfd86802e809d000f2901ce733438bf9e032eea
SHA256: d084efe07ac200672a1ce7bb8ae736612b3e353271188d26e29ec973e26e1f5f
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x33B09
timedatestamp.....: 0x4B73F1C6 (Thu Feb 11 13:02:14 2010)
machinetype.......: 0x14C (Intel I386)

( 8 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x340 0x2A907 0x2A940 6.59 95a29358b0ee9c5c0ffc00a5f8771243
.rdata 0x2AC80 0xB74 0xB80 4.10 eca882d5c6b6582681fe49348b213814
.data 0x2B800 0x63C4 0x6400 0.13 0f3e0da00810c88deb9713fdf804e0a5
PAGE 0x31C00 0xE01 0xE40 6.31 5026eea0475b9fcd2219fdde0865250f
.edata 0x32A40 0x1D6 0x200 4.89 eedf106797c7f0daa9670889aac487d1
INIT 0x32C40 0x2548 0x2580 6.16 ebfd392630ec0ae56b5529525221d6a7
.rsrc 0x351C0 0x3E0 0x400 3.35 adaabd3d99f7cfb53f198257bfa4d42c
.reloc 0x355C0 0x2050 0x2080 6.64 87daa3579693278df90310bc7f6451bf

( 4 imports )

> hal.dll: KfAcquireSpinLock, KfLowerIrql, KfRaiseIrql, KeQueryPerformanceCounter, KfReleaseSpinLock
> ndis.sys: NdisTransferData, NdisSend, NdisRequest, NdisUnchainBufferAtFront, NdisUnchainBufferAtBack, NdisAllocatePacket, NdisRegisterProtocol, NdisFreePacket, NdisFreePacketPool, NdisFreeBufferPool, NdisAllocatePacketPool, NdisAllocateBufferPool, NdisDeregisterProtocol, NdisCloseAdapter, NdisOpenAdapter, NdisCompleteUnbindAdapter, NdisAllocateBuffer
> ntoskrnl.exe: MmProbeAndLockPages, IoAllocateMdl, _except_handler3, IoGetCurrentProcess, KeInitializeEvent, IoDeleteDevice, IoDeleteSymbolicLink, ZwQueryValueKey, RtlVerifyVersionInfo, VerSetConditionMask, RtlAddAccessAllowedAce, RtlCreateAcl, RtlLengthSid, SeExports, ObReleaseObjectSecurity, SeSetSecurityDescriptorInfo, memmove, RtlLengthSecurityDescriptor, RtlSetDaclSecurityDescriptor, RtlCreateSecurityDescriptor, ObGetObjectSecurity, ObSetSecurityObjectByPointer, RtlAddAce, RtlGetAce, RtlGetDaclSecurityDescriptor, RtlInitializeSid, ZwOpenKey, ZwQuerySystemInformation, ZwClose, MmQuerySystemSize, KeNumberProcessors, ZwLoadDriver, IoCreateDevice, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, KeQueryTimeIncrement, KeTickCount, _alldiv, _allmul, RtlCompareMemory, KeBugCheckEx, IofCompleteRequest, ObReferenceObjectByHandle, RtlExtendedIntegerMultiply, SeAssignSecurity, ObLogSecurityDescriptor, RtlInitUnicodeString, RtlUnicodeStringToInteger, KeResetEvent, RtlMapGenericMask, SeAppendPrivileges, SeFreePrivileges, IofCallDriver, IoBuildDeviceIoControlRequest, ObfReferenceObject, IoGetDeviceObjectPointer, MmMapLockedPages, MmMapLockedPagesSpecifyCache, _aulldiv, IoFreeWorkItem, IoQueueWorkItem, IoAllocateWorkItem, KeSetTimerEx, KeInitializeTimer, KeInitializeDpc, KeDelayExecutionThread, KeCancelTimer, RtlFreeUnicodeString, RtlStringFromGUID, ExAllocatePoolWithTagPriority, KeSetTimer, KeInsertQueueDpc, RtlIpv6StringToAddressW, RtlGUIDFromString, swprintf, ZwDeleteKey, wcscmp, IoCreateSymbolicLink, KeLeaveCriticalRegion, KeEnterCriticalRegion, RtlIpv4AddressToStringA, ZwCreateFile, ObReferenceObjectByPointer, IoFreeIrp, IoAllocateIrp, MmBuildMdlForNonPagedPool, sprintf, RtlIpv4StringToAddressW, ZwCreateKey, ZwDeleteValueKey, ZwSetValueKey, ZwEnumerateKey, ExInterlockedPopEntrySList, ExInterlockedPushEntrySList, KeQueryInterruptTime, ExfInterlockedAddUlong, PsGetCurrentProcess, DbgBreakPoint, KeFlushQueuedDpcs, PsGetCurrentProcessId, KeQuerySystemTime, RtlWalkFrameChain, MmUnlockPages, IoFreeMdl, RtlExtendedMagicDivide, IoFileObjectType, ObfDereferenceObject, IoAcquireCancelSpinLock, IoReleaseCancelSpinLock, KeSetEvent, SeLockSubjectContext, IoGetFileObjectGenericMapping, SeAccessCheck, SeUnlockSubjectContext, KeInitializeSpinLock, KeInitializeMutex, MmIsThisAnNtAsSystem, RtlInitializeBitMap, ExQueueWorkItem, ExAllocatePoolWithTag, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, ExFreePoolWithTag, KeWaitForSingleObject, ObDereferenceSecurityDescriptor, KeReleaseMutex, RtlClearAllBits, RtlSetBit
> tdi.sys: TdiDeregisterDeviceObject, TdiRegisterPnPHandlers, TdiProviderReady, TdiRegisterProvider, TdiDeregisterProvider, TdiDeregisterNetAddress, TdiRegisterNetAddress, TdiCopyBufferToMdlWithReservedMappingAtDpcLevel, TdiInitialize, TdiRegisterDeviceObject, CTEInitEvent, CTEScheduleDelayedEvent, TdiDeregisterPnPHandlers, TdiMapUserRequest, TdiCopyBufferToMdl

( 1 exports )

> AdjustPacketBuffer, CreateInterface, DestroyInterface, IPv6DisableFirewallHook, IPv6EnableFirewallHook, IPv6GetBestRouteInfo, IPv6ObtainPacketData, IPv6Receive, IPv6ReceiveComplete, IPv6SendComplete, ReleaseInterface, RestartLinkLayerMulticast, SetInterfaceLinkStatus, UndoAdjustPacketBuffer
TrID : File type identification
Win32 Executable Generic (68.0%)
Generic Win/DOS Executable (15.9%)
DOS Executable Generic (15.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 6144:Igg0DwXl4kZaPEOR73kbPPpiXTDja8xh5rrtVonUVX:IM8ipkbPPpqTxxAn
sigcheck: publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: IPv6 driver
original name: tcpip6.sys
internal name: tcpip6.sys
file version.: 5.1.2600.5935 (xpsp_sp3_gdr.100211-1404)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD : -
packers (Kaspersky): PE_Patch
RDS : NSRL Reference Data Set
-

 

No other problems . I ran it, it rsn for a bit before saying there was rootkit activity and needed to restart. It restarted and the two Avira warnings came up at the beginning of the restarted scan. I allowed access to the first and not to the second. The following logs

Virus or unwanted program 'TR/Patched.Gen [trojan]'
detected in file 'C:\Qoobox\32788R22FWJFW\tcpip.sys.
Action performed: Allow access


Virus or unwanted program 'TR/Patched.Gen [trojan]'
detected in file 'C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\tcpip.sys.vir.
Action performed: Deny access

 

That file is now in quarantine. The Jotti results are incorrect. You should see either 'Nothing found' or it will tell you what is found.

 

jottis found nothing wrong with the file

 

Which browser is being re-directed?

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Open JavaRa.exe again and select Search For Updates.
• Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

====