PC seems to be much the same as before. I tried running windows update, but the updates didnt install fully. "Windows Malicious Software Removal Tool" installed but "Update for Windows XP (KB2443685)" didnt.
I followed your instructions for repairing Avira, but I didnt see a repair function in add/remove programmes. I probably shouldnt have, but I removed Avira and reinstalled it. Sorry if that messes up any of your hard work, hopefully not. After the reinstall, Avira seems to be running fine. I disabled it before running ComboFix, report below.
ComboFix 11-08-02.02 - Owner 04/08/2011 8:04.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.1063 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-04 to 2011-08-04 )))))))))))))))))))))))))))))))
.
.
2011-08-03 20:55 . 2011-06-17 11:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-03 20:55 . 2011-06-17 11:37 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-03 20:55 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-08-03 20:55 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-08-03 20:55 . 2011-08-03 20:55 -------- d-----w- c:\program files\Avira
2011-08-03 20:55 . 2011-08-03 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-08-02 21:12 . 2008-04-13 23:51 162816 -c--a-w- c:\windows\system32\dllcache\netbt.sys
2011-08-02 21:12 . 2008-04-13 23:51 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-07-30 21:22 . 2011-07-30 21:22 -------- d-----w- C:\_OTL
2011-07-30 21:17 . 2011-07-30 21:17 -------- d-----w- c:\program files\ERUNT
2011-07-07 20:39 . 2011-07-07 20:39 -------- d-----w- c:\program files\Common Files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 18:52 . 2011-05-19 16:54 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52 . 2011-05-19 16:54 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-06 09:23 . 2011-06-06 09:23 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:02 . 2009-01-22 07:42 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-06-25 22:23 . 2011-05-10 07:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-02_21.36.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-03 20:55 . 2010-06-17 14:27 28520 c:\windows\system32\drivers\ssmdrv.sys
- 2009-08-19 12:16 . 2010-06-17 15:27 28520 c:\windows\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-03 202256]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2009-10-14 303104]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [24/01/2010 12:53 691696]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [03/08/2011 21:55 136360]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [19/05/2011 17:54 41272]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [18/02/2009 20:55 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [18/02/2009 20:56 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [18/02/2009 20:56 107304]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [19/06/2007 07:51 97704]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SSMDRV
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
2011-08-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-746137067-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
2011-07-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-746137067-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.facebook.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3vrrmn6r.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 53717
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: browser.startup.homepage - hxxps://www.facebook.com
FF - user.js: browser.startup.page - 1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-04 08:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-746137067-839522115-1003\Software\Zepter Software\RegLib*f039ec0d\AnyDVD/1]
"1"=dword:4450278b
"2"=dword:4475df29
.
Completion time: 2011-08-04 08:21:21
ComboFix-quarantined-files.txt 2011-08-04 07:21
ComboFix2.txt 2011-08-02 21:46
.
Pre-Run: 14,716,846,080 bytes free
Post-Run: 14,755,233,792 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 216820ACAE51BAA3FDA242055044E954
------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7373
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
04/08/2011 08:41:30
mbam-log-2011-08-04 (08-41-30).txt
Scan type: Quick scan
Objects scanned: 149447
Time elapsed: 4 minute(s), 15 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)