Hey SuperDave, thanks for the help, it's much appreciated :)
Here are the logs:
Jotti's malware scan:
http://virusscan.jotti.org/en/scanresult/881307b60f1b30b78bf33ba9032e1ecc0a90038f/c2d701a133ebd31717b37c2de07eb476347064ee------------------
ComboFix log:
ComboFix 10-09-17.04 - Svein Rune 19.09.2010 15:48:40.1.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.256.39 [GMT 2:00]
Running from: c:\documents and settings\Svein Rune\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\winnt\system\msvbvm60.dll
c:\winnt\system32\msconfig.exe
c:\winnt\Web\default.htt
C:\xcrashdump.dat
Infected copy of c:\winnt\system32\userinit.exe was found and disinfected
Restored copy from - c:\winnt\ServicePackFiles\i386\userinit.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SVCHOST32
((((((((((((((((((((((((( Files Created from 2010-08-19 to 2010-09-19 )))))))))))))))))))))))))))))))
.
2010-09-19 14:04 . 2010-09-19 14:04 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_260.dat
2010-09-14 20:39 . 2010-09-14 20:39 -------- d-----w- c:\program files\Trend Micro
2010-09-13 22:13 . 2010-09-13 22:13 -------- d-----w- c:\documents and settings\Svein Rune\Application Data\SUPERAntiSpyware.com
2010-09-13 22:13 . 2010-09-13 22:13 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\SUPERAntiSpyware.com
2010-09-13 22:12 . 2010-09-13 22:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-12 17:45 . 2010-09-12 17:45 -------- d-----w- c:\documents and settings\Svein Rune\Application Data\Avira
2010-09-12 17:11 . 2010-04-01 11:05 122768 ----a-w- c:\winnt\system32\drivers\avipbb.sys
2010-09-12 17:11 . 2009-05-11 10:49 64488 ----a-w- c:\winnt\system32\drivers\avgntdd.sys
2010-09-12 17:11 . 2009-05-11 10:49 18520 ----a-w- c:\winnt\system32\drivers\avgntmgr.sys
2010-09-12 17:11 . 2010-09-12 17:11 -------- d-----w- c:\program files\Avira
2010-09-12 17:11 . 2010-09-12 17:11 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\Avira
2010-09-11 15:33 . 2010-09-11 15:33 -------- d-----w- c:\program files\CCleaner
2010-09-05 22:03 . 2010-09-05 22:03 -------- d-----w- c:\documents and settings\Svein Rune\Application Data\Malwarebytes
2010-09-05 22:02 . 2010-04-29 13:39 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2010-09-05 22:02 . 2010-09-05 22:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-05 22:02 . 2010-09-05 22:02 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\Malwarebytes
2010-09-05 22:02 . 2010-04-29 13:39 19288 ----a-w- c:\winnt\system32\drivers\mbam.sys
1601-01-01 00:00 . 1601-01-01 00:00 0 ----atw- c:\winnt\system32\Perflib_Perfdata_324.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 22:50 . 2009-07-15 21:00 -------- d-----w- c:\program files\Opera 10 Beta
2010-09-17 22:42 . 2010-09-17 22:43 1368443 ----a-w- c:\documents and settings\All Users.WINNT\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescript.dll
2010-09-17 22:41 . 2010-09-17 22:43 631156 ----a-w- c:\documents and settings\All Users.WINNT\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aerdl.dll
2010-09-17 22:41 . 2010-09-17 22:43 471413 ----a-w- c:\documents and settings\All Users.WINNT\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aepack.dll
2010-09-17 22:41 . 2010-09-17 22:43 2916727 ----a-w- c:\documents and settings\All Users.WINNT\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeheur.dll
2010-09-17 22:41 . 2010-09-17 22:43 401780 ----a-w- c:\documents and settings\All Users.WINNT\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aegen.dll
2010-09-14 20:39 . 2010-09-14 20:39 388096 ----a-r- c:\documents and settings\Svein Rune\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-14 19:28 . 2004-10-24 04:58 -------- d---a-w- c:\program files\Java
2010-09-13 22:17 . 2010-09-13 22:17 63488 ----a-w- c:\documents and settings\Svein Rune\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-13 22:16 . 2010-09-13 22:16 52224 ----a-w- c:\documents and settings\Svein Rune\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-13 22:16 . 2010-09-13 22:16 117760 ----a-w- c:\documents and settings\Svein Rune\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-12 17:39 . 2010-09-17 22:43 254324 ----a-w- c:\documents and settings\All Users.WINNT\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aesbx.dll
2010-09-12 17:39 . 2010-09-17 22:43 106868 ----a-w- c:\documents and settings\All Users.WINNT\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aevdf.dll
2010-09-12 17:39 . 2010-09-17 22:43 127347 ----a-w- c:\documents and settings\All Users.WINNT\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aescn.dll
2010-09-12 17:39 . 2010-09-17 22:43 201081 ----a-w- c:\documents and settings\All Users.WINNT\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeoffice.dll
2010-09-12 17:39 . 2010-09-17 22:43 242038 ----a-w- c:\documents and settings\All Users.WINNT\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aehelp.dll
2010-09-12 17:39 . 2010-09-17 22:43 393588 ----a-w- c:\documents and settings\All Users.WINNT\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aeemu.dll
2010-09-12 17:39 . 2010-09-17 22:43 192887 ----a-w- c:\documents and settings\All Users.WINNT\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aecore.dll
2010-09-12 17:39 . 2010-09-17 22:43 53618 ----a-w- c:\documents and settings\All Users.WINNT\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\VALIDATION\aebb.dll
2010-09-11 16:29 . 2004-10-24 04:58 -------- d-----w- c:\program files\Common Files\Java
2010-09-11 15:57 . 2004-10-27 22:30 -------- d-----w- c:\program files\DivX
2010-09-11 15:56 . 2005-03-06 04:59 -------- d-----w- c:\documents and settings\Svein Rune\Application Data\Lavasoft
2010-09-11 15:48 . 2009-09-10 23:43 -------- d-----w- c:\documents and settings\Svein Rune\Application Data\Media Player Classic
2010-09-05 16:49 . 2004-10-24 06:33 -------- d-----w- c:\program files\ElastoMania Multi
2010-09-04 22:59 . 2006-02-15 22:03 -------- d-----w- c:\program files\ElastoMania Online
2010-09-03 21:25 . 2007-08-04 01:33 -------- d-----w- c:\documents and settings\Svein Rune\Application Data\uTorrent
2010-08-29 18:31 . 2009-11-20 23:33 -------- d-----w- c:\documents and settings\All Users.WINNT\Application Data\Soulseek
2010-08-29 17:02 . 2004-10-25 19:32 -------- d-----w- c:\program files\Soulseek
2010-08-22 12:13 . 2009-11-04 21:04 -------- d-----w- c:\documents and settings\Svein Rune\Application Data\vlc
2010-08-13 19:16 . 2010-08-13 19:16 503808 ----a-w- c:\documents and settings\Svein Rune\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-26ea5983-n\msvcp71.dll
2010-08-13 19:16 . 2010-08-13 19:16 499712 ----a-w- c:\documents and settings\Svein Rune\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-26ea5983-n\jmc.dll
2010-08-13 19:16 . 2010-08-13 19:16 348160 ----a-w- c:\documents and settings\Svein Rune\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-26ea5983-n\msvcr71.dll
2010-08-13 19:16 . 2010-08-13 19:16 61440 ----a-w- c:\documents and settings\Svein Rune\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-515228b6-n\decora-sse.dll
2010-08-13 19:16 . 2010-08-13 19:16 12800 ----a-w- c:\documents and settings\Svein Rune\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-515228b6-n\decora-d3d.dll
2010-07-17 03:00 . 2010-04-19 21:15 423656 ----a-w- c:\winnt\system32\deployJava1.dll
2004-10-24 01:19 . 2004-10-24 01:19 21952 ---h--w- c:\program files\folder.htt
2004-03-11 11:27 . 2005-05-25 12:57 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
------- Sigcheck -------
[-] 2002-11-26 17:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll
[-] 2004-07-09 02:27 . 3120F6D2AB10CDF242EDE54052A8BE47 . 1689600 . . [ERROR: 0x0] . . c:\winnt\system32\d3d9.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2001-05-08 20752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111376]
"EnsoniqMixer"="c:\winnt\SYSTEM32\starter.exe" [2001-10-04 32768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [2001-05-08 20752]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]
c:\documents and settings\Svein Rune\Start Menu\Programs\Startup\
Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2003-10-4 49152]
c:\documents and settings\All Users.WINNT\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
GConfig.lnk - c:\program files\WLAN\GConfig\GConfig.exe [2004-10-24 409600]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
2005-04-26 18:30 851968 ----a-w- c:\program files\FileZilla Server\FileZilla Server Interface.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2004-04-06 17:36 1298542 ------w- c:\program files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\winnt\system32\NeroCheck.exe
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.02.2010 20:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10.05.2010 20:41 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12.09.2010 19:11 135336]
R3 RT2500PCI;802.11g Wireless LAN PCI;c:\winnt\system32\drivers\RT2500.sys [24.10.2004 03:40 156032]
R3 S3SAVAGE4;S3SAVAGE4;c:\winnt\system32\drivers\s3savg4m.sys [09.06.2006 19:49 84704]
R3 Winacpci;Winacpci;c:\winnt\system32\drivers\winacpci.sys [24.10.2004 05:04 602128]
S3 S3Inc;S3Inc;c:\winnt\system32\drivers\s3sav4m.sys [24.10.2004 05:04 65072]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
LSP: %SystemRoot%\system32\msafd.dll
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-RemoteControl - c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-09-19 16:07
Windows 5.0.2195 Service Pack 4 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
EnsoniqMixer = c:\winnt\SYSTEM32\starter.exe????^????P????????????????????w?;?w????????v&uq??????????????P??????????????????^?????????????????@??????vq@&qq????4??????w????????????????????????d???#5?w?%uq??????????????????P?????????????? ???????9?w??P????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(196)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
- - - - - - - > 'explorer.exe'(1028)
c:\winnt\system32\SHDOCVW.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\winnt\system32\drivers\CDAC11BA.EXE
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\winnt\system32\regsvc.exe
c:\winnt\system32\MSTask.exe
c:\winnt\System32\WBEM\WinMgmt.exe
c:\winnt\system32\internat.exe
.
**************************************************************************
.
Completion time: 2010-09-19 16:20:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-19 14:20
Pre-Run: 299 106 304 bytes free
Post-Run: 344 444 928 bytes free
- - End Of File - - 42DF7CBC0F9571E4D45B134184323574
---------------------------
SecurityCheck log:
Results of screen317's Security Check version 0.99.5
Windows 2000 Service Pack 4
Internet Explorer 6
Out of date! ``````````````````````````````
Antivirus/Firewall Check: Avira AntiVir Personal - Free Antivirus
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Adobe Flash Player 10.0.42.34
Adobe Reader 7.0
Out of date Adobe Reader installed! ````````````````````````````````
Process Check:
objlist.exe by Laurent Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check: nslookup.exe missing! GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log```````````` ----------------------------------------------------------------------------------------
By the way, your instructions for
Security Check by screen317 should probably be updated, as the file downloaded is SecurityCheck.exe, not SecurityCheck.zip. I would also like to add that my browser of choice is Opera (version 10.62 installed), IE is pretty much never used.