Inactive Persistent Win32/Zbot.G virus problem

Status
Not open for further replies.
S

SadPanda

Posts: 10   +0
It would appear that I am suffering from the somewhat common problem of finding multiple instances of the Win32/Zbot.G virus using AVG. I can not open certain programs such as Skype, although I can use my anti-virus software and my internet browser. I have followed the 7 step removal thread and have the following logs:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7356

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

02/08/2011 16:23:58
mbam-log-2011-08-02 (16-23-58).txt

Scan type: Quick scan
Objects scanned: 159620
Time elapsed: 14 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Clive\AppData\Local\Temp\0.38175907091109873.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-02 16:39:32
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: shxkx4gq.exe; Driver: C:\Users\Clive\AppData\Local\Temp\pxldrpog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Livekbc.SYS (Windows NT Caps-lock Ctrl Swapper/Systems Internals)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Livekbc.SYS (Windows NT Caps-lock Ctrl Swapper/Systems Internals)

---- EOF - GMER 1.0.15 ----
 
More Logs

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by Clive at 16:40:46 on 2011-08-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3071.1572 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\YouCam\YouCamTray.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\The TechGuys\Launch\Launch.exe
C:\Program Files\OEM\LIVE! OSD 1.14(AD)\osd.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Steam\SteamService.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=DSGJ&bmod=DSGJ
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [Reminder] c:\program files\ttg\reminder\Reminder.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [IcnKvtqn] c:\users\clive\appdata\local\avvxlqhw\icnkvtqn.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [MDS_Menu] "c:\program files\cyberlink\mediashowespresso\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\mediashowespresso" updatewithcreateonce "software\cyberlink\mediashow espresso\5.0"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\clive\appdata\roaming\microsoft\windows\start menu\programs\startup\icnkvtqn.exe
StartupFolder: c:\users\clive\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch.lnk - c:\windows\installer\{4a65dad2-e914-4923-9c2a-81b968a68ce2}\_A685CC3126A7CC37D335DE.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\osd.lnk - c:\windows\installer\{73289228-1853-4623-982a-eb17ff0270ca}\_CCB0CAEC2D875359E0C287.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8C6DEF76-4C69-4F57-BD98-18A56E217A73} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8C6DEF76-4C69-4F57-BD98-18A56E217A73}\244584F6D65684572623D2B4452574 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8C6DEF76-4C69-4F57-BD98-18A56E217A73}\65F69646 : DhcpNameServer = 192.168.0.1 192.168.1.254
TCP: Interfaces\{8C6DEF76-4C69-4F57-BD98-18A56E217A73}\65F69646F5D656469616 : DhcpNameServer = 192.168.0.1 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\clive\appdata\roaming\mozilla\firefox\profiles\7gpzvs2f.default\
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\users\clive\appdata\roaming\mozilla\firefox\profiles\7gpzvs2f.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\clive\appdata\roaming\mozilla\firefox\profiles\7gpzvs2f.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: Veoh Web Player Community Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - %profile%\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2005-11-14 34176]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2011-6-22 53816]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 RapportCerberus_28711;RapportCerberus_28711;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\28711\RapportCerberus32_28711.sys [2011-7-17 216752]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-6-22 66360]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-6-22 158904]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-7-8 176128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-5-25 1336712]
R2 LiveGpdKBFilter;LiveGpdKBFilter;c:\windows\system32\drivers\LiveGpdKBFilter.sys [2009-9-1 4096]
R2 LiveIO;LiveIO;c:\windows\system32\drivers\LiveIO.sys [2009-9-1 15312]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-2 366640]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-6-22 870200]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2009-12-17 497856]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-7-8 8312832]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-7-8 244736]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 Livekbc;Livekbc;c:\windows\system32\drivers\Livekbc.sys [2009-9-1 4096]
R3 Livemouclass;Livemouclass;c:\windows\system32\drivers\Livemouclass.sys [2009-9-1 3968]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-2 22712]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-1 167936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-15 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-9-15 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-15 136176]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-9-1 122368]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-2 41272]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-9-1 166912]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-23 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-17 1343400]
.
=============== Created Last 30 ================
.
2011-08-02 15:06:15 -------- d-----w- c:\users\clive\appdata\roaming\Malwarebytes
2011-08-02 15:06:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-02 15:06:07 -------- d-----w- c:\programdata\Malwarebytes
2011-08-02 15:06:04 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 15:06:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-02 14:08:10 -------- d-----w- c:\users\clive\appdata\local\ATI
2011-08-02 14:08:04 -------- d-----w- c:\program files\AMD APP
2011-08-02 14:08:02 -------- d-----w- c:\program files\common files\ATI Technologies
2011-08-02 14:04:35 -------- d-----w- C:\AMD
2011-08-02 13:47:56 -------- d-----w- c:\windows\system32\SPReview
2011-08-02 13:46:43 -------- d-----w- c:\windows\system32\EventProviders
2011-08-02 12:06:01 -------- d--h--w- C:\$AVG
2011-08-02 11:54:43 -------- d-----w- c:\users\clive\appdata\roaming\AVG10
2011-08-02 11:52:07 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-02 11:52:07 -------- d-----w- c:\programdata\AVG10
2011-08-02 11:50:26 -------- d-----w- c:\program files\AVG
2011-08-02 11:45:19 -------- d--h--w- c:\programdata\Common Files
2011-08-02 11:33:59 -------- d-----w- c:\programdata\MFAData
2011-08-02 11:30:58 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c5fd329f-35ad-40d0-b63c-ba99ef6c1bc7}\mpengine.dll
2011-08-02 01:14:31 -------- d-----w- c:\users\clive\appdata\local\avvxlqhw
2011-07-27 19:36:53 -------- d-----w- c:\users\clive\appdata\local\Zachtronics Industries
2011-07-20 02:03:14 -------- d-----w- c:\users\clive\appdata\local\Cisco
2011-07-20 01:40:06 -------- d-----w- c:\program files\Cisco
2011-07-20 01:39:22 -------- d-----w- c:\programdata\Cisco
2011-07-12 23:30:52 271872 ----a-w- c:\windows\system32\conhost.exe
2011-07-12 23:30:51 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-12 23:30:34 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-11 10:13:20 3727360 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2011-07-10 17:26:13 -------- d-----w- C:\Temp
2011-07-10 17:21:09 -------- d-----w- c:\users\clive\appdata\roaming\Wizards of the Coast
2011-07-08 04:14:40 8312832 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-07-08 03:33:28 17940992 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-08 03:29:54 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-08 03:29:44 689152 ----a-w- c:\windows\system32\aticfx32.dll
2011-07-08 03:25:48 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-08 03:25:20 401408 ----a-w- c:\windows\system32\atieclxx.exe
2011-07-08 03:24:52 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-07-08 03:23:40 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-07-08 03:23:26 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-08 03:23:14 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-08 03:23:06 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-07-08 03:22:58 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-08 03:05:46 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-07-08 03:02:06 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-08 03:01:58 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-08 02:58:52 6740480 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-08 02:54:28 52736 ----a-w- c:\windows\system32\coinst.dll
2011-07-08 02:47:34 266240 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-08 02:47:20 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-07-08 02:47:10 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-07-08 02:46:42 244736 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-07-08 02:46:14 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-07-08 02:45:58 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-07-08 02:45:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-08 02:40:48 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-08 02:40:48 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-07 22:37:28 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-07 22:37:06 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-07 22:36:46 13904896 ----a-w- c:\windows\system32\amdocl.dll
.
==================== Find3M ====================
.
2011-08-02 13:56:20 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-19 15:07:43 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-07-19 15:07:43 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-07-08 03:19:50 4275712 ----a-w- c:\windows\system32\atidxx32.dll
2011-07-08 03:00:34 4367360 ----a-w- c:\windows\system32\atiumdag.dll
2011-07-08 02:55:56 4039680 ----a-w- c:\windows\system32\atiumdva.dll
2011-06-22 17:01:26 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-06-16 02:34:06 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-16 02:34:06 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-03 05:59:23 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-06-03 03:48:32 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-05-28 02:53:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-25 13:13:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-24 18:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:44:59 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
.
============= FINISH: 16:42:05.47 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 15/09/2010 15:52:55
System Uptime: 02/08/2011 16:26:45 (0 hours ago)
.
Motherboard: MSI | | MS-1722
Processor: Intel(R) Core(TM)2 Quad CPU Q9000 @ 2.00GHz | CPU 1 | 2001/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 456 GiB total, 322.778 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0001
Service: vpnva
.
Class GUID:
Description:
Device ID: ACPI\ENE0100\4&FE887C4&0
Manufacturer:
Name:
PNP Device ID: ACPI\ENE0100\4&FE887C4&0
Service:
.
==== System Restore Points ===================
.
RP231: 02/08/2011 14:47:47 - Windows 7 Service Pack 1
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Adventure Tools
AMD APP SDK Runtime
AMD Media Foundation Decoders
Armada 2526
ATI Catalyst Install Manager
AVG 2011
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Pro Control Center
ccc-utility
CCC Help English
Cisco AnyConnect VPN Client
Click to Call with Skype
Clones
Commander: Conquest of the Americas
Compatibility Pack for the 2007 Office system
Critical Mass
CyberLink MediaShow Espresso
CyberLink Power2Go
CyberLink YouCam
Darkest Hour: A Hearts of Iron Game
Democracy 2
DiceMage
DivX Setup
Dragon Age II
Dwarfs!?
Europa Universalis III
Fallout: New Vegas
Fate of the World
Google Chrome
Google Update Helper
Graph 4.3
Greed Corp
Heroes of Newerth
Intel(R) TV Wizard
Intel® Matrix Storage Manager
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 22
Junk Mail filter update
Lands To Conquer Gold
Launch
LIVE! Control Center 1.05
LIVE! OSD 1.14(AD)
LogMeIn Hamachi
Magic Online
Malwarebytes' Anti-Malware version 1.51.1.1800
Medieval II Total War
Medieval II Total War : Kingdoms : Britannia
Medieval II Total War : Kingdoms : Crusades
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mount&Blade Warband
Mozilla Firefox (3.6.18)
MSVCRT
OpenAL
OpenOffice.org 3.3
PlayReady PC Runtime x86
Pride of Nations
Rapport
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Driver
RealUpgrade 1.1
RollerCoaster Tycoon 2
RUSH
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Sid Meier's Civilization V
Silent Hunter: Wolves of the Pacific
Skype™ 5.5
SpaceChem
Spotify
StarCraft II
Steam
Supreme Ruler Cold War
Synaptics Pointing Device Driver
Terraria
The Lord of the Rings FREE Trial
The Tiny Bang Story
Third Age - Total War 2.0 (Part1of2)
Third Age - Total War 2.0 (Part2of2)
Tidalis
Total War: SHOGUN 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974631)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Ventrilo Client
Veoh Web Player
Victoria 2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
World of Goo
.
==== Event Viewer Messages From Past Week ========
.
31/07/2011 01:06:21, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
28/07/2011 21:30:13, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {C2BFE331-6739-4270-86C9-493D9A04CD38}. The error: "2" Happened while starting this command: C:\windows\system32\igfxsrvc.exe -Embedding
02/08/2011 16:36:48, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}. The error: "2" Happened while starting this command: C:\windows\system32\igfxsrvc.exe -Embedding
02/08/2011 16:33:43, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
02/08/2011 16:33:43, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
02/08/2011 15:34:25, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/2944732723/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
02/08/2011 15:34:25, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.
02/08/2011 15:06:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Internet Explorer 9 for Windows 7.
02/08/2011 13:03:54, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
02/08/2011 13:03:54, Error: atikmdag [43029] - Display is not active
02/08/2011 13:02:21, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
02/08/2011 12:28:45, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
02/08/2011 12:28:45, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
02/08/2011 02:16:53, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x00000001, 0x00000002, 0x00000008, 0x00000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080211-22386-01.
.
==== End Of File ===========================


Any help on getting rid of this virus would be greatly appreciated. Thanks. :)
 
Welcome to TechSpot! The count so far if 3 members posting today with AVG and Zbot. The last time this happened, it was AVG and Win32/Heur, a False Positive caused by a bad update.

So I'd like to run the following online scan and reserve further action until I see that:
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
============================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
More Logs

Here is this the log for the latest scan you asked me to carry out:

C:\Users\Clive\AppData\Local\Temp\jar_cache4793716119360110880.tmp multiple threats
C:\Users\Clive\AppData\Local\Temp\jar_cache7695801933898728842.tmp a variant of Java/Mugademel.B trojan
C:\Users\Clive\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\2e283dd7-3c520749 multiple threats
C:\Users\Clive\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\67b08a68-22999940 Java/TrojanDownloader.Agent.JX trojan
C:\Users\Clive\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\6d16b872-3eecdc3c probably a variant of Win32/Agent.RPSVWU trojan
C:\Users\Clive\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\4b361974-7de5040c multiple threats
C:\Users\Clive\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\edb02f6-424c22c8 a variant of Java/Agent.BR trojan
C:\Users\Clive\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\30ee3746-79de2858 probably a variant of Java/Agent.BR trojan
C:\Users\Clive\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\74906648-4e26eb29 multiple threats


It doesn't look like it picked up the Win32/Zbot.G files. My AVG Resident Shield kept informing me that it was finding more files as they were scanned by the ESET scan. In any case, it looks like I have multiple trojan viruses and I would of course appreciate any help with removing them. :)
 
You have 2 outdated versions of Java: Java v6u20 & Java v6u22. These are vulnerabilities on the system. All the Eset entries for malware are in the Java cache:
Please update Java: Java Updates Then uninstall any earlier versions in Add/Remove Programs..

Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
-------------------------
After update empty the Java cache:
  1. . Click Start > Control Panel.
  2. . Double-click the Java icon
    java.png
    in the Control Panel.
  3. . Click Settings under Temporary Internet Files.
    http://www.java.com/en/img/download/5000020303.jpg[/b]
    There are three options on this window to clear the cache.(Version dependent)
    [o]. Delete Files
    [o]. View Applications
    [o]. View Applets
    [*]. Click OK on Delete Temporary Files window.
    Note: This deletes all the Downloaded Applications and Applets from the cache.
    [*]. Click OK on Temporary Files Settings window. [/list]
    ============================================
    [B]You need to run Combofix and it won't run with AVG. So you will have to temporarily uninstall it as follows:[/B]
    Download [url=https://www.techspot.com/downloads/5514-appremover.htmlget/appremover.exe][b][color=blue] AppRemover[/b][/color][/url] and save to the desktop[list=1]
    [*] Double click the setup on the desktop> click [b]Next[/b]
    [*] Select “Remove Security Application”
    [*] Let scan finish to determine security apps
    [*] A screen like below will appear:
    [img]https://www.techspot.com/downloads/5514-appremover.htmlabout/chooseuninstall.gif/image_preview
  4. Click on Next after choice has been made
  5. Check the AVG program you want to uninstall
  6. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
====================================
Please leave Combofix log in next reply.
 
ComboFix Log

Here is the ComboFix log that you asked for:

ComboFix 11-08-03.03 - Clive 04/08/2011 2:52.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3071.1837 [GMT 1:00]
Running from: c:\users\Clive\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\Steam\steam.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-04 to 2011-08-04 )))))))))))))))))))))))))))))))
.
.
2011-08-04 01:42 . 2011-06-17 11:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-04 01:42 . 2011-06-17 11:37 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-04 01:42 . 2011-08-04 01:42 -------- d-----w- c:\programdata\Avira
2011-08-04 01:42 . 2011-08-04 01:42 -------- d-----w- c:\program files\Avira
2011-08-04 01:18 . 2011-08-04 01:18 -------- d-----w- c:\program files\Common Files\Java
2011-08-03 12:37 . 2011-08-03 20:48 -------- d-----w- c:\users\Clive\AppData\Roaming\Skype
2011-08-02 19:30 . 2011-08-02 19:30 -------- d-----w- c:\program files\ESET
2011-08-02 15:06 . 2011-08-02 15:06 -------- d-----w- c:\users\Clive\AppData\Roaming\Malwarebytes
2011-08-02 15:06 . 2011-08-02 15:06 -------- d-----w- c:\programdata\Malwarebytes
2011-08-02 15:06 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-02 15:06 . 2011-08-02 15:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-02 15:06 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 14:08 . 2011-08-02 14:08 -------- d-----w- c:\users\Clive\AppData\Roaming\ATI
2011-08-02 14:08 . 2011-08-02 14:08 -------- d-----w- c:\users\Clive\AppData\Local\ATI
2011-08-02 14:08 . 2011-08-02 14:08 -------- d-----w- c:\programdata\ATI
2011-08-02 14:08 . 2011-08-02 14:08 -------- d-----w- c:\program files\AMD APP
2011-08-02 14:08 . 2011-08-02 14:08 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-08-02 14:04 . 2011-08-02 14:04 -------- d-----w- C:\AMD
2011-08-02 13:47 . 2011-08-02 13:47 -------- d-----w- c:\windows\system32\SPReview
2011-08-02 13:46 . 2011-08-02 13:46 -------- d-----w- c:\windows\system32\EventProviders
2011-08-02 12:06 . 2011-08-02 12:06 -------- d-----w- C:\$AVG
2011-08-02 11:52 . 2011-08-04 01:28 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-02 11:50 . 2011-08-02 11:50 -------- d-----w- c:\program files\AVG
2011-08-02 11:45 . 2011-08-02 11:45 -------- d--h--w- c:\programdata\Common Files
2011-08-02 11:30 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5FD329F-35AD-40D0-B63C-BA99EF6C1BC7}\mpengine.dll
2011-08-02 01:14 . 2011-08-03 20:48 -------- d-----w- c:\users\Clive\AppData\Local\avvxlqhw
2011-07-27 19:36 . 2011-07-27 19:36 -------- d-----w- c:\users\Clive\AppData\Local\Zachtronics Industries
2011-07-20 02:03 . 2011-07-20 02:03 -------- d-----w- c:\users\Clive\AppData\Local\Cisco
2011-07-20 01:40 . 2011-07-20 01:40 -------- d-----w- c:\program files\Cisco
2011-07-20 01:39 . 2011-07-20 01:39 -------- d-----w- c:\programdata\Cisco
2011-07-12 23:30 . 2011-06-03 05:56 271872 ----a-w- c:\windows\system32\conhost.exe
2011-07-12 23:30 . 2011-06-03 06:01 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-12 23:30 . 2011-06-11 02:29 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-11 10:13 . 2011-07-11 10:13 3727360 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-07-10 17:26 . 2011-07-10 17:26 -------- d-----w- C:\Temp
2011-07-10 17:21 . 2011-07-10 17:26 -------- d-----w- c:\users\Clive\AppData\Roaming\Wizards of the Coast
2011-07-08 04:14 . 2011-07-08 04:14 8312832 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-07-08 03:33 . 2011-07-08 03:33 17940992 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-08 03:29 . 2011-07-08 03:29 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-08 03:29 . 2011-07-08 03:29 689152 ----a-w- c:\windows\system32\aticfx32.dll
2011-07-08 03:25 . 2011-07-08 03:25 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-08 03:25 . 2011-07-08 03:25 401408 ----a-w- c:\windows\system32\atieclxx.exe
2011-07-08 03:24 . 2011-07-08 03:24 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-07-08 03:23 . 2011-07-08 03:23 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-07-08 03:23 . 2011-07-08 03:23 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-08 03:23 . 2011-07-08 03:23 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-08 03:23 . 2011-07-08 03:23 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-07-08 03:22 . 2011-07-08 03:22 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-08 03:05 . 2011-07-08 03:05 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-07-08 03:02 . 2011-07-08 03:02 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-08 03:01 . 2011-07-08 03:01 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-08 02:58 . 2011-07-08 02:58 6740480 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-08 02:54 . 2011-07-08 02:54 52736 ----a-w- c:\windows\system32\coinst.dll
2011-07-08 02:47 . 2011-07-08 02:47 266240 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-08 02:47 . 2011-07-08 02:47 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-07-08 02:47 . 2011-07-08 02:47 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-07-08 02:46 . 2011-07-08 02:46 244736 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-07-08 02:46 . 2011-07-08 02:46 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-07-08 02:45 . 2011-07-08 02:45 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-07-08 02:45 . 2011-07-08 02:45 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-08 02:40 . 2011-07-08 02:40 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-08 02:40 . 2011-07-08 02:40 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-07 22:37 . 2011-07-07 22:37 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-07 22:37 . 2011-07-07 22:37 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-07 22:36 . 2011-07-07 22:36 13904896 ----a-w- c:\windows\system32\amdocl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-02 13:56 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-19 15:07 . 2010-11-19 15:53 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-07-19 15:07 . 2010-11-19 15:53 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-07-08 03:19 . 2009-07-13 22:09 4275712 ----a-w- c:\windows\system32\atidxx32.dll
2011-07-08 03:00 . 2009-06-10 21:19 4367360 ----a-w- c:\windows\system32\atiumdag.dll
2011-07-08 02:55 . 2009-07-13 22:09 4039680 ----a-w- c:\windows\system32\atiumdva.dll
2011-06-22 17:01 . 2011-06-22 17:01 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-06-16 02:34 . 2011-06-16 02:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-16 02:34 . 2011-06-16 02:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-05-28 02:53 . 2011-06-16 08:06 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 18:14 . 2010-09-15 15:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:44 . 2011-06-29 06:49 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="c:\program files\TTG\Reminder\Reminder.exe" [2009-08-26 3599360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-25 1537320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-26 7723552]
"MDS_Menu"="c:\program files\CyberLink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-07-31 162912]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2010-11-21 274608]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 336384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
c:\users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launch.lnk - c:\windows\Installer\{4A65DAD2-E914-4923-9C2A-81B968A68CE2}\_A685CC3126A7CC37D335DE.exe [2009-9-3 17542]
OSD.lnk - c:\windows\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_CCB0CAEC2D875359E0C287.exe [2009-9-1 3262]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 136176]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 Micorsoft Windows Service;Micorsoft Windows Service;c:\users\Clive\AppData\Local\Temp\pqoryqma.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-04 166912]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-17 1343400]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-06-22 53816]
S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [2011-08-03 216912]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-06-22 66360]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-06-22 158904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 LiveGpdKBFilter;LiveGpdKBFilter; [x]
S2 LiveIO;LiveIO; [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-22 870200]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-08 8312832]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-08 244736]
S3 Livekbc;Livekbc; [x]
S3 Livemouclass;Livemouclass; [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGNTFLT
*NewlyCreated* - AVIPBB
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 16:28]
.
2011-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 16:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Clive\AppData\Roaming\Mozilla\Firefox\Profiles\7gpzvs2f.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Veoh Web Player Community Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - %profile%\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Steam - c:\program files\Steam\Steam.exe
AddRemove-Steam App 105300 - c:\program files\Steam\steam.exe
AddRemove-Steam App 105600 - c:\program files\Steam\steam.exe
AddRemove-Steam App 15200 - c:\program files\Steam\steam.exe
AddRemove-Steam App 22000 - c:\program files\Steam\steam.exe
AddRemove-Steam App 22380 - c:\program files\Steam\steam.exe
AddRemove-Steam App 25800 - c:\program files\Steam\steam.exe
AddRemove-Steam App 34330 - c:\program files\Steam\steam.exe
AddRemove-Steam App 35480 - c:\program files\Steam\steam.exe
AddRemove-Steam App 38720 - c:\program files\Steam\steam.exe
AddRemove-Steam App 40420 - c:\program files\Steam\steam.exe
AddRemove-Steam App 46790 - c:\program files\Steam\steam.exe
AddRemove-Steam App 48950 - c:\program files\Steam\steam.exe
AddRemove-Steam App 49300 - c:\program files\Steam\steam.exe
AddRemove-Steam App 72400 - c:\program files\Steam\steam.exe
AddRemove-Steam App 73170 - c:\program files\Steam\steam.exe
AddRemove-Steam App 73190 - c:\program files\Steam\steam.exe
AddRemove-Steam App 73220 - c:\program files\Steam\steam.exe
AddRemove-Steam App 80200 - c:\program files\Steam\steam.exe
AddRemove-Steam App 8930 - c:\program files\Steam\steam.exe
AddRemove-Steam App 92800 - c:\program files\Steam\steam.exe
AddRemove-Steam App 96000 - c:\program files\Steam\steam.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2693697804-2782872241-537400155-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-04 03:07:01
ComboFix-quarantined-files.txt 2011-08-04 02:07
.
Pre-Run: 344,178,872,320 bytes free
Post-Run: 344,942,112,768 bytes free
.
- - End Of File - - FE615FB551B2F483F658A6EEFA6095EF


Thanks for the help so far. :)
 
You're welcome!

Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
Code: 
File::
c:\users\Clive\AppData\Local\Temp\pqoryqma.sys
c:\windows\system32\DRIVERS\Rts516xIR.sys
Folder::
c:\users\Clive\AppData\Local\avvxlqhw
C:\Temp
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"=-
RegNull::
[HKEY_USERS\S-1-5-21-2693697804-2782872241-537400155-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
Driver::
Micorsoft Windows Service
LiveIO
Livekb
Livemouclass
RtsUIR
FCopy::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Please remove the following in Firefox: (Tools> Addos)
Java v6u22
Java v6u26
Conduit Engine.
Note: You do not have to add a separate extension for Java to Firefox when you update.
 
ComboFix Log

Here is the ComboFix log:

ComboFix 11-08-05.01 - Clive 05/08/2011 17:34:39.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3071.1995 [GMT 1:00]
Running from: c:\users\Clive\Desktop\ComboFix.exe
Command switches used :: c:\users\Clive\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Clive\AppData\Local\Temp\pqoryqma.sys"
"c:\windows\system32\DRIVERS\Rts516xIR.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Temp
c:\users\Clive\AppData\Local\avvxlqhw
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_LIVEIO
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
-------\Service_LiveIO
-------\Service_Livemouclass
-------\Service_Micorsoft Windows Service
-------\Service_RtsUIR
.
.
((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-05 16:46 . 2011-08-05 16:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-04 02:09 . 2011-08-04 02:09 -------- d-----w- c:\users\Clive\AppData\Roaming\Avira
2011-08-04 02:07 . 2011-08-05 16:49 -------- d-----w- c:\users\Clive\AppData\Local\temp
2011-08-04 01:42 . 2011-08-05 13:11 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-04 01:42 . 2011-08-05 13:11 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-04 01:42 . 2011-08-04 01:42 -------- d-----w- c:\programdata\Avira
2011-08-04 01:42 . 2011-08-04 01:42 -------- d-----w- c:\program files\Avira
2011-08-04 01:18 . 2011-08-04 01:18 -------- d-----w- c:\program files\Common Files\Java
2011-08-03 12:37 . 2011-08-03 20:48 -------- d-----w- c:\users\Clive\AppData\Roaming\Skype
2011-08-02 19:30 . 2011-08-02 19:30 -------- d-----w- c:\program files\ESET
2011-08-02 15:06 . 2011-08-02 15:06 -------- d-----w- c:\users\Clive\AppData\Roaming\Malwarebytes
2011-08-02 15:06 . 2011-08-02 15:06 -------- d-----w- c:\programdata\Malwarebytes
2011-08-02 15:06 . 2011-07-06 18:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-02 15:06 . 2011-08-02 15:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-02 15:06 . 2011-07-06 18:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-02 14:08 . 2011-08-02 14:08 -------- d-----w- c:\users\Clive\AppData\Roaming\ATI
2011-08-02 14:08 . 2011-08-02 14:08 -------- d-----w- c:\users\Clive\AppData\Local\ATI
2011-08-02 14:08 . 2011-08-02 14:08 -------- d-----w- c:\programdata\ATI
2011-08-02 14:08 . 2011-08-02 14:08 -------- d-----w- c:\program files\AMD APP
2011-08-02 14:08 . 2011-08-02 14:08 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-08-02 14:04 . 2011-08-02 14:04 -------- d-----w- C:\AMD
2011-08-02 13:47 . 2011-08-02 13:47 -------- d-----w- c:\windows\system32\SPReview
2011-08-02 13:46 . 2011-08-02 13:46 -------- d-----w- c:\windows\system32\EventProviders
2011-08-02 12:06 . 2011-08-02 12:06 -------- d-----w- C:\$AVG
2011-08-02 11:52 . 2011-08-04 01:28 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-02 11:50 . 2011-08-02 11:50 -------- d-----w- c:\program files\AVG
2011-08-02 11:45 . 2011-08-02 11:45 -------- d--h--w- c:\programdata\Common Files
2011-08-02 11:30 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5FD329F-35AD-40D0-B63C-BA99EF6C1BC7}\mpengine.dll
2011-07-27 19:36 . 2011-07-27 19:36 -------- d-----w- c:\users\Clive\AppData\Local\Zachtronics Industries
2011-07-20 02:03 . 2011-07-20 02:03 -------- d-----w- c:\users\Clive\AppData\Local\Cisco
2011-07-20 01:40 . 2011-07-20 01:40 -------- d-----w- c:\program files\Cisco
2011-07-20 01:39 . 2011-07-20 01:39 -------- d-----w- c:\programdata\Cisco
2011-07-12 23:30 . 2011-06-03 05:56 271872 ----a-w- c:\windows\system32\conhost.exe
2011-07-12 23:30 . 2011-06-03 06:01 169984 ----a-w- c:\windows\system32\winsrv.dll
2011-07-12 23:30 . 2011-06-11 02:29 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-11 10:13 . 2011-07-11 10:13 3727360 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2011-07-10 17:21 . 2011-07-10 17:26 -------- d-----w- c:\users\Clive\AppData\Roaming\Wizards of the Coast
2011-07-08 04:14 . 2011-07-08 04:14 8312832 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-07-08 03:33 . 2011-07-08 03:33 17940992 ----a-w- c:\windows\system32\atioglxx.dll
2011-07-08 03:29 . 2011-07-08 03:29 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-08 03:29 . 2011-07-08 03:29 689152 ----a-w- c:\windows\system32\aticfx32.dll
2011-07-08 03:25 . 2011-07-08 03:25 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-08 03:25 . 2011-07-08 03:25 401408 ----a-w- c:\windows\system32\atieclxx.exe
2011-07-08 03:24 . 2011-07-08 03:24 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2011-07-08 03:23 . 2011-07-08 03:23 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-07-08 03:23 . 2011-07-08 03:23 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2011-07-08 03:23 . 2011-07-08 03:23 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-07-08 03:23 . 2011-07-08 03:23 15872 ----a-w- c:\windows\system32\atimuixx.dll
2011-07-08 03:22 . 2011-07-08 03:22 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2011-07-08 03:05 . 2011-07-08 03:05 1828864 ----a-w- c:\windows\system32\atiumdmv.dll
2011-07-08 03:02 . 2011-07-08 03:02 46080 ----a-w- c:\windows\system32\aticalrt.dll
2011-07-08 03:01 . 2011-07-08 03:01 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-07-08 02:58 . 2011-07-08 02:58 6740480 ----a-w- c:\windows\system32\aticaldd.dll
2011-07-08 02:54 . 2011-07-08 02:54 52736 ----a-w- c:\windows\system32\coinst.dll
2011-07-08 02:47 . 2011-07-08 02:47 266240 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-08 02:47 . 2011-07-08 02:47 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-07-08 02:47 . 2011-07-08 02:47 32768 ----a-w- c:\windows\system32\atigktxx.dll
2011-07-08 02:46 . 2011-07-08 02:46 244736 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-07-08 02:46 . 2011-07-08 02:46 31744 ----a-w- c:\windows\system32\atiuxpag.dll
2011-07-08 02:45 . 2011-07-08 02:45 29184 ----a-w- c:\windows\system32\atiu9pag.dll
2011-07-08 02:45 . 2011-07-08 02:45 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-08 02:40 . 2011-07-08 02:40 52736 ----a-w- c:\windows\system32\atimpc32.dll
2011-07-08 02:40 . 2011-07-08 02:40 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2011-07-07 22:37 . 2011-07-07 22:37 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-07 22:37 . 2011-07-07 22:37 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-07 22:36 . 2011-07-07 22:36 13904896 ----a-w- c:\windows\system32\amdocl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-02 13:56 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-19 15:07 . 2010-11-19 15:53 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2011-07-19 15:07 . 2010-11-19 15:53 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2011-07-08 03:19 . 2009-07-13 22:09 4275712 ----a-w- c:\windows\system32\atidxx32.dll
2011-07-08 03:00 . 2009-06-10 21:19 4367360 ----a-w- c:\windows\system32\atiumdag.dll
2011-07-08 02:55 . 2009-07-13 22:09 4039680 ----a-w- c:\windows\system32\atiumdva.dll
2011-06-22 17:01 . 2011-06-22 17:01 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-06-16 02:34 . 2011-06-16 02:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-16 02:34 . 2011-06-16 02:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-05-28 02:53 . 2011-06-16 08:06 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 18:14 . 2010-09-15 15:58 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:44 . 2011-06-29 06:49 293376 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="c:\program files\TTG\Reminder\Reminder.exe" [2009-08-26 3599360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-25 1537320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-26 7723552]
"MDS_Menu"="c:\program files\CyberLink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-07-31 162912]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2010-11-21 274608]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 336384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
c:\users\Clive\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Launch.lnk - c:\windows\Installer\{4A65DAD2-E914-4923-9C2A-81B968A68CE2}\_A685CC3126A7CC37D335DE.exe [2009-9-3 17542]
OSD.lnk - c:\windows\Installer\{73289228-1853-4623-982A-EB17FF0270CA}\_CCB0CAEC2D875359E0C287.exe [2009-9-1 3262]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 136176]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-06-04 166912]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-17 1343400]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2005-11-14 34176]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2011-06-22 53816]
S1 RapportCerberus_29574;RapportCerberus_29574;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus32_29574.sys [2011-08-03 216912]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-06-22 66360]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-06-22 158904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-07-08 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712]
S2 LiveGpdKBFilter;LiveGpdKBFilter; [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-06-22 870200]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-12-17 497856]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-07-08 8312832]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-07-08 244736]
S3 Livekbc;Livekbc; [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 16:28]
.
2011-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-15 16:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 - vpnweb.cab
FF - ProfilePath - c:\users\Clive\AppData\Roaming\Mozilla\Firefox\Profiles\7gpzvs2f.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Veoh Web Player Community Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - %profile%\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\The TechGuys\Launch\Launch.exe
c:\program files\OEM\LIVE! OSD 1.14(AD)\osd.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\sppsvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2011-08-05 17:54:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-05 16:54
ComboFix2.txt 2011-08-04 02:07
.
Pre-Run: 344,797,675,520 bytes free
Post-Run: 344,615,546,880 bytes free
.
- - End Of File - - B41CFBE50721DA65337EE9896C704521


I was able to remove Conduit Engine from Firefox but was only able to disable the two Java extensions. Also, since running the last ComboFix scan, my mouse has stopped working (my laptop's touch pad doesn't work either). The first ComboFix scan removed a number of files associated with Steam and I was just curious if this was intentional or not. :)
 
You have to logs on as Administrator to get full use for removing Firefox addons.

I notice the Steam deletes. Combofix would not have removed the entries unless they were flawed somehow. They appears to be different apps downloaded from Steam. My guess is that there was malware with the downloads. I don't use Steam, but I know that it can be gotten through a torrent download and it's necessary to authenticate every Steam game online, whether purchased via Steam itself or installed via a retail disc, the first time it is played. Is it possible that the apps were a torrent download? Steam is basically digital rights management.

As for the mouse, nothing we've done would have affected it. Please go to the Control Panel> Mouse> check settings for the touchpad and/or external muse if using one. You can also access the Device Manager: Control Panel> System> Hardware tab> Device Manager> check the pointing device entries for error icons:
dialog_warning.png


Did you empty the Java cache as instructed? That's where the malware entries were located.
 
Okay, I have now uninstalled the two Java extensions. I emptied the Java cache when you asked me to.

Steam had been downloaded from it's own website and none of the apps are torrent downloads. All were installed from disc or downloaded through Steam itself.

As for the mouse issue, I went to the Device Manager and both the mouse and the touch pad have the little error icons. I troubleshooted both devices and they appear to be missing drivers. For the touch pad, I'm being directed to download these drivers online, whereas I think I have a disc for the mouse. I havn't downloaded or installed these drivers yet, just in case. Should I? :)
 
Yes, okay to go ahead and download the mouse drivers. But go to the manufacturer's site to get the download.
 
Unfortunately, downloading and installing the mouse drivers does not appear to be the problem. Windows says that the hardware devices can't be used because a registry file was damaged or removed. Are you sure that the second ComboFix scan didn't change any registry files that the mouse might use?
 
I removed this driver> RtsUIR
And the file with it> c:\windows\system32\DRIVERS\Rts516xIR.sys

The entry showed as> R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

The [x] indicates it's not longer used. I could not identify the driver on the Realtek site.

It appears that I made a mistake as this must be the infrared mouse driver. Please download the drive back from here and see if it restores your blind mouse:
Realtek IR Driver(5161)
http://realtek-ir-driver-51611.drivers.informer.com/
Click to expand...

If this was the cause, I apologize for the inconvenience. It was a human mistake.

I did not remove any registry entries. You have 4 Realtek programs running:
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
REALTEK Wireless LAN Driver
 
I'm afraid that there is nowhere to download the driver on the link you posted. Would it not be easier to do a system restore to a time just before the ComboFix scan and proceed to run the scan without deleting the mouse drivers? Alternatively, I could try and find somewhere else to download the driver? :)
 
Sorry- I thought it had a download. But this brings us back to why I removed the driver in the first place. It is not listed on the Realtek site and the [x] indicates it is no longer being used. I don't think this is what stopped the mouse, but let's check the Device Manager again.

Consider that the laptop touchpad and an external mouse don't have the same driver. If you click on the plus sign to the left of "Mouse and other pointing devices" what you you see? For instance, I use the touchpad on my laptop and the device shows Alps Touchpad. This has got to be on the Startup Menu to work.

Check for name of touchpad device. If I do a right click> Properties on the Alps Touchpad> Choose Drivers tab> Click on Driver details> I see the entries for the 3 driver file names.

On my Startup Menu, the touchpad entry is Appoint I see some logs with that entry for Synaptics instead. Same function, different manufactures.

So please look for the information above in the Device Manager. It will give us something more specific to go on.

BTW, the 'can't start due to missing Registry' is a generic message most of the time.

Let me know:
1. If you have the touchpad checked on the Startup Menu.
2. Manufacturer's name.
3. Whether you're using the touchpad or an external mouse.
 
Okay, I have some information. Going into the Device Manager, under "Mouse and other pointing devices" there are 4 entries. The first three have the same name: HID-compliant mouse. They all claim to have the same manufacturer (Microsoft), whereas they have separate locations. The first is located on Razer Abyssus and I think this is my external mouse (given that the device disappears if I unplug it and that the external mouse happens to be a Razer Abyssys mouse). The second is located on Microsoft eHome Infrared Transeiver and the third is located on Virtual HID Minidriver. They all use the same drivers:

C:\Windows\system32\drivers\Livemouclass.sys
C:\Windows\system32\DRIVERS\mouclass.sys
C:\Windows\system32\DRIVERS\mouhid.sys

The last device is called Microsoft PS/2 Mouse. It's manufacturer is apparently also Microsoft. It's location is simply: plugged into PS/2 mouse port. It uses slightly different drivers:

C:\Windows\system32\DRIVERS\i8042prt.sys
C:\Windows\system32\drivers\Livemouclass.sys
C:\Windows\system32\DRIVERS\mouclass.sys

In the Startup Menu, everything is checked but I can see no mention of the four devices in the device manager. The only thing which remotely resembles anything mouse-related is something called razerhid Application with an unknown manufacturer.

You asked if I were using the touchpad or an external mouse. Since the second ComboFix scan, neither the touchpad nor the external mouse have been working. I have been navigating Windows with the keyboard, which is quite challenging. I hope this information helps. :)
 
Please press Fn/F7> make sure this feature is off.

I do not think Combofix had anything to do with this. It is more likely that that malware could have corrupted a driver.

I do find complaints of touchpad/p2p mouse stopping working. But they are brand specific. Please let me know the manufacturer of the computer and what model you have.

You are not going to see those device entries running on Startup. You should see this one:
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Synaptics TouchPad Enhancements Software Used for Secondary and Auxiliary Function of Synaptics TouchPads
Please see this for a description of the entries for Synaptic you may see on the Startup menu:
http://www.sysinfo.org/startuplist.php?filter=syntpenh
.
To check the Startup menu using the msconfig utility:
  • Click on the Windows 7 start icon in the bottom left corner of your screen.
  • Type MSCONFIG in the search box> press enter or double-click on the MSCONFIG program that appears in the search results.
    msconfig_win7_2.gif
  • Click on Selective Startup
  • Click on the Startup tab. You will now see the System Msconfig Utility
    msconfig_win7_4.gif


    Windows 7 loads almost all of Windows' essential programs are loaded through Windows Services. So most of the startup items you see here are optional and can be turned off.
    Important! When in doubt, leave it on-or- use a Startup database to identify a process you are not sure of.
  • Uncheck any process you don't want to start on boot.
  • When finished> click on OK
    Reboot the computer.
  • When you see this message come up: Check 'don't show this message again'> then Restart.
msconfig_win7_5.gif

Images courtesy NetSquirrel

The only processes that need to start on boot are the antivirus program, third party firewall if you have one, touchpad if on laptop and network processes if using third party software for network. Any other entries in this section can be Unchecked.

This does not remove a process or program- it can still be accessed when needed through All Programs. And you can go back at a later time and reset the default programs if needed.
=========================================
I did notice the following device in the DDS log:
Attach.txt: > Disabled Device Manager Items
Class GUID:
Description:
Device ID: ACPI\ENE0100\4&FE887C4&0
Manufacturer:
Name:
PNP Device ID: ACPI\ENE0100\4&FE887C4&0
Service:
Click to expand...

I can't identify the entry but as you can see, information is missing.
=======================================
And I'd like you to describe what you mean by "stopped working."
Is the cursor frozen on the screen?
When you reboot, does it come up and then disappear?
Do you have Control Panel> Mouse set for the touchpad or the mouse?
 
On the laptop I'm using, Fn/F7 just turns the sound down (I think). What am I trying to turn off?

My laptop's manufacturer is Advent. The model is 8555GX.

Going back into Startup, there don't appear to be any entries associated with Synaptics. I found the folder in Program Files and apart from an empty folder named SynTP, there are no files to be found.

By "stopped working", I meant that the cursor is not responsive. It won't move or click on anything. It is, as you put it: "frozen on the screen". When I reboot, it appears in the middle of the screen and just sits there. Looking under "Mouse" in the Control Panel, I don't see anything related to the touchpad or mouse apart from the four devices I mentioned in my last post under the "Hardware" tab.
 
Status
Not open for further replies.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
Kaelkitty
Solved Two problems: tinny music everyday at 4pm, AND a scareware pop-up
2
Replies
45
Views
5K
Broni
Broni
W
Solved HackTool:Wind32/Mailpassview found
Replies
10
Views
5K
Broni
Broni

Latest posts

Back