Hello askey127,
The log you asked for is posted below:
ComboFix 12-09-07.03 - Administrator 09/07/2012 13:32:21.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1977.944 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\zzz.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\msvcr71.dll.int
.
.
((((((((((((((((((((((((( Files Created from 2012-08-07 to 2012-09-07 )))))))))))))))))))))))))))))))
.
.
2012-09-04 14:54 . 2012-09-04 14:54 -------- d-----w- c:\program files\VS Revo Group
2012-09-01 18:37 . 2012-09-01 18:37 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2012-09-01 18:36 . 2012-09-01 18:36 -------- d-----w- c:\program files\Common Files\Adobe
2012-08-31 22:55 . 2012-08-31 22:55 -------- d-----w- c:\documents and settings\Administrator\AppData
2012-08-30 21:42 . 2011-09-28 13:20 40960 ----a-w- c:\windows\system32\SSubTmr6.dll
2012-08-30 21:42 . 2011-09-28 13:20 15360 ----a-w- c:\windows\system32\inetfr.DLL
2012-08-30 21:42 . 2011-09-28 13:20 119568 ----a-w- c:\windows\system32\VB6FR.DLL
2012-08-30 21:42 . 2012-08-30 22:06 -------- d-----w- c:\program files\Free Easy CD DVD Burner
2012-08-30 21:42 . 2012-08-30 21:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\FreeBurner
2012-08-30 21:42 . 2011-09-28 13:20 32768 ----a-w- c:\windows\system32\CMDLGFR.DLL
2012-08-30 21:42 . 2011-09-28 13:20 152848 ----a-w- c:\windows\system32\COMDLG32.OCX
2012-08-30 21:42 . 2011-09-28 13:20 141312 ----a-w- c:\windows\system32\MSCMCFR.DLL
2012-08-30 02:32 . 2012-08-30 02:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2012-08-30 00:44 . 2012-08-30 00:44 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-29 12:20 . 2012-08-29 12:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2012-08-29 12:20 . 2012-08-29 12:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2012-08-29 12:20 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-29 12:20 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-29 12:19 . 2012-08-29 12:19 -------- d-----w- c:\program files\iPod
2012-08-29 12:19 . 2012-08-29 12:20 -------- d-----w- c:\program files\iTunes
2012-08-29 12:19 . 2012-08-29 12:20 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2012-08-29 12:19 . 2012-08-29 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2012-08-29 12:19 . 2012-08-29 12:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple
2012-08-29 12:19 . 2012-08-29 12:19 -------- d-----w- c:\program files\Apple Software Update
2012-08-29 12:19 . 2012-08-29 12:19 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer
2012-08-29 12:18 . 2012-08-29 12:18 -------- d-----w- c:\program files\Bonjour
2012-08-29 12:18 . 2012-08-29 12:19 -------- d-----w- c:\program files\Common Files\Apple
2012-08-29 12:18 . 2012-08-29 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2012-08-20 20:06 . 2012-08-20 20:06 -------- d-----w- c:\program files\SeaMonkey
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-14 23:16 . 2012-05-26 22:52 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-14 23:16 . 2012-05-26 22:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-19 14:26 . 2012-06-19 14:24 16384 ----a-w- c:\windows\system32\lgfwunis.exe
2012-08-30 00:44 . 2012-05-14 11:47 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-04-18 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
[-] 2009-04-18 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-12-11 1044480]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"LGODDFU"="c:\program files\lg_fwupdate\lgfw.exe" [2012-07-24 27760]
"UpdatePSTShortCut"="c:\program files\CyberLink\Media Suite\MUITransfer\MUIStartMenu.exe" [2011-12-15 222504]
"BYR_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2012-03-15 392280]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher\MailWasherPro.exe [2012-6-11 5662536]
Zoom Wireless-N USB.lnk - c:\program files\Zoom Wireless-N USB\Common\RaUI.exe [2011-12-31 1601536]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 15:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 22:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-03-25 08:10 166912 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-03-25 08:10 134656 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-03-25 08:09 136192 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 12:14 PM 24064]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [12/21/2011 8:33 PM 36000]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/21/2011 8:33 PM 86224]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [12/31/2011 8:38 PM 19072]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [12/21/2011 7:51 PM 144480]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [12/21/2011 7:48 PM 36608]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [12/21/2011 8:23 PM 246000]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/26/2012 6:52 PM 250056]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/14/2012 7:47 AM 114144]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 11771443
*NewlyCreated* - TRUESIGHT
*Deregistered* - 11771443
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 23:16]
.
2012-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\s0byu6dm.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.searchnu.com/421FF - prefs.js: keyword.URL -
hxxp://dts.search-results.com/sr?src=ff ... 21&sr=0&q=.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-09-07 13:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1645522239-2111687655-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,19,ce,6e,0f,be,a6,4b,b9,31,2c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,43,19,ce,6e,0f,be,a6,4b,b9,31,2c,\
.
Completion time: 2012-09-07 13:36:38
ComboFix-quarantined-files.txt 2012-09-07 17:36
.
Pre-Run: 55,986,352,128 bytes free
Post-Run: 55,930,826,752 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B0CCD0B099BF737E76F78F310C94AE0F