[Not curable - Ramnit] Google Re-direct-having problems, can't download GMER

Status
Not open for further replies.
S

Sixx1402

Posts: 60   +0
I've had a read through some of the other posts on here and seem to have the virus/malware that causes google to redirect (usually to Lico Search). I started following the 8 step program but got stuck at step 4 as i couldn't get to the GMER link page. I'm also a bit concerned in case i do anything wrong without the professional's advice on here. Any help would be much appreciated.
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

Skip GMER for now.
 
Hi Broni, thanks for the quick response. Ok i can't use either the GMER link or the DDS link - I get the 'Internet Explore cannot display the webpage' screen on both. here is the Malwarebytes log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6422

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

23/04/2011 16:52:52
mbam-log-2011-04-23 (16-52-52).txt

Scan type: Quick scan
Objects scanned: 143377
Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
That link won't work either, is it the virus blocking the links? I've had a look in the Internet Options-Connections tab but it looks normal, the 'use a proxy server for your LAN' isn't ticked.
 
That one isn't working either, it just sticks on the screen and doesn't go to the link. I can access anything from my favourites menu including my email (and also sendspace if that helps) but its hit and miss if i try and access anything else from google or on this site. I had an issue with my internet explorer before this: i often had the browser pause and then say 'the tab has been recovered' when going to pages, i don't know if this makes any difference?
 
I've realised i can use my girfriends laptop to retrieve things! Ok i did the TDSSKiller scan, it didn't find anything, here is the report:

2011/04/23 18:41:30.0953 2120 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/23 18:41:31.0984 2120 ================================================================================
2011/04/23 18:41:31.0984 2120 SystemInfo:
2011/04/23 18:41:31.0984 2120
2011/04/23 18:41:31.0984 2120 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/23 18:41:31.0984 2120 Product type: Workstation
2011/04/23 18:41:31.0984 2120 ComputerName: USER-1EBAC01BAD
2011/04/23 18:41:31.0984 2120 UserName: User
2011/04/23 18:41:31.0984 2120 Windows directory: C:\WINDOWS
2011/04/23 18:41:31.0984 2120 System windows directory: C:\WINDOWS
2011/04/23 18:41:31.0984 2120 Processor architecture: Intel x86
2011/04/23 18:41:31.0984 2120 Number of processors: 2
2011/04/23 18:41:31.0984 2120 Page size: 0x1000
2011/04/23 18:41:31.0984 2120 Boot type: Normal boot
2011/04/23 18:41:31.0984 2120 ================================================================================
2011/04/23 18:41:32.0046 2120 Initialize success
2011/04/23 18:41:34.0125 0700 ================================================================================
2011/04/23 18:41:34.0125 0700 Scan started
2011/04/23 18:41:34.0125 0700 Mode: Manual;
2011/04/23 18:41:34.0125 0700 ================================================================================
2011/04/23 18:41:35.0156 0700 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/23 18:41:35.0218 0700 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/23 18:41:35.0265 0700 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/23 18:41:35.0312 0700 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/04/23 18:41:35.0562 0700 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/23 18:41:35.0578 0700 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/23 18:41:35.0656 0700 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/23 18:41:35.0718 0700 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/23 18:41:36.0046 0700 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/04/23 18:41:36.0109 0700 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/04/23 18:41:36.0140 0700 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/04/23 18:41:36.0171 0700 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/04/23 18:41:36.0234 0700 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/04/23 18:41:36.0296 0700 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/23 18:41:36.0343 0700 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/23 18:41:36.0375 0700 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/23 18:41:36.0406 0700 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/23 18:41:36.0437 0700 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/23 18:41:36.0609 0700 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/23 18:41:36.0703 0700 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/23 18:41:36.0734 0700 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/23 18:41:36.0750 0700 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/23 18:41:36.0781 0700 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/23 18:41:36.0843 0700 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/23 18:41:36.0890 0700 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/23 18:41:36.0906 0700 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/23 18:41:36.0937 0700 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/23 18:41:36.0953 0700 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/23 18:41:37.0015 0700 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/23 18:41:37.0078 0700 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/04/23 18:41:37.0125 0700 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
2011/04/23 18:41:37.0140 0700 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/23 18:41:37.0171 0700 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/23 18:41:37.0187 0700 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2011/04/23 18:41:37.0234 0700 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/23 18:41:37.0281 0700 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/04/23 18:41:37.0328 0700 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/23 18:41:37.0421 0700 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/23 18:41:37.0500 0700 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/23 18:41:37.0515 0700 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/23 18:41:37.0687 0700 IntcAzAudAddService (001aaca6ed0e6b00fc5b8faf74977e81) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/04/23 18:41:37.0765 0700 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/23 18:41:37.0796 0700 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/23 18:41:37.0828 0700 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/23 18:41:37.0843 0700 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/23 18:41:37.0859 0700 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/23 18:41:37.0890 0700 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/23 18:41:37.0921 0700 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/23 18:41:38.0140 0700 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/23 18:41:38.0171 0700 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/23 18:41:38.0203 0700 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/23 18:41:38.0296 0700 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/23 18:41:38.0343 0700 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/23 18:41:38.0390 0700 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/23 18:41:38.0437 0700 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/23 18:41:38.0453 0700 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/23 18:41:38.0500 0700 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/23 18:41:38.0546 0700 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/23 18:41:38.0609 0700 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/23 18:41:38.0640 0700 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/23 18:41:38.0656 0700 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/23 18:41:38.0687 0700 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/23 18:41:38.0718 0700 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/23 18:41:38.0765 0700 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
2011/04/23 18:41:38.0781 0700 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/23 18:41:38.0843 0700 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/23 18:41:38.0859 0700 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/23 18:41:38.0890 0700 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/23 18:41:38.0906 0700 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/23 18:41:38.0984 0700 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/23 18:41:39.0000 0700 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/23 18:41:39.0046 0700 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/23 18:41:39.0093 0700 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/23 18:41:39.0140 0700 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/23 18:41:39.0234 0700 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/23 18:41:39.0468 0700 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/23 18:41:39.0640 0700 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/23 18:41:39.0656 0700 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/23 18:41:39.0687 0700 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/23 18:41:39.0734 0700 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/23 18:41:39.0781 0700 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/23 18:41:39.0796 0700 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/23 18:41:39.0843 0700 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/23 18:41:40.0031 0700 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/23 18:41:40.0531 0700 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/23 18:41:40.0578 0700 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/04/23 18:41:40.0593 0700 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/23 18:41:40.0609 0700 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/23 18:41:40.0656 0700 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/23 18:41:40.0859 0700 RapportCerberus_25973 (3d80f6fb972cffab9a760892f9ab7232) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys
2011/04/23 18:41:40.0875 0700 RapportKELL (b64262f33c53d690ed662fde57102b10) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2011/04/23 18:41:40.0921 0700 RapportPG (c9b8a131aaf77d969cbc3987537b319d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
2011/04/23 18:41:40.0937 0700 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/23 18:41:40.0953 0700 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/23 18:41:40.0968 0700 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/23 18:41:40.0984 0700 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/23 18:41:41.0015 0700 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/23 18:41:41.0031 0700 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/23 18:41:41.0046 0700 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/23 18:41:41.0125 0700 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/23 18:41:41.0140 0700 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/23 18:41:41.0171 0700 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/04/23 18:41:41.0234 0700 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/23 18:41:41.0265 0700 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/23 18:41:41.0281 0700 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/23 18:41:41.0296 0700 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/23 18:41:41.0359 0700 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/23 18:41:41.0375 0700 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/23 18:41:41.0453 0700 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/23 18:41:41.0500 0700 sscdbus (92b69020fc480219683d429dca068d71) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
2011/04/23 18:41:41.0531 0700 sscdmdfl (77a2869d40cc84af711c321f9b0c7a78) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
2011/04/23 18:41:41.0562 0700 sscdmdm (b4255635195a8413fcde7af5b7c4e382) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
2011/04/23 18:41:41.0609 0700 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/04/23 18:41:41.0640 0700 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/23 18:41:41.0656 0700 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/23 18:41:41.0734 0700 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/23 18:41:41.0765 0700 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/23 18:41:41.0796 0700 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/23 18:41:41.0812 0700 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/23 18:41:41.0843 0700 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/23 18:41:41.0890 0700 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/23 18:41:41.0953 0700 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/23 18:41:41.0984 0700 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/23 18:41:42.0046 0700 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/23 18:41:42.0093 0700 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/23 18:41:42.0125 0700 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/23 18:41:42.0156 0700 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/23 18:41:42.0156 0700 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/23 18:41:42.0171 0700 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/23 18:41:42.0234 0700 W35UND (f4cfdbf69ec1025e0a62952da0710053) C:\WINDOWS\system32\DRIVERS\W35UND.SYS
2011/04/23 18:41:42.0281 0700 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/23 18:41:42.0312 0700 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/23 18:41:42.0375 0700 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/23 18:41:42.0421 0700 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/23 18:41:42.0437 0700 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/23 18:41:42.0546 0700 ================================================================================
2011/04/23 18:41:42.0546 0700 Scan finished
2011/04/23 18:41:42.0546 0700 ================================================================================

Do you want me to try and finish the rest of the 8 step routine by getting the applications off the laptop?
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Ok i did combofix, the computer restarted after it had finished, i don't know if this is normal? Here is the report:

ComboFix 11-04-23.01 - User 23/04/2011 19:22:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1441 [GMT 1:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}


((((((((((((((((((((((((( Files Created from 2011-03-23 to 2011-04-23 )))))))))))))))))))))))))))))))


2011-04-23 12:22:34 . 2011-04-23 13:15:05 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2011-04-23 12:20:57 . 2011-04-23 13:14:53 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Tools
2011-04-23 02:56:20 . 2011-04-23 02:56:20 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
2011-04-23 02:53:29 . 2011-04-23 02:54:38 -------- dc-h--w- C:\WINDOWS\ie8
2011-04-23 02:53:18 . 2011-04-23 02:53:18 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2011-04-23 02:53:13 . 2011-04-23 02:57:35 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\Google
2011-04-23 02:52:47 . 2011-04-23 02:53:13 -------- d-----w- C:\Program Files\Google
2011-04-23 00:58:53 . 2011-04-23 16:06:34 -------- d-----w- C:\WINDOWS\system32\NtmsData
2011-04-23 00:57:01 . 2011-04-23 00:57:01 -------- d-----w- C:\Documents and Settings\User\Application Data\Avira
2011-04-23 00:55:54 . 2011-03-04 15:11:12 137656 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
2011-04-23 00:55:54 . 2011-03-04 13:37:13 61960 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-04-23 00:55:54 . 2010-06-17 13:27:24 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-04-23 00:55:54 . 2010-06-17 13:27:24 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-04-23 00:55:53 . 2011-04-23 00:55:53 -------- d-----w- C:\Program Files\Avira
2011-04-23 00:55:53 . 2011-04-23 00:55:53 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Avira
2011-04-22 21:31:00 . 2011-04-22 21:31:00 -------- d-----w- C:\Program Files\khwsfwle
2011-04-22 21:30:59 . 2011-04-23 00:48:09 166768 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\isuspmmgr.exe
2011-04-22 21:30:59 . 2011-04-23 00:48:09 166768 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\agentmgr.exe
2011-04-22 21:23:14 . 2011-04-22 21:23:14 -------- d-----w- C:\Program Files\VS Revo Group
2011-04-22 21:18:02 . 2011-04-22 21:18:15 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2011-04-15 17:17:32 . 2011-04-15 17:17:32 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\Trusteer
2011-04-14 22:04:15 . 2011-04-14 22:04:16 -------- d-----w- C:\Program Files\Spotify
2011-04-06 11:23:51 . 2011-04-06 11:23:51 -------- d-----w- C:\found.000
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-03-07 05:33:50 . 2010-10-08 10:55:46 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-03-04 06:37:06 . 2006-02-28 12:00:00 420864 ----a-w- C:\WINDOWS\system32\vbscript.dll
2011-03-03 13:21:11 . 2006-02-28 12:00:00 1857920 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-02-22 23:06:29 . 2006-02-28 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-02-22 23:06:29 . 2006-02-28 12:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-02-22 23:06:29 . 2006-02-28 12:00:00 1469440 ----a-w- C:\WINDOWS\system32\inetcpl.cpl
2011-02-22 11:41:59 . 2006-02-28 12:00:00 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-02-17 13:18:24 . 2006-02-28 12:00:00 455936 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-02-17 13:18:03 . 2006-02-28 12:00:00 357888 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2011-02-17 12:32:12 . 2010-10-08 11:31:35 5120 ----a-w- C:\WINDOWS\system32\xpsp4res.dll
2011-02-15 12:56:39 . 2006-02-28 12:00:00 290432 ----a-w- C:\WINDOWS\system32\atmfd.dll
2011-02-09 13:53:52 . 2006-02-28 12:00:00 270848 ----a-w- C:\WINDOWS\system32\sbe.dll
2011-02-09 13:53:52 . 2006-02-28 12:00:00 186880 ----a-w- C:\WINDOWS\system32\encdec.dll
2011-02-08 13:33:55 . 2006-02-28 12:00:00 978944 ----a-w- C:\WINDOWS\system32\mfc42.dll
2011-02-08 13:33:55 . 2006-02-28 12:00:00 974848 ----a-w- C:\WINDOWS\system32\mfc42u.dll
2011-02-02 07:58:35 . 2010-10-08 10:52:49 2067456 ----a-w- C:\WINDOWS\system32\mstscax.dll
2011-01-27 11:57:06 . 2010-10-08 10:52:49 677888 ----a-w- C:\WINDOWS\system32\mstsc.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files\Steam\steam.exe" [2011-01-12 20:46:45 1242448]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-23 02:53:11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2010-07-09 15:24:16 13923432]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30:30 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 15:45:14 35736]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 12:49:34 932288]
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 21:10:00 1230704]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 13:36:51 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:42:18 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [N/A]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43:28 69632 ----a-w- C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42:18 15360 ----a-w- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2005-12-20 10:27:57 155648 ----a-w- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 15:24:16 13923432 ----a-w- C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 15:24:18 110696 ----a-w- C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-07-07 22:52:40 1753192 ----a-w- C:\Program Files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-12-19 10:12:24 16062464 ----a-w- C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 17:04:26 2879488 ----a-w- C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43:18 248040 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"C:\\Documents and Settings\\User\\My Documents\\Age Of Empires II\\Age Of Empires II The Conquerors\\age2_x1.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\football manager 2011\\fm.exe"=
"C:\\Program Files\\Spotify\\spotify.exe"=

R0 RapportKELL;RapportKELL;C:\WINDOWS\system32\drivers\RapportKELL.sys [03/10/2010 23:43:44 59240]
R1 Avgldx86;AVG AVI Loader Driver;C:\WINDOWS\system32\drivers\avgldx86.sys [07/09/2010 04:48:54 251728]
R1 RapportCerberus_25973;RapportCerberus_25973;C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys [13/04/2011 12:17:06 57144]
R1 RapportPG;RapportPG;C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 23:43:44 169320]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [23/04/2011 01:55:54 135336]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [27/01/2011 19:03:01 233472]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [27/01/2011 19:03:01 36608]
S2 AVGIDSAgent;AVGIDSAgent;"C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"C:\Program Files\AVG\AVG10\avgwdsvc.exe" --> C:\Program Files\AVG\AVG10\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [23/04/2011 03:53:14 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 jatmlano;jatmlano;\??\C:\DOCUME~1\User\LOCALS~1\Temp\jatmlano.sys --> C:\DOCUME~1\User\LOCALS~1\Temp\jatmlano.sys [?]
S3 W35UND;IS89C35 802.11bg WLAN USB Adapter Driver;C:\WINDOWS\system32\drivers\W35UND.SYS [08/10/2010 12:18:03 117632]
S4 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys --> C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [?]
S4 AVGIDSEH;AVGIDSEH;C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys --> C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [?]
S4 AVGIDSFilter;AVGIDSFilter;C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys --> C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [?]
S4 AVGIDSShim;AVGIDSShim;C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys --> C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [?]
S4 Avgrkx86;AVG Anti-Rootkit Driver;C:\WINDOWS\system32\DRIVERS\avgrkx86.sys --> C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [?]
S4 Avgtdix;AVG TDI Driver;C:\WINDOWS\system32\DRIVERS\avgtdix.sys --> C:\WINDOWS\system32\DRIVERS\avgtdix.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD25
*Deregistered* - klmd25

Contents of the 'Scheduled Tasks' folder

2011-04-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-23 02:53:14 . 2011-04-23 02:53:12]

2011-04-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-23 02:53:14 . 2011-04-23 02:53:12]


------- Supplementary Scan -------

uStart Page = hxxp://www.google.co.uk/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-ISUSPM Startup - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
HKLM-Run-NPSStartup - (no file)
ShellExecuteHooks-{56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
AddRemove-Adobe SVG Viewer - C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe
AddRemove-Football Manager 2010 - C:\Program Files\Sports Interactive\Football Manager 2010\Uninstall_Football Manager 2010\Uninstall Football Manager 2010.exe
AddRemove-InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8} - C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe
AddRemove-Nero - Burning Rom!UninstallKey - C:\Program Files\Ahead\nero\uninstall\UNNERO.exe
AddRemove-Windows Media Format Runtime - C:\Program Files\Windows Media Player\wmsetsdk.exe
AddRemove-WinRAR archiver - C:\Program Files\WinRAR\uninstall.exe
AddRemove-{412033BC-44CF-48D9-B813-4B835101F4D3} - C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe
 
The log is incomplete.
Look in C:\combofix.txt
If it looks same as you just posted, re-run Combofix.
If you find more text there, post it.
 
Ok i did it again because there was no more txt there but i think it is incomplete again. When it is compiling the log at the end it says something on the blue screen very briefly so i can't read it and then the computer restarts itself?

Here is the log:

ComboFix 11-04-23.01 - User 23/04/2011 20:32:59.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1451 [GMT 1:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}


((((((((((((((((((((((((( Files Created from 2011-03-23 to 2011-04-23 )))))))))))))))))))))))))))))))


2011-04-23 12:22:34 . 2011-04-23 13:15:05 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2011-04-23 12:20:57 . 2011-04-23 13:14:53 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Tools
2011-04-23 02:56:20 . 2011-04-23 02:56:20 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
2011-04-23 02:53:29 . 2011-04-23 02:54:38 -------- dc-h--w- C:\WINDOWS\ie8
2011-04-23 02:53:18 . 2011-04-23 02:53:18 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2011-04-23 02:53:13 . 2011-04-23 02:57:35 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\Google
2011-04-23 02:52:47 . 2011-04-23 02:53:13 -------- d-----w- C:\Program Files\Google
2011-04-23 00:58:53 . 2011-04-23 18:47:40 -------- d-----w- C:\WINDOWS\system32\NtmsData
2011-04-23 00:57:01 . 2011-04-23 00:57:01 -------- d-----w- C:\Documents and Settings\User\Application Data\Avira
2011-04-23 00:55:54 . 2011-03-04 15:11:12 137656 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
2011-04-23 00:55:54 . 2011-03-04 13:37:13 61960 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-04-23 00:55:54 . 2010-06-17 13:27:24 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-04-23 00:55:54 . 2010-06-17 13:27:24 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-04-23 00:55:53 . 2011-04-23 00:55:53 -------- d-----w- C:\Program Files\Avira
2011-04-23 00:55:53 . 2011-04-23 00:55:53 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Avira
2011-04-22 21:31:00 . 2011-04-23 18:28:27 -------- d-----w- C:\Program Files\khwsfwle
2011-04-22 21:30:59 . 2011-04-23 00:48:09 166768 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\isuspmmgr.exe
2011-04-22 21:30:59 . 2011-04-23 00:48:09 166768 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\agentmgr.exe
2011-04-22 21:23:14 . 2011-04-22 21:23:14 -------- d-----w- C:\Program Files\VS Revo Group
2011-04-22 21:18:02 . 2011-04-22 21:18:15 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2011-04-15 17:17:32 . 2011-04-15 17:17:32 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\Trusteer
2011-04-14 22:04:15 . 2011-04-14 22:04:16 -------- d-----w- C:\Program Files\Spotify
2011-04-06 11:23:51 . 2011-04-06 11:23:51 -------- d-----w- C:\found.000
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-03-07 05:33:50 . 2010-10-08 10:55:46 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-03-04 06:37:06 . 2006-02-28 12:00:00 420864 ----a-w- C:\WINDOWS\system32\vbscript.dll
2011-03-03 13:21:11 . 2006-02-28 12:00:00 1857920 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-02-22 23:06:29 . 2006-02-28 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-02-22 23:06:29 . 2006-02-28 12:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-02-22 23:06:29 . 2006-02-28 12:00:00 1469440 ----a-w- C:\WINDOWS\system32\inetcpl.cpl
2011-02-22 11:41:59 . 2006-02-28 12:00:00 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-02-17 13:18:24 . 2006-02-28 12:00:00 455936 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-02-17 13:18:03 . 2006-02-28 12:00:00 357888 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2011-02-17 12:32:12 . 2010-10-08 11:31:35 5120 ----a-w- C:\WINDOWS\system32\xpsp4res.dll
2011-02-15 12:56:39 . 2006-02-28 12:00:00 290432 ----a-w- C:\WINDOWS\system32\atmfd.dll
2011-02-09 13:53:52 . 2006-02-28 12:00:00 270848 ----a-w- C:\WINDOWS\system32\sbe.dll
2011-02-09 13:53:52 . 2006-02-28 12:00:00 186880 ----a-w- C:\WINDOWS\system32\encdec.dll
2011-02-08 13:33:55 . 2006-02-28 12:00:00 978944 ----a-w- C:\WINDOWS\system32\mfc42.dll
2011-02-08 13:33:55 . 2006-02-28 12:00:00 974848 ----a-w- C:\WINDOWS\system32\mfc42u.dll
2011-02-02 07:58:35 . 2010-10-08 10:52:49 2067456 ----a-w- C:\WINDOWS\system32\mstscax.dll
2011-01-27 11:57:06 . 2010-10-08 10:52:49 677888 ----a-w- C:\WINDOWS\system32\mstsc.exe


((((((((((((((((((((((((((((( SnapShot@2011-04-23_18.25.46 )))))))))))))))))))))))))))))))))))))))))

+ 2011-04-23 18:27:53 . 2011-04-23 18:27:53 16384 C:\WINDOWS\Temp\Perflib_Perfdata_4e4.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files\Steam\steam.exe" [2011-01-12 20:46:45 1242448]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-23 02:53:11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2010-07-09 15:24:16 13923432]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [BU]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30:30 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 15:45:14 35736]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 12:49:34 932288]
"NPSStartup"="" [BU]
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 21:10:00 1230704]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 13:36:51 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:42:18 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [N/A]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 17:43:28 69632 ----a-w- C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42:18 15360 ----a-w- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2005-12-20 10:27:57 155648 ----a-w- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 15:24:16 13923432 ----a-w- C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 15:24:18 110696 ----a-w- C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-07-07 22:52:40 1753192 ----a-w- C:\Program Files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-12-19 10:12:24 16062464 ----a-w- C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 17:04:26 2879488 ----a-w- C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43:18 248040 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"C:\\Documents and Settings\\User\\My Documents\\Age Of Empires II\\Age Of Empires II The Conquerors\\age2_x1.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\football manager 2011\\fm.exe"=
"C:\\Program Files\\Spotify\\spotify.exe"=

R0 RapportKELL;RapportKELL;C:\WINDOWS\system32\drivers\RapportKELL.sys [03/10/2010 23:43:44 59240]
R1 Avgldx86;AVG AVI Loader Driver;C:\WINDOWS\system32\drivers\avgldx86.sys [07/09/2010 04:48:54 251728]
R1 RapportCerberus_25973;RapportCerberus_25973;C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys [13/04/2011 12:17:06 57144]
R1 RapportPG;RapportPG;C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 23:43:44 169320]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [23/04/2011 01:55:54 135336]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [27/01/2011 19:03:01 233472]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [27/01/2011 19:03:01 36608]
S2 AVGIDSAgent;AVGIDSAgent;"C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"C:\Program Files\AVG\AVG10\avgwdsvc.exe" --> C:\Program Files\AVG\AVG10\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [23/04/2011 03:53:14 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 jatmlano;jatmlano;\??\C:\DOCUME~1\User\LOCALS~1\Temp\jatmlano.sys --> C:\DOCUME~1\User\LOCALS~1\Temp\jatmlano.sys [?]
S3 W35UND;IS89C35 802.11bg WLAN USB Adapter Driver;C:\WINDOWS\system32\drivers\W35UND.SYS [08/10/2010 12:18:03 117632]
S4 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys --> C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [?]
S4 AVGIDSEH;AVGIDSEH;C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys --> C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [?]
S4 AVGIDSFilter;AVGIDSFilter;C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys --> C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [?]
S4 AVGIDSShim;AVGIDSShim;C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys --> C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [?]
S4 Avgrkx86;AVG Anti-Rootkit Driver;C:\WINDOWS\system32\DRIVERS\avgrkx86.sys --> C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [?]
S4 Avgtdix;AVG TDI Driver;C:\WINDOWS\system32\DRIVERS\avgtdix.sys --> C:\WINDOWS\system32\DRIVERS\avgtdix.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - FSUSBEXDISK

Contents of the 'Scheduled Tasks' folder

2011-04-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-23 02:53:14 . 2011-04-23 02:53:12]

2011-04-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-23 02:53:14 . 2011-04-23 02:53:12]


------- Supplementary Scan -------

uStart Page = hxxp://www.google.co.uk/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
C:\DOCUME~1\User\LOCALS~1\Temp\jatmlano.sys


Folder::
C:\Program Files\khwsfwle


Driver::
jatmlano

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Ok, here is the latest Combofix Log:

ComboFix 11-04-23.01 - User 23/04/2011 22:53:01.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1435 [GMT 1:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"C:\DOCUME~1\User\LOCALS~1\Temp\jatmlano.sys"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\khwsfwle


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JATMLANO
-------\Service_jatmlano


((((((((((((((((((((((((( Files Created from 2011-03-23 to 2011-04-23 )))))))))))))))))))))))))))))))


2011-04-23 12:22:34 . 2011-04-23 13:15:05 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2011-04-23 12:20:57 . 2011-04-23 13:14:53 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Tools
2011-04-23 02:56:20 . 2011-04-23 02:56:20 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
2011-04-23 02:53:29 . 2011-04-23 02:54:38 -------- dc-h--w- C:\WINDOWS\ie8
2011-04-23 02:53:18 . 2011-04-23 02:53:18 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2011-04-23 02:53:13 . 2011-04-23 02:57:35 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\Google
2011-04-23 02:52:47 . 2011-04-23 02:53:13 -------- d-----w- C:\Program Files\Google
2011-04-23 00:58:53 . 2011-04-23 20:17:29 -------- d-----w- C:\WINDOWS\system32\NtmsData
2011-04-23 00:57:01 . 2011-04-23 00:57:01 -------- d-----w- C:\Documents and Settings\User\Application Data\Avira
2011-04-23 00:55:54 . 2011-03-04 15:11:12 137656 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
2011-04-23 00:55:54 . 2011-03-04 13:37:13 61960 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-04-23 00:55:54 . 2010-06-17 13:27:24 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-04-23 00:55:54 . 2010-06-17 13:27:24 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-04-23 00:55:53 . 2011-04-23 00:55:53 -------- d-----w- C:\Program Files\Avira
2011-04-23 00:55:53 . 2011-04-23 00:55:53 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Avira
2011-04-22 21:30:59 . 2011-04-23 00:48:09 166768 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\isuspmmgr.exe
2011-04-22 21:30:59 . 2011-04-23 00:48:09 166768 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\agentmgr.exe
2011-04-22 21:23:14 . 2011-04-22 21:23:14 -------- d-----w- C:\Program Files\VS Revo Group
2011-04-22 21:18:02 . 2011-04-22 21:18:15 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2011-04-15 17:17:32 . 2011-04-15 17:17:32 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\Trusteer
2011-04-14 22:04:15 . 2011-04-14 22:04:16 -------- d-----w- C:\Program Files\Spotify
2011-04-06 11:23:51 . 2011-04-06 11:23:51 -------- d-----w- C:\found.000
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-03-07 05:33:50 . 2010-10-08 10:55:46 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-03-04 06:37:06 . 2006-02-28 12:00:00 420864 ----a-w- C:\WINDOWS\system32\vbscript.dll
2011-03-03 13:21:11 . 2006-02-28 12:00:00 1857920 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-02-22 23:06:29 . 2006-02-28 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-02-22 23:06:29 . 2006-02-28 12:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-02-22 23:06:29 . 2006-02-28 12:00:00 1469440 ----a-w- C:\WINDOWS\system32\inetcpl.cpl
2011-02-22 11:41:59 . 2006-02-28 12:00:00 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-02-17 13:18:24 . 2006-02-28 12:00:00 455936 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-02-17 13:18:03 . 2006-02-28 12:00:00 357888 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2011-02-17 12:32:12 . 2010-10-08 11:31:35 5120 ----a-w- C:\WINDOWS\system32\xpsp4res.dll
2011-02-15 12:56:39 . 2006-02-28 12:00:00 290432 ----a-w- C:\WINDOWS\system32\atmfd.dll
2011-02-09 13:53:52 . 2006-02-28 12:00:00 270848 ----a-w- C:\WINDOWS\system32\sbe.dll
2011-02-09 13:53:52 . 2006-02-28 12:00:00 186880 ----a-w- C:\WINDOWS\system32\encdec.dll
2011-02-08 13:33:55 . 2006-02-28 12:00:00 978944 ----a-w- C:\WINDOWS\system32\mfc42.dll
2011-02-08 13:33:55 . 2006-02-28 12:00:00 974848 ----a-w- C:\WINDOWS\system32\mfc42u.dll
2011-02-02 07:58:35 . 2010-10-08 10:52:49 2067456 ----a-w- C:\WINDOWS\system32\mstscax.dll
2011-01-27 11:57:06 . 2010-10-08 10:52:49 677888 ----a-w- C:\WINDOWS\system32\mstsc.exe


((((((((((((((((((((((((((((( SnapShot@2011-04-23_18.25.46 )))))))))))))))))))))))))))))))))))))))))

+ 2011-04-23 21:59:43 . 2011-04-23 21:59:43 16384 C:\WINDOWS\Temp\Perflib_Perfdata_744.dat
+ 2011-04-23 21:19:45 . 2011-04-23 21:19:45 16384 C:\WINDOWS\Temp\Perflib_Perfdata_64c.dat
+ 2010-10-08 10:56:04 . 2010-06-18 13:36:12 3558912 C:\WINDOWS\system32\dllcache\moviemk.exe
- 2010-10-08 10:56:04 . 2008-04-14 04:42:28 3558912 C:\WINDOWS\system32\dllcache\moviemk.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files\Steam\steam.exe" [2011-01-12 20:46:45 1242448]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-23 02:53:11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2010-07-09 15:24:16 13923432]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [BU]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30:30 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 15:45:14 35736]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 12:49:34 932288]
"NPSStartup"="" [BU]
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 21:10:00 1230704]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 13:36:51 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:42:18 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [N/A]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,,C:\Program Files\khwsfwle\skofparu.exe"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42:18 15360 ----a-w- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2005-12-20 10:27:57 155648 ----a-w- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 15:24:16 13923432 ----a-w- C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 15:24:18 110696 ----a-w- C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-07-07 22:52:40 1753192 ----a-w- C:\Program Files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-12-19 10:12:24 16062464 ----a-w- C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 17:04:26 2879488 ----a-w- C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43:18 248040 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"C:\\Documents and Settings\\User\\My Documents\\Age Of Empires II\\Age Of Empires II The Conquerors\\age2_x1.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\football manager 2011\\fm.exe"=
"C:\\Program Files\\Spotify\\spotify.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

R0 RapportKELL;RapportKELL;C:\WINDOWS\system32\drivers\RapportKELL.sys [03/10/2010 23:43:44 59240]
R1 Avgldx86;AVG AVI Loader Driver;C:\WINDOWS\system32\drivers\avgldx86.sys [07/09/2010 04:48:54 251728]
R1 RapportCerberus_25973;RapportCerberus_25973;C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys [13/04/2011 12:17:06 57144]
R1 RapportPG;RapportPG;C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 23:43:44 169320]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [23/04/2011 01:55:54 135336]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [27/01/2011 19:03:01 233472]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [27/01/2011 19:03:01 36608]
S2 AVGIDSAgent;AVGIDSAgent;"C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"C:\Program Files\AVG\AVG10\avgwdsvc.exe" --> C:\Program Files\AVG\AVG10\avgwdsvc.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [23/04/2011 03:53:14 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe --> C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [?]
S3 W35UND;IS89C35 802.11bg WLAN USB Adapter Driver;C:\WINDOWS\system32\drivers\W35UND.SYS [08/10/2010 12:18:03 117632]
S4 AVGIDSDriver;AVGIDSDriver;C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys --> C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [?]
S4 AVGIDSEH;AVGIDSEH;C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys --> C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [?]
S4 AVGIDSFilter;AVGIDSFilter;C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys --> C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [?]
S4 AVGIDSShim;AVGIDSShim;C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys --> C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [?]
S4 Avgrkx86;AVG Anti-Rootkit Driver;C:\WINDOWS\system32\DRIVERS\avgrkx86.sys --> C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [?]
S4 Avgtdix;AVG TDI Driver;C:\WINDOWS\system32\DRIVERS\avgtdix.sys --> C:\WINDOWS\system32\DRIVERS\avgtdix.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - FSUSBEXDISK

Contents of the 'Scheduled Tasks' folder

2011-04-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-23 02:53:14 . 2011-04-23 02:53:12]

2011-04-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-23 02:53:14 . 2011-04-23 02:53:12]


------- Supplementary Scan -------

uStart Page = hxxp://www.google.co.uk/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************
 
We still can't get complete log...

I can see two AV programs listed there, Avira and AVG.
Did you uninstall AVG before running Combofix?
 
I don't have AVG installed anymore, i tried to uninstall it when i put Avira on but there was a problem with the process and i don't think it got rid of everything, its not functioning though, its not on the taskbar at the bottom and doesn't have a folder in program files.
 
Ok i did the AVG remover and then re ran Combofix, it looks like AVG is still there though? The remover seemed to run fine.
Here is the Combofix log:

ComboFix 11-04-23.01 - User 23/04/2011 23:39:25.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1546 [GMT 1:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JATMLANO
-------\Service_jatmlano


((((((((((((((((((((((((( Files Created from 2011-03-23 to 2011-04-23 )))))))))))))))))))))))))))))))


2011-04-23 22:00:58 . 2011-04-23 22:00:58 -------- d-----w- C:\Program Files\khwsfwle
2011-04-23 12:22:34 . 2011-04-23 13:15:05 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2011-04-23 12:20:57 . 2011-04-23 13:14:53 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Tools
2011-04-23 02:56:20 . 2011-04-23 02:56:20 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
2011-04-23 02:53:29 . 2011-04-23 02:54:38 -------- dc-h--w- C:\WINDOWS\ie8
2011-04-23 02:53:18 . 2011-04-23 02:53:18 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
2011-04-23 02:53:13 . 2011-04-23 02:57:35 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\Google
2011-04-23 02:52:47 . 2011-04-23 02:53:13 -------- d-----w- C:\Program Files\Google
2011-04-23 00:58:53 . 2011-04-23 22:23:55 -------- d-----w- C:\WINDOWS\system32\NtmsData
2011-04-23 00:57:01 . 2011-04-23 00:57:01 -------- d-----w- C:\Documents and Settings\User\Application Data\Avira
2011-04-23 00:55:54 . 2011-03-04 15:11:12 137656 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys
2011-04-23 00:55:54 . 2011-03-04 13:37:13 61960 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys
2011-04-23 00:55:54 . 2010-06-17 13:27:24 45416 ----a-w- C:\WINDOWS\system32\drivers\avgntdd.sys
2011-04-23 00:55:54 . 2010-06-17 13:27:24 22360 ----a-w- C:\WINDOWS\system32\drivers\avgntmgr.sys
2011-04-23 00:55:53 . 2011-04-23 00:55:53 -------- d-----w- C:\Program Files\Avira
2011-04-23 00:55:53 . 2011-04-23 00:55:53 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Avira
2011-04-22 21:30:59 . 2011-04-23 00:48:09 166768 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\isuspmmgr.exe
2011-04-22 21:30:59 . 2011-04-23 00:48:09 166768 ----a-w- C:\Program Files\Common Files\InstallShield\UpdateService\agentmgr.exe
2011-04-22 21:23:14 . 2011-04-22 21:23:14 -------- d-----w- C:\Program Files\VS Revo Group
2011-04-22 21:18:02 . 2011-04-23 22:37:33 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2011-04-15 17:17:32 . 2011-04-15 17:17:32 -------- d-----w- C:\Documents and Settings\User\Local Settings\Application Data\Trusteer
2011-04-14 22:04:15 . 2011-04-14 22:04:16 -------- d-----w- C:\Program Files\Spotify
2011-04-06 11:23:51 . 2011-04-06 11:23:51 -------- d-----w- C:\found.000
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-03-07 05:33:50 . 2010-10-08 10:55:46 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-03-04 06:37:06 . 2006-02-28 12:00:00 420864 ----a-w- C:\WINDOWS\system32\vbscript.dll
2011-03-03 13:21:11 . 2006-02-28 12:00:00 1857920 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-02-22 23:06:29 . 2006-02-28 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-02-22 23:06:29 . 2006-02-28 12:00:00 43520 ----a-w- C:\WINDOWS\system32\licmgr10.dll
2011-02-22 23:06:29 . 2006-02-28 12:00:00 1469440 ----a-w- C:\WINDOWS\system32\inetcpl.cpl
2011-02-22 11:41:59 . 2006-02-28 12:00:00 385024 ----a-w- C:\WINDOWS\system32\html.iec
2011-02-17 13:18:24 . 2006-02-28 12:00:00 455936 ----a-w- C:\WINDOWS\system32\drivers\mrxsmb.sys
2011-02-17 13:18:03 . 2006-02-28 12:00:00 357888 ----a-w- C:\WINDOWS\system32\drivers\srv.sys
2011-02-17 12:32:12 . 2010-10-08 11:31:35 5120 ----a-w- C:\WINDOWS\system32\xpsp4res.dll
2011-02-15 12:56:39 . 2006-02-28 12:00:00 290432 ----a-w- C:\WINDOWS\system32\atmfd.dll
2011-02-09 13:53:52 . 2006-02-28 12:00:00 270848 ----a-w- C:\WINDOWS\system32\sbe.dll
2011-02-09 13:53:52 . 2006-02-28 12:00:00 186880 ----a-w- C:\WINDOWS\system32\encdec.dll
2011-02-08 13:33:55 . 2006-02-28 12:00:00 978944 ----a-w- C:\WINDOWS\system32\mfc42.dll
2011-02-08 13:33:55 . 2006-02-28 12:00:00 974848 ----a-w- C:\WINDOWS\system32\mfc42u.dll
2011-02-02 07:58:35 . 2010-10-08 10:52:49 2067456 ----a-w- C:\WINDOWS\system32\mstscax.dll
2011-01-27 11:57:06 . 2010-10-08 10:52:49 677888 ----a-w- C:\WINDOWS\system32\mstsc.exe


((((((((((((((((((((((((((((( SnapShot@2011-04-23_18.25.46 )))))))))))))))))))))))))))))))))))))))))

+ 2011-04-23 22:44:50 . 2011-04-23 22:44:50 16384 C:\WINDOWS\Temp\Perflib_Perfdata_72c.dat
+ 2011-04-23 22:04:26 . 2011-04-23 22:04:26 16384 C:\WINDOWS\Temp\Perflib_Perfdata_5a0.dat
+ 2010-10-08 10:56:04 . 2010-06-18 13:36:12 3558912 C:\WINDOWS\system32\dllcache\moviemk.exe
- 2010-10-08 10:56:04 . 2008-04-14 04:42:28 3558912 C:\WINDOWS\system32\dllcache\moviemk.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files\Steam\steam.exe" [2011-01-12 20:46:45 1242448]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-23 02:53:11 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2010-07-09 15:24:16 13923432]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [BU]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30:30 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 15:45:14 35736]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 12:49:34 932288]
"NPSStartup"="" [BU]
"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 21:10:00 1230704]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 13:36:51 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:42:18 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [N/A]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,,C:\Program Files\khwsfwle\skofparu.exe"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 04:42:18 15360 ----a-w- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
2005-12-20 10:27:57 155648 ----a-w- C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-07-09 15:24:16 13923432 ----a-w- C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 15:24:18 110696 ----a-w- C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-07-07 22:52:40 1753192 ----a-w- C:\Program Files\NVIDIA Corporation\nView\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-12-19 10:12:24 16062464 ----a-w- C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 17:04:26 2879488 ----a-w- C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43:18 248040 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2010\\fm.exe"=
"C:\\Documents and Settings\\User\\My Documents\\Age Of Empires II\\Age Of Empires II The Conquerors\\age2_x1.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\football manager 2011\\fm.exe"=
"C:\\Program Files\\Spotify\\spotify.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

R0 RapportKELL;RapportKELL;C:\WINDOWS\system32\drivers\RapportKELL.sys [03/10/2010 23:43:44 59240]
R1 RapportCerberus_25973;RapportCerberus_25973;C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\25973\RapportCerberus_25973.sys [13/04/2011 12:17:06 57144]
R1 RapportPG;RapportPG;C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [03/10/2010 23:43:44 169320]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [23/04/2011 01:55:54 135336]
R2 FsUsbExService;FsUsbExService;C:\WINDOWS\system32\FsUsbExService.Exe [27/01/2011 19:03:01 233472]
R3 FsUsbExDisk;FsUsbExDisk;C:\WINDOWS\system32\FsUsbExDisk.Sys [27/01/2011 19:03:01 36608]
S2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [23/04/2011 03:53:14 135664]
S3 W35UND;IS89C35 802.11bg WLAN USB Adapter Driver;C:\WINDOWS\system32\drivers\W35UND.SYS [08/10/2010 12:18:03 117632]
S4 AVGIDSShim;AVGIDSShim;C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys --> C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - FSUSBEXDISK

Contents of the 'Scheduled Tasks' folder

2011-04-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-23 02:53:14 . 2011-04-23 02:53:12]

2011-04-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2011-04-23 02:53:14 . 2011-04-23 02:53:12]


------- Supplementary Scan -------

uStart Page = hxxp://www.google.co.uk/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html


**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-23 23:45:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}

File::
C:\Program Files\khwsfwle\skofparu.exe
C:\WINDOWS\system32\drivers\avgldx86.sys
C:\WINDOWS\system32\DRIVERS\avgtdix.sys
C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys

Folder::
C:\Documents and Settings\All Users\Application Data\PC Tools
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
C:\Program Files\AVG


Driver::
Avgldx86
AVGIDSAgent
avgwd
AVG Security Toolbar Service
AVGIDSDriver
AVGIDSEH
AVGIDSFilter
AVGIDSShim
Avgrkx86
Avgtdix

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Ok i've tried it 3 times but it won't create a log and the Combofix folder has now turned into the symbol of the 'monitor and the tower'. As soon as it gets to the 'deleting files' part in Combofix, it restarts?
 
Delete your Combofix file, download fresh one, restart computer in Safe Mode and try again.
 
It has been stuck on 'Completed Stage 27' for about 10 minutes, should i leave it? Also i am a freelance designer and could do to use Coreldraw, is this a bad idea while the computer has a virus on? Thanks for your help.
 
Status
Not open for further replies.

Similar threads

Julio Franco
The complete list of alternatives to all Google products
2 3 4
Replies
98
Views
34K
wizardB
wizardB
P
Google founders Sergey Brin and Larry Page step down from their Alphabet leadership roles
Replies
4
Views
2K
OortCloud
O
Julio Franco
5 alternatives to using WhatsApp in 2021
Replies
18
Views
3K
Danny101
Danny101

Latest posts

Back