Inactive [InActive] can't run virus scan, mbam will not install

Jepinto · 2010/12/19

Problems also includde redirects. ATF willnot install.

Gmer log
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-19 12:50:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 TOSHIBA_MK6034GAX rev.AC101A
Running: 22lbcoc3.exe; Driver: C:\DOCUME~1\jennie\LOCALS~1\Temp\agxoafoc.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior; TDL4 <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 117209984 (+255): rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 86EE4292
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T1L0-c 86EE4292

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskTOSHIBA_MK6034GAX_______________________AC101A__#5&15fb9f7d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [MANUAL] vbmac2c9 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

mber log
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 134):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0x868B0000 \WINDOWS\system32\KDCOM.DLL
0xF7A20000 \WINDOWS\system32\BOOTVID.dll
0xF75BD000 ACPI.sys
0xF7B0C000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF75AC000 pci.sys
0xF760C000 isapnp.sys
0xF761C000 ohci1394.sys
0xF762C000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7A24000 compbatt.sys
0xF7A28000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7BD4000 pciide.sys
0xF788C000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF758E000 pcmcia.sys
0xF763C000 MountMgr.sys
0xF756F000 ftdisk.sys
0xF7A2C000 ACPIEC.sys
0xF7BD5000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7894000 PartMgr.sys
0xF764C000 VolSnap.sys
0xF7557000 atapi.sys
0xF765C000 disk.sys
0xF766C000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7537000 fltmgr.sys
0xF7525000 sr.sys
0xF7A30000 MrFilter.sys
0xF750E000 KSecDD.sys
0xF7481000 Ntfs.sys
0xF7454000 NDIS.sys
0xF7429000 VVBackd5.sys
0xF740F000 Mup.sys
0xF770C000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF780C000 \SystemRoot\System32\Drivers\vbmac2c9.SYS
0xF781C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF720A000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF71F6000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF71CE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7071000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xF705A000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF792C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7036000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7934000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF782C000 \SystemRoot\system32\DRIVERS\EMS7SK.sys
0xF7022000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF783C000 \SystemRoot\system32\DRIVERS\ESD7SK.sys
0xF7AC4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF784C000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF793C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7944000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF785C000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF786C000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF787C000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6FFF000 \SystemRoot\system32\DRIVERS\ks.sys
0xF794C000 \SystemRoot\system32\DRIVERS\rdsdrvdm.sys
0xF7D1D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF76CC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7ACC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6FE8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76DC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76EC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF795C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6FD7000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76FC000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7964000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF796C000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF771C000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B34000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6EB1000 \SystemRoot\system32\DRIVERS\update.sys
0xF7ADC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF772C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xAA36F000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA34B000 \SystemRoot\system32\drivers\portcls.sys
0xF775C000 \SystemRoot\system32\drivers\drmk.sys
0xAA238000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0xF7B3E000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7974000 \SystemRoot\System32\Drivers\Modem.SYS
0xF777C000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B46000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CD3000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B48000 \SystemRoot\System32\Drivers\Beep.SYS
0xF799C000 \SystemRoot\System32\drivers\vga.sys
0xF7B4A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B4C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79A4000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79AC000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF73CF000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA1B5000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA15C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA143000 \SystemRoot\System32\Drivers\avgtdix.sys
0xAA11B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA0F9000 \SystemRoot\System32\drivers\afd.sys
0xF778C000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF79BC000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xAA0D3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF779C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA0A8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA038000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF77AC000 \SystemRoot\System32\Drivers\Fips.SYS
0xF77BC000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xA9F72000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7A0C000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xA9F21000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF79D4000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF6FC3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF767C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF79DC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF6FBF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF79E4000 \SystemRoot\system32\DRIVERS\point32.sys
0xF7B5E000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xA9ED5000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xA9EBD000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B62000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xAA1D0000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7A14000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D17000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF021000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF043000 \SystemRoot\System32\ialmdev5.DLL
0xBF07E000 \SystemRoot\System32\ialmdd5.DLL
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xA7E4D000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xAA008000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xA7E62000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA7BA0000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA7AD0000 \SystemRoot\system32\DRIVERS\srv.sys
0xA74BA000 \SystemRoot\system32\drivers\wdmaud.sys
0xF77FC000 \SystemRoot\system32\drivers\sysaudio.sys
0xA716C000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA703B000 \SystemRoot\System32\Drivers\HTTP.sys
0xA6E08000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 39):
0 System Idle Process
4 System
480 C:\WINDOWS\system32\smss.exe
528 csrss.exe
552 C:\WINDOWS\system32\winlogon.exe
600 C:\WINDOWS\system32\services.exe
612 C:\WINDOWS\system32\lsass.exe
628 \Device\svchost.exe
808 C:\WINDOWS\system32\svchost.exe
860 svchost.exe
904 C:\WINDOWS\system32\svchost.exe
976 svchost.exe
1096 svchost.exe
1288 C:\WINDOWS\system32\spoolsv.exe
1368 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1432 svchost.exe
1572 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1592 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
1636 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
1700 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1920 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1968 C:\WINDOWS\system32\svchost.exe
2000 C:\Program Files\Support.com EasySupport\esService.exe
124 C:\Program Files\AVG\AVG8\avgrsx.exe
144 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
368 C:\PROGRA~1\AVG\AVG8\avgemc.exe
392 C:\WINDOWS\system32\wuauclt.exe
1472 C:\Program Files\AVG\AVG8\avgcsrvx.exe
2184 alg.exe
2748 C:\WINDOWS\explorer.exe
2964 C:\Program Files\Support.com EasySupport\escont.exe
3020 C:\PROGRA~1\AVG\AVG8\avgtray.exe
3032 C:\Program Files\QuickTime\qttask.exe
3048 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3060 C:\WINDOWS\system32\ctfmon.exe
3580 C:\Program Files\Internet Explorer\iexplore.exe
3872 C:\Program Files\Windows Live\Toolbar\wltuser.exe
460 C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
1512 C:\Documents and Settings\jennie\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK6034GAX, Rev: AC101A

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

DDS (Ver_10-12-12.02) - NTFSx86
Run by jennie at 13:12:20.14 on Sun 12/19/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.492 [GMT -5:00]

AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

"\\.\globalroot\Device\svchost.exe\svchost.exe "
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Support.com EasySupport\esService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Support.com EasySupport\escont.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Documents and Settings\jennie\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = hxxp://quicktimepro.apple.com/?country=US&language=en&productName=QuickTime7&operatingSystem=Windows&osVersion=05010200&qtVersion=07138000&cid=AOSA10000026883
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80116&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80116
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: : {db35c569-5624-4cfc-8043-e5139f55a073} - c:\progra~1\crawler\shared\CShared.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {3671B2E1-A8FD-4371-A1F1-B46ACC0F7AA9} - rundll32.exe "c:\documents and settings\user\application data\bitrix security\pbczjhp56.dll ", DllUnrer

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jennie\applic~1\mozilla\firefox\profiles\dmbjtv8o.default\

============= SERVICES / DRIVERS ===============

R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [2007-9-15 14080]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBackd5.sys [2007-5-8 180074]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-12-19 11608]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-22 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-22 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-22 108552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-19 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-19 267944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-24 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-24 297752]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-19 61960]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-26 54752]
R2 Support.com EasySupport;Support.com EasySupport;c:\program files\support.com easysupport\esService.exe [2010-12-11 742808]
R3 rdsdrvdm;rdsdrvdm;c:\windows\system32\drivers\rdsdrvdm.sys [2010-1-29 27648]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-11-6 517448]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\drivers\ssmirrdr.sys [2010-7-21 10112]
S3 ssrangdr;ssrangdr;c:\windows\system32\drivers\ssrangdr.sys [2009-9-29 2560]

=============== Created Last 30 ================

2010-12-19 18:01:00 -------- d-----w- c:\docume~1\jennie\applic~1\Avira
2010-12-19 17:54:27 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-19 17:54:26 -------- d-----w- c:\program files\Avira
2010-12-19 17:54:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-12-19 17:42:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-19 17:42:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-19 17:42:48 -------- d-----w- c:\program files\5643
2010-12-19 17:39:52 -------- d-----w- c:\docume~1\jennie\applic~1\Malwarebytes
2010-12-19 17:16:55 82944 ----a-w- c:\windows\sed.exe
2010-12-19 17:16:55 77312 ----a-w- c:\windows\mbr.exe
2010-12-19 17:16:55 278016 ----a-w- c:\windows\swreg.exe
2010-12-19 16:18:34 -------- d-----w- c:\program files\CCleaner
2010-12-19 16:09:23 -------- d-----w- c:\program files\getrid

==================== Find3M ====================

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK6034GAX rev.AC101A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-4

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86F80446]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86f86504]; MOV EAX, [0x86f86580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x86FDFAB8]
3 CLASSPNP[0xF766CFD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\00000076[0x86F059E8]
5 ACPI[0xF75C3620] -> nt!IofCallDriver[0x804E13B9] -> [0x86F05D98]
\Driver\atapi[0x86F08398] -> IRP_MJ_CREATE -> 0x86F80446
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-4 -> \??\IDE#DiskTOSHIBA_MK6034GAX_______________________AC101A__#5&15fb9f7d&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x86F80292
user != kernel MBR !!!
copy of MBR has been found in sector 1 !
sectors 117210238 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 13:14:08.07 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/8/2007 11:50:29 PM
System Uptime: 12/19/2010 1:06:11 PM (0 hours ago)

Motherboard: COMPAL | | HEL8X
Processor: Intel(R) Celeron(R) M CPU 410 @ 1.46GHz | U2E1 | 1463/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 29 GiB total, 14.079 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP90: 7/4/2010 4:09:18 PM - System Checkpoint
RP91: 7/5/2010 5:59:16 PM - System Checkpoint
RP92: 7/8/2010 10:30:44 AM - System Checkpoint
RP93: 7/9/2010 10:45:44 AM - Avg8 Update
RP94: 7/9/2010 10:47:09 AM - Avg8 Update
RP95: 7/15/2010 12:39:18 PM - Software Distribution Service 3.0
RP96: 7/17/2010 3:55:33 PM - System Checkpoint
RP97: 7/19/2010 2:21:31 PM - System Checkpoint
RP98: 7/22/2010 3:00:37 PM - System Checkpoint
RP99: 7/29/2010 3:38:06 PM - System Checkpoint
RP100: 7/31/2010 11:05:57 AM - System Checkpoint
RP101: 8/4/2010 7:05:01 PM - Software Distribution Service 3.0
RP102: 8/9/2010 7:52:19 PM - System Checkpoint
RP103: 8/11/2010 11:10:40 PM - Software Distribution Service 3.0
RP104: 8/17/2010 3:16:02 PM - System Checkpoint
RP105: 8/23/2010 11:22:05 PM - System Checkpoint
RP106: 8/31/2010 12:13:31 PM - System Checkpoint
RP107: 9/1/2010 1:06:30 PM - System Checkpoint
RP108: 9/3/2010 6:49:49 PM - System Checkpoint
RP109: 9/5/2010 12:43:48 PM - System Checkpoint
RP110: 9/6/2010 6:06:41 PM - System Checkpoint
RP111: 9/7/2010 7:32:10 PM - System Checkpoint
RP112: 9/8/2010 5:08:16 AM - Software Distribution Service 3.0
RP113: 9/8/2010 8:50:22 AM - Avg8 Update
RP114: 9/11/2010 10:30:11 AM - Avg8 Update
RP115: 9/15/2010 4:24:41 PM - Software Distribution Service 3.0
RP116: 9/24/2010 1:47:21 PM - System Checkpoint
RP117: 9/28/2010 11:35:23 AM - System Checkpoint
RP118: 9/28/2010 4:50:34 PM - Software Distribution Service 3.0
RP119: 11/5/2010 6:59:49 PM - Software Distribution Service 3.0
RP120: 11/6/2010 1:02:14 PM - Avg8 Update
RP121: 11/6/2010 1:04:30 PM - Avg8 Update
RP122: 11/11/2010 3:52:10 PM - Software Distribution Service 3.0
RP123: 11/18/2010 3:02:25 PM - System Checkpoint
RP124: 12/19/2010 1:00:26 PM - Removed AVG Free 8.5

==== Installed Programs ======================

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
AiO_Scan
Antivirus 2010
Apple Software Update
AVG Free 8.5
Avira AntiVir Personal - Free Antivirus
Bonjour
CCleaner
Crawler Smileys
Enterprise
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP PSC & Officejet 4.7 Corporate Edition
Intel(R) Graphics Media Accelerator Driver
Junk Mail filter update
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft IntelliPoint 6.1
Microsoft Money 2006
Microsoft Office Live Add-in 1.3
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Word 2002
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (3.5.13)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero Suite
PowerDVD
QFolder
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RestoreIT!
Roxio EasyWrite Reader
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Sidewalker
Skype web features
Skypeâ„¢ 4.1
Spybot - Search & Destroy
Support.com EasySupport
Support.com Solutions Toolkit
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB955759)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
Works Upgrade
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager

==== Event Viewer Messages From Past Week ========

12/19/2010 12:53:38 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
12/19/2010 12:53:38 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\jennie\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
12/19/2010 12:53:38 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
12/19/2010 12:31:33 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: Access is denied.
12/19/2010 12:05:02 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/19/2010 11:54:00 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
12/19/2010 11:48:48 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 Fips intelppm
12/19/2010 11:48:20 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/19/2010 11:47:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments " " in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
12/19/2010 11:47:24 AM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.

==== End Of File ===========================

Jepinto · 2010/12/19

additional problems:

can't uninstall AVG 8.5, can't uninstall AntiVirus 2010. Trying to reopen progrms after failure, i.e., mbam, say insufficent privileges

broni · 2010/12/19

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==============================================================

You left this topic in the middle of cleaning process: http://www.windowsbbs.com/malware-v...artup-slow-internet-general-sluggishness.html
If it happens again, you may not be able to receive any more help in malware forum.

===============================================================

You're infected with a rootkit...

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Jepinto · 2010/12/19

2010/12/19 16:40:12.0375 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2010/12/19 16:40:12.0375 ================================================================================
2010/12/19 16:40:12.0375 SystemInfo:
2010/12/19 16:40:12.0375
2010/12/19 16:40:12.0375 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/19 16:40:12.0375 Product type: Workstation
2010/12/19 16:40:12.0375 ComputerName: AF11A606ED794D4
2010/12/19 16:40:12.0375 UserName: jennie
2010/12/19 16:40:12.0375 Windows directory: C:\WINDOWS
2010/12/19 16:40:12.0375 System windows directory: C:\WINDOWS
2010/12/19 16:40:12.0375 Processor architecture: Intel x86
2010/12/19 16:40:12.0375 Number of processors: 1
2010/12/19 16:40:12.0375 Page size: 0x1000
2010/12/19 16:40:12.0375 Boot type: Normal boot
2010/12/19 16:40:12.0375 ================================================================================
2010/12/19 16:40:12.0890 Initialize success
2010/12/19 16:40:17.0312 ================================================================================
2010/12/19 16:40:17.0312 Scan started
2010/12/19 16:40:17.0312 Mode: Manual;
2010/12/19 16:40:17.0312 ================================================================================
2010/12/19 16:40:19.0125 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/19 16:40:19.0187 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/12/19 16:40:19.0265 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/19 16:40:19.0359 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/19 16:40:19.0484 AgereSoftModem (c41a5740468d0b9cb46e6390a0e15ce3) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2010/12/19 16:40:19.0796 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/19 16:40:19.0937 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/19 16:40:19.0984 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/19 16:40:20.0062 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/19 16:40:20.0140 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/19 16:40:20.0468 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/12/19 16:40:20.0593 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/12/19 16:40:20.0656 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/12/19 16:40:20.0718 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/12/19 16:40:20.0781 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/12/19 16:40:20.0843 avipbb (7cefb5eca1f711d0ab996c98b38a2d5a) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/12/19 16:40:21.0015 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/19 16:40:21.0109 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/19 16:40:21.0171 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/12/19 16:40:21.0250 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/19 16:40:21.0312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/19 16:40:21.0359 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/19 16:40:21.0484 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/19 16:40:21.0562 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/19 16:40:21.0734 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/19 16:40:21.0828 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/19 16:40:21.0890 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/19 16:40:21.0984 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/19 16:40:22.0078 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/19 16:40:22.0187 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/19 16:40:22.0265 EMSCR (01857b94bd3f8c99188862d026c925c0) C:\WINDOWS\system32\DRIVERS\EMS7SK.sys
2010/12/19 16:40:22.0375 ESDCR (5983f3f91487c2a2a514c17245a0e25d) C:\WINDOWS\system32\DRIVERS\ESD7SK.sys
2010/12/19 16:40:22.0453 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/19 16:40:22.0500 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/19 16:40:22.0640 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/19 16:40:22.0687 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/19 16:40:22.0750 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/19 16:40:22.0843 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2010/12/19 16:40:22.0906 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/19 16:40:22.0968 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/19 16:40:23.0031 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/19 16:40:23.0125 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/19 16:40:23.0171 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/19 16:40:23.0265 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/12/19 16:40:23.0312 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/12/19 16:40:23.0359 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/12/19 16:40:23.0437 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/19 16:40:23.0640 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/19 16:40:23.0765 ialm (0f0194c4b635c10c3f785e4fee52d641) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2010/12/19 16:40:23.0843 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/19 16:40:24.0140 IntcAzAudAddService (284bcb80391783d328a8d8163e97fd58) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/12/19 16:40:24.0375 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/19 16:40:24.0421 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/19 16:40:24.0484 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/19 16:40:24.0562 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/19 16:40:24.0625 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/19 16:40:24.0671 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/19 16:40:24.0765 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/19 16:40:24.0812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/19 16:40:24.0859 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/19 16:40:24.0906 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/19 16:40:25.0000 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/19 16:40:25.0062 Ktp (85f2d0b638d6364653de992b9a370fe8) C:\WINDOWS\system32\DRIVERS\Ktp.sys
2010/12/19 16:40:25.0187 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2010/12/19 16:40:25.0312 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2010/12/19 16:40:25.0406 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/19 16:40:25.0468 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/19 16:40:25.0500 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/19 16:40:25.0546 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/19 16:40:25.0609 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/19 16:40:25.0750 MREMP50 (80b2ec735495823ae5771a5f603e73bd) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2010/12/19 16:40:25.0828 MRESP50 (37d7c22f7e26da90e2d2d260e5d27846) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2010/12/19 16:40:25.0968 MrFilter (1b6fa84049b24dfeac99dbed7f861e4c) C:\WINDOWS\system32\drivers\MrFilter.sys
2010/12/19 16:40:26.0046 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/19 16:40:26.0156 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/19 16:40:26.0203 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/19 16:40:26.0250 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/19 16:40:26.0375 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/19 16:40:26.0421 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/19 16:40:26.0484 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/19 16:40:26.0546 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/12/19 16:40:26.0593 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/19 16:40:26.0656 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/12/19 16:40:26.0781 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/19 16:40:26.0890 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/12/19 16:40:27.0140 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/19 16:40:27.0203 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/19 16:40:27.0250 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/19 16:40:27.0296 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/19 16:40:27.0343 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/19 16:40:27.0390 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/19 16:40:27.0500 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/19 16:40:27.0562 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/19 16:40:27.0656 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/19 16:40:27.0734 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/19 16:40:27.0796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/19 16:40:27.0828 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/19 16:40:27.0875 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/19 16:40:27.0937 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/19 16:40:28.0046 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/19 16:40:28.0078 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/19 16:40:28.0140 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/19 16:40:28.0218 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/19 16:40:28.0250 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2010/12/19 16:40:28.0625 PID_PEPI (4bb5ac2dd485b8eefccb977ee66a68ad) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2010/12/19 16:40:28.0843 Point32 (dcdf0421a1c14f2923e298a30fd7636d) C:\WINDOWS\system32\DRIVERS\point32.sys
2010/12/19 16:40:28.0921 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/19 16:40:28.0968 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/19 16:40:29.0031 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/19 16:40:29.0250 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/19 16:40:29.0296 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/19 16:40:29.0359 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/19 16:40:29.0468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/19 16:40:29.0515 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/19 16:40:29.0609 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/19 16:40:29.0687 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/19 16:40:29.0781 rdsdrvdm (35045bc673e74fe0e8aa89bc16d50fbb) C:\WINDOWS\system32\DRIVERS\rdsdrvdm.sys
2010/12/19 16:40:29.0812 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/19 16:40:29.0968 RTLE8023xp (098de621085d7f922871a99b0ec7ddd6) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/12/19 16:40:30.0046 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/12/19 16:40:30.0109 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/19 16:40:30.0187 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/19 16:40:30.0281 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/12/19 16:40:30.0421 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/12/19 16:40:30.0484 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/12/19 16:40:30.0609 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/12/19 16:40:30.0718 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/19 16:40:30.0765 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/19 16:40:30.0843 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/19 16:40:30.0968 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/12/19 16:40:31.0046 ssmirrdr (f843301bdadb2728822c83413ef5f132) C:\WINDOWS\system32\DRIVERS\ssmirrdr.sys
2010/12/19 16:40:31.0125 ssrangdr (f87737d83b965efa765117051e3b9d0c) C:\WINDOWS\system32\DRIVERS\ssrangdr.sys
2010/12/19 16:40:31.0187 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/12/19 16:40:31.0265 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/19 16:40:31.0296 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/19 16:40:31.0546 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/19 16:40:31.0671 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/19 16:40:31.0750 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/19 16:40:31.0781 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/19 16:40:31.0812 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/19 16:40:31.0937 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/19 16:40:32.0046 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/19 16:40:32.0203 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/19 16:40:32.0265 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/19 16:40:32.0296 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/19 16:40:32.0390 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/12/19 16:40:32.0421 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/19 16:40:32.0453 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/19 16:40:32.0484 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/19 16:40:32.0500 Suspicious service (NoAccess): vbmac2c9
2010/12/19 16:40:32.0625 vbmac2c9 (0da8a2862d3ff0c2189afed41ec6d898) C:\WINDOWS\system32\drivers\vbmac2c9.sys
2010/12/19 16:40:32.0625 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\vbmac2c9.sys. md5: 0da8a2862d3ff0c2189afed41ec6d898
2010/12/19 16:40:32.0625 vbmac2c9 - detected Locked service (1)
2010/12/19 16:40:32.0703 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/19 16:40:32.0781 VMnetAdapter (fdfd74ab4d0f27b5d062c2a39cbb6d54) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
2010/12/19 16:40:32.0843 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/19 16:40:32.0906 VVBackd5 (acaccdbb768b778f36fc3614c4980b46) C:\WINDOWS\system32\drivers\VVBackd5.sys
2010/12/19 16:40:33.0015 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2010/12/19 16:40:33.0171 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/19 16:40:33.0234 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/19 16:40:33.0375 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/12/19 16:40:33.0437 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/19 16:40:33.0484 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/19 16:40:33.0578 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/19 16:40:33.0625 ================================================================================
2010/12/19 16:40:33.0625 Scan finished
2010/12/19 16:40:33.0625 ================================================================================
2010/12/19 16:40:33.0640 Detected object count: 2
2010/12/19 16:41:01.0968 Locked service(vbmac2c9) - User select action: Skip
2010/12/19 16:41:02.0031 \HardDisk0 - will be cured after reboot
2010/12/19 16:41:02.0031 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2010/12/19 16:41:13.0312 Deinitialize success

broni · 2010/12/19

Good job

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Jepinto · 2010/12/19

I did not tell it to Cure, I said Continue

broni · 2010/12/19

User select action: Cure
Click to expand...

.....

Jepinto · 2010/12/19

Can not install combofix it starts and that is it

Jepinto · 2010/12/19

did I say thank YOU yet? I re4ally apprcite your help

broni · 2010/12/19

Did you try?
If, for some reason, Combofix refuses to run, try one of the following:
....and so on?

Jepinto · 2010/12/19

"broni said: ↑

Did you try?
If, for some reason, Combofix refuses to run, try one of the following:
....and so on?
Click to expand...

tried two of the four, will now go back

broni · 2010/12/19

Let me know...

Jepinto · 2010/12/20

Combofix still will not run, tried safe mode, tried renaming it, tried renaming and safe mode together. AVG is still showing as present, can not remove it yet through Add/Remove in control panel

rkill says it stopped "\\.\globalroot\Device\svchost.exe\svchost.exe "

Jepinto · 2010/12/20

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/19/2010 at 16:56:16.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

\\.\globalroot\Device\svchost.exe\svchost.exe

Rkill completed on 12/19/2010 at 16:56:20.

broni · 2010/12/20

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Jepinto · 2010/12/20

OTL downloads. When trying to run it, it shows a window for about 15 seconds, then quits. After that, it can not be reopened. I've downloaded it two more times, but the same thing happens, run a short bit then quit without warning. I also can not delete the OTL. Says access is denied, make sure the disk is not full or write protected, and the file is not currently in use.

broni · 2010/12/20

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.

Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here

Your system should now display a REATOGO-X-PE desktop.

Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.

Double-click on the OTLPE icon.

When asked Do you wish to load the remote registry, select Yes

When asked Do you wish to load remote user profile(s) for scanning, select Yes

Ensure the box Automatically Load All Remaining Users" is checked and press OK

OTL should now start.

Press Run Scan to start the scan.

When finished, the file will be saved in drive C:\OTL.txt

Copy this file to your USB drive if you do not have internet connection on this system

Please post the contents of the OTL.txt file in your reply.

Jepinto · 2010/12/20

am downloading now

broni · 2010/12/20

Cool

Jepinto · 2010/12/20

OTL logfile created on: 12/20/2010 7:23:47 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 795.00 Mb Available Physical Memory | 78.00% Memory free
902.00 Mb Paging File | 826.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 28.54 Gb Total Space | 15.00 Gb Free Space | 52.54% Space Free | Partition Type: NTFS
Drive D: | 3.72 Gb Total Space | 0.73 Gb Free Space | 19.51% Space Free | Partition Type: FAT32
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (userinit)
SRV - File not found [Disabled] -- C:\WINDOWS\System32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - File not found [Disabled] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/12/11 05:04:10 | 000,742,808 | ---- | M] (Support.com, Inc.) [Auto] -- C:\Program Files\Support.com EasySupport\esService.exe -- (Support.com EasySupport)
SRV - [2010/11/30 18:13:26 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/30 18:13:16 | 000,267,944 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/05/14 10:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/08/20 08:52:36 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/20 08:52:24 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/08/05 21:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2008/07/26 07:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Disabled] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 07:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Disabled] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/06/19 22:25:00 | 000,322,120 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- D:\INSTAL~E\Core\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/12/20 16:37:53 | 000,037,888 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\vbmac2c9.sys -- (vbmac2c9)
DRV - [2010/11/30 18:48:24 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/30 18:13:39 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/07/21 03:40:20 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/09/29 03:43:40 | 000,002,560 | ---- | M] (SupportSoft Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ssrangdr.sys -- (ssrangdr)
DRV - [2009/08/20 08:52:46 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/20 08:52:46 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/05 21:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/05/11 15:04:40 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/12/17 21:48:36 | 000,027,648 | ---- | M] (01 Communique Laboratory Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rdsdrvdm.sys -- (rdsdrvdm)
DRV - [2008/07/26 10:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/07/26 10:22:34 | 002,570,520 | R--- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008/07/26 07:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/28 15:56:47 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/01/28 15:56:38 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/03/01 15:05:38 | 000,090,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/10/17 10:03:32 | 004,368,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/01 02:58:42 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2006/03/23 11:59:00 | 000,061,056 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/03/23 11:59:00 | 000,037,888 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/03/17 12:03:32 | 000,027,904 | R--- | M] (ELANTECH Devices Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ktp.sys -- (Ktp)
DRV - [2005/12/12 02:08:44 | 001,124,097 | R--- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/12/05 02:55:29 | 001,428,096 | R--- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/07/11 09:39:59 | 000,014,080 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\MRFilter.sys -- (MrFilter)
DRV - [2003/03/04 10:30:34 | 000,180,074 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\System32\drivers\VVBackd5.sys -- (VVBackd5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80116
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80116&lng=en

IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\jennie_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\jennie_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZR&fl=0&ptb=3Vp0HltOMF8vkACQHg4JbQ&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
IE - HKU\User_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2769720
IE - HKU\User_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cd58aab&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q= "

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 16:42:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/11/06 12:04:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 16:42:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 18:20:06 | 000,000,000 | ---D | M]

[2010/12/20 17:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennie\Application Data\Mozilla\Extensions
[2010/12/20 19:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jennie\Application Data\Mozilla\Firefox\Profiles\dmbjtv8o.default\extensions
[2010/12/20 17:47:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jennie\Application Data\Mozilla\Firefox\Profiles\dmbjtv8o.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/20 19:10:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/18 22:08:23 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2008/10/08 14:14:36 | 000,266,048 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 9216 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: () - {DB35C569-5624-4CFC-8043-E5139F55A073} - C:\Program Files\Crawler\Shared\CShared.dll (Crawler.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {00F2C0C6-2194-484E-9064-44E57787867B} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\jennie_ON_C\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\jennie_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\User_ON_C\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\jennie_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\User_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/15 18:45:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/22 11:45:12 | 000,002,332 | ---- | M] () - C:\AutoSetup.log -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/20 19:01:22 | 127,353,979 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\jennie\Desktop\OTLPENet.exe
[2010/12/20 18:29:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennie\Application Data\Avira
[2010/12/20 18:12:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/12/20 17:59:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/12/20 17:59:27 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/20 17:59:27 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/20 17:59:27 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/12/20 17:59:27 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/12/20 17:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/12/20 17:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennie\My Documents\Support.com EasySupport
[2010/12/20 17:44:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennie\Local Settings\Application Data\AVG Security Toolbar
[2010/12/20 16:42:20 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/12/20 15:40:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/12/20 15:35:56 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/12/20 14:44:53 | 001,187,896 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\jennie\Desktop\ccsetup236.exe
[2010/12/20 14:40:25 | 004,502,416 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\jennie\Desktop\avg_free_stb_all_2011_1170_upgrade.exe
[2010/12/20 06:34:02 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/20 06:32:59 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/19 17:02:42 | 005,473,272 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\jennie\Desktop\AppRemover.exe
[2010/12/19 12:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\5643
[2010/12/19 12:39:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennie\Application Data\Malwarebytes
[2010/12/19 12:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennie\Application Data\Macromedia
[2010/12/19 12:20:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennie\Application Data\Adobe
[2010/12/19 12:16:55 | 000,278,016 | ---- | C] (SteelWerX) -- C:\WINDOWS\swreg.exe
[2010/12/19 12:12:10 | 000,000,000 | --SD | C] -- C:\Documents and Settings\jennie\Application Data\Microsoft
[2010/12/19 12:12:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennie\Application Data\Identities
[2010/12/19 12:12:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jennie\Application Data
[2010/12/19 12:12:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennie\My Documents\My Pictures
[2010/12/19 12:12:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennie\My Documents\My Music
[2010/12/19 12:12:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennie\My Documents
[2010/12/19 12:12:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennie\Favorites
[2010/12/19 12:12:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jennie\Cookies
[2010/12/19 12:12:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jennie\Local Settings
[2010/12/19 12:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennie\Application Data\VMware
[2010/12/19 12:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennie\My Documents\My Virtual Machines
[2010/12/19 12:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennie\Local Settings\Application Data\Mozilla
[2010/12/19 12:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennie\Application Data\Mozilla
[2010/12/19 12:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennie\Local Settings\Application Data\Microsoft
[2010/12/19 12:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jennie\Desktop
[2010/12/19 12:12:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jennie\SendTo
[2010/12/19 12:12:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jennie\Recent
[2010/12/19 12:12:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jennie\Start Menu
[2010/12/19 12:12:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jennie\Templates
[2010/12/19 12:12:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jennie\PrintHood
[2010/12/19 12:12:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jennie\NetHood
[2010/12/19 12:05:42 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\User\Desktop\HJTInstall.exe
[2010/12/19 11:19:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2010/12/19 11:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/12/19 11:17:19 | 001,187,896 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\User\Desktop\ccsetup236.exe
[2010/12/19 11:09:23 | 000,000,000 | ---D | C] -- C:\Program Files\getrid
[2010/12/19 11:03:46 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup-1.46.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/20 19:14:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/20 19:08:07 | 127,353,979 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\jennie\Desktop\OTLPENet.exe
[2010/12/20 18:16:05 | 000,602,112 | ---- | M] () -- C:\Documents and Settings\jennie\Desktop\OTL(3).exe
[2010/12/20 18:14:13 | 000,602,112 | ---- | M] () -- C:\Documents and Settings\jennie\Desktop\OTL(2).exe
[2010/12/20 18:07:35 | 000,602,112 | ---- | M] () -- C:\Documents and Settings\jennie\Desktop\OTL.exe
[2010/12/20 17:51:06 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/20 17:49:44 | 000,289,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/20 17:46:25 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/20 16:37:53 | 000,037,888 | ---- | M] () -- C:\WINDOWS\System32\drivers\vbmac2c9.sys
[2010/12/20 14:45:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\jennie\Desktop\CCleaner.lnk
[2010/12/20 14:40:33 | 004,502,416 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\jennie\Desktop\avg_free_stb_all_2011_1170_upgrade.exe
[2010/12/20 14:27:06 | 069,131,655 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/12/20 06:27:35 | 003,993,691 | ---- | M] () -- C:\Documents and Settings\jennie\Desktop\jennie.exe
[2010/12/20 06:22:21 | 000,660,787 | ---- | M] () -- C:\Documents and Settings\jennie\Desktop\rkill.scr
[2010/12/19 17:02:42 | 005,473,272 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\jennie\Desktop\AppRemover.exe
[2010/12/19 13:11:11 | 000,446,464 | ---- | M] () -- C:\Documents and Settings\jennie\Desktop\2TFC.exe
[2010/12/19 12:51:39 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\jennie\Desktop\dds.scr
[2010/12/19 12:38:24 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\jennie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/19 12:38:18 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\jennie\Desktop\Windows Media Player.lnk
[2010/12/19 12:33:42 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\jennie\Desktop\yig9s24b.exe
[2010/12/19 12:32:04 | 000,446,464 | ---- | M] () -- C:\Documents and Settings\jennie\Desktop\TFC.exe
[2010/12/19 12:05:46 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2010/12/19 11:42:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\settings.dat
[2010/12/19 11:21:02 | 000,204,856 | ---- | M] () -- C:\Documents and Settings\User\My Documents\cc_20101219_112050.reg
[2010/12/13 14:31:28 | 058,794,264 | ---- | M] () -- C:\Documents and Settings\jennie\Desktop\avira_antivir_personal_en.exe
[2010/12/13 14:26:42 | 000,464,491 | ---- | M] () -- C:\Documents and Settings\User\Desktop\RootRepeal.zip
[2010/12/13 14:21:34 | 003,989,182 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2010/12/13 14:16:56 | 000,575,488 | ---- | M] () -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/12/08 21:34:08 | 037,366,216 | ---- | M] () -- C:\WINDOWS\System32\MRT.exe
[2010/11/30 18:48:24 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/11/30 18:13:39 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/20 18:16:04 | 000,602,112 | ---- | C] () -- C:\Documents and Settings\jennie\Desktop\OTL(3).exe
[2010/12/20 18:14:12 | 000,602,112 | ---- | C] () -- C:\Documents and Settings\jennie\Desktop\OTL(2).exe
[2010/12/20 18:07:34 | 000,602,112 | ---- | C] () -- C:\Documents and Settings\jennie\Desktop\OTL.exe
[2010/12/20 17:45:10 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/12/20 16:37:53 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbmac2c9.sys
[2010/12/20 14:45:20 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\jennie\Desktop\CCleaner.lnk
[2010/12/20 06:22:20 | 000,660,787 | ---- | C] () -- C:\Documents and Settings\jennie\Desktop\rkill.scr
[2010/12/19 17:48:43 | 003,993,691 | ---- | C] () -- C:\Documents and Settings\jennie\Desktop\jennie.exe
[2010/12/19 13:11:09 | 000,446,464 | ---- | C] () -- C:\Documents and Settings\jennie\Desktop\2TFC.exe
[2010/12/19 12:53:16 | 058,794,264 | ---- | C] () -- C:\Documents and Settings\jennie\Desktop\avira_antivir_personal_en.exe
[2010/12/19 12:51:38 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\jennie\Desktop\dds.scr
[2010/12/19 12:38:18 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\jennie\Desktop\Windows Media Player.lnk
[2010/12/19 12:33:38 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\jennie\Desktop\yig9s24b.exe
[2010/12/19 12:32:03 | 000,446,464 | ---- | C] () -- C:\Documents and Settings\jennie\Desktop\TFC.exe
[2010/12/19 12:16:55 | 000,082,944 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/19 12:16:55 | 000,077,312 | ---- | C] () -- C:\WINDOWS\mbr.exe
[2010/12/19 12:12:12 | 000,001,802 | ---- | C] () -- C:\Documents and Settings\jennie\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/12/19 12:12:12 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\jennie\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2010/12/19 12:12:12 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\jennie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/19 12:12:12 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\jennie\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2010/12/19 12:12:12 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\jennie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/19 12:12:12 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\jennie\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/12/19 12:12:11 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\jennie\hpothb07.tif
[2010/12/19 12:12:11 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\jennie\hpothb07.dat
[2010/12/19 12:05:46 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2010/12/19 11:42:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\settings.dat
[2010/12/19 11:41:41 | 000,464,491 | ---- | C] () -- C:\Documents and Settings\User\Desktop\RootRepeal.zip
[2010/12/19 11:20:55 | 000,204,856 | ---- | C] () -- C:\Documents and Settings\User\My Documents\cc_20101219_112050.reg
[2010/12/19 11:17:31 | 000,575,488 | ---- | C] () -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/12/19 11:17:24 | 003,989,182 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2010/09/30 09:48:01 | 000,010,664 | ---- | C] () -- C:\Documents and Settings\User\resetlog.txt
[2010/09/28 10:00:09 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/11 12:53:44 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\VVBackd5.sys
[2009/07/12 16:08:20 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/07/26 07:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/09/24 10:44:43 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\LocalService\hpothb07.tif
[2007/09/24 10:44:43 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\LocalService\hpothb07.dat
[2007/09/24 10:44:37 | 000,000,255 | -H-- | C] () -- C:\Documents and Settings\User\Application Data\hpothb07.tif
[2007/09/24 10:44:37 | 000,000,177 | -H-- | C] () -- C:\Documents and Settings\User\Application Data\hpothb07.dat
[2007/09/24 10:44:33 | 000,000,255 | -H-- | C] () -- C:\Documents and Settings\User\hpothb07.tif
[2007/09/24 10:44:33 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\User\hpothb07.dat
[2007/08/27 13:01:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/01 13:29:10 | 000,030,010 | ---- | C] () -- C:\Documents and Settings\User\Application Data\wklnhst.dat
[2007/06/04 15:25:55 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\User\default.pls
[2007/05/23 19:30:16 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/05/08 23:53:10 | 000,000,405 | ---- | C] () -- C:\WINDOWS\vbface.INI
[2007/05/08 23:01:32 | 000,180,074 | ---- | C] () -- C:\WINDOWS\System32\drivers\VVBackd5.sys
[2006/12/16 11:58:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/16 11:43:07 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/12/16 11:01:29 | 000,356,352 | R--- | C] () -- C:\WINDOWS\EMCRI.dll
[2006/12/15 13:33:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/02/28 07:00:00 | 000,806,448 | ---- | C] () -- C:\WINDOWS\System32\mscqofpm.dll

========== LOP Check ==========

[2010/11/18 22:08:33 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\alot
[2010/11/18 22:12:28 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Inbox Toolbar
[2009/06/24 13:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVGTOOLBAR
[2010/11/18 22:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Inbox Toolbar
[2010/11/18 22:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\PriceGong
[2010/11/18 22:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2008/04/28 11:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AT&T
[2010/12/19 11:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Bitrix Security
[2009/12/14 20:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CVS
[2009/07/12 16:07:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2007/06/11 13:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MSNInstaller
[2010/12/19 11:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PriceGong
[2008/10/09 13:25:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Skinux
[2009/07/15 05:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SPAMfighter
[2009/11/11 12:04:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\supportdotcom
[2009/11/11 14:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SupportSoft
[2007/07/31 09:35:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Template
[2010/11/19 15:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WhiteSmokeTranslator
[2010/08/11 13:40:52 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/08/11 13:42:49 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job

========== Purity Check ==========

< End of report >

Log in or Sign up

Inactive [InActive] can't run virus scan, mbam will not install

Jepinto Well-Known Member Thread Starter

Jepinto Well-Known Member Thread Starter

broni Moderator Malware Analyst

Jepinto Well-Known Member Thread Starter

broni Moderator Malware Analyst

Jepinto Well-Known Member Thread Starter

broni Moderator Malware Analyst

Jepinto Well-Known Member Thread Starter

Jepinto Well-Known Member Thread Starter

broni Moderator Malware Analyst

Jepinto Well-Known Member Thread Starter

broni Moderator Malware Analyst

Jepinto Well-Known Member Thread Starter

Jepinto Well-Known Member Thread Starter

broni Moderator Malware Analyst

Jepinto Well-Known Member Thread Starter

broni Moderator Malware Analyst

Jepinto Well-Known Member Thread Starter

broni Moderator Malware Analyst

Jepinto Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Inactive [InActive] can't run virus scan, mbam will not install

Jepinto Well-Known Member Thread Starter

Jepinto Well-Known Member Thread Starter

broni Moderator Malware Analyst

Jepinto Well-Known Member Thread Starter

broni Moderator Malware Analyst

Jepinto Well-Known Member Thread Starter

broni Moderator Malware Analyst

Jepinto Well-Known Member Thread Starter

Jepinto Well-Known Member Thread Starter

broni Moderator Malware Analyst

Jepinto Well-Known Member Thread Starter

broni Moderator Malware Analyst

Jepinto Well-Known Member Thread Starter

Jepinto Well-Known Member Thread Starter

broni Moderator Malware Analyst

Jepinto Well-Known Member Thread Starter

broni Moderator Malware Analyst

Jepinto Well-Known Member Thread Starter

broni Moderator Malware Analyst

Jepinto Well-Known Member Thread Starter

Share This Page

Useful Searches