Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Can't get rid of Trojan horse Agent_r.QS


  • Please log in to reply

#1
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,911 posts
Hello all, and thank you for the help in advance. My daughter's netbook is infested with malware. I've run AVG and it cleaned most of them out (I think) but these last few here will not go away. Any help will be appreciated!

This is what AVG says about them:

"";"C:\WINDOWS\system32\winlogon.exe (780):\memory_00180000";"Trojan horse Agent_r.QS";"Object is inaccessible."

"";"C:\WINDOWS\system32\svchost.exe (2512):\memory_001a0000";"Trojan horse Agent_r.QS";"Object is inaccessible."

"";"C:\WINDOWS\system32\spoolsv.exe (1768):\memory_001a0000";"Trojan horse Agent_r.QS";"Object is inaccessible."

Rusty
  • 0

Advertisements


#2
NeonFx

NeonFx

    Malware Removal Dude

  • Expert
  • 3,797 posts
Hi Rusty,

I would be glad to assist you with this problem. Please try the following steps and let me know if you have any trouble or questions:


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic




STEP 2:


Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image
Click the "Scan" button to start scan

Posted Image
On completion of the scan click save log, save it to your desktop and post in your next reply.



STEP 3:


Go HERE to get a randomly named copy of GMER. Scroll down to the Download section and click Download EXE. Save it to your desktop.

Before scanning with GMER, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

  • Double click on the file you downloaded. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


If GMER will not run in normal windows, please run it in Safe Mode
  • 0

#3
pystryker

pystryker

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 3,911 posts
Hey neon, thanks :-) Here are the logs you requested:


Here's one of the OTL Logs:

OTL logfile created on: 3/21/2011 7:39:09 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Annie's\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 359.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 47.70 Gb Free Space | 85.35% Space Free | Partition Type: NTFS

Computer Name: ANNIE | User Name: Annie's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/21 19:37:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Annie's\Desktop\OTL.exe
PRC - [2011/03/03 13:16:33 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/07 01:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/07/20 15:30:10 | 011,660,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\Install\NDP20SP2-KB983583-x86.exe
PRC - [2010/05/19 13:08:56 | 000,321,888 | ---- | M] (Microsoft Corporation) -- c:\6b74ad489d9752676e295ce3\HotFixInstaller.exe
PRC - [2008/08/29 19:03:24 | 000,442,477 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2008/08/29 19:03:24 | 000,237,667 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2008/07/30 13:56:16 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/14 23:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 23:00:00 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
PRC - [2008/03/25 07:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe


========== Modules (SafeList) ==========

MOD - [2011/03/21 19:37:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Annie's\Desktop\OTL.exe
MOD - [2008/07/30 13:54:34 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2008/04/14 23:00:00 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/14 23:00:00 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/14 23:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/14 23:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/14 23:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008/04/14 23:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/14 23:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009/12/10 12:03:14 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/08/29 19:03:24 | 000,237,667 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2008/12/23 03:02:38 | 001,294,200 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/08/29 19:03:24 | 001,388,980 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/08/28 10:16:36 | 000,112,128 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/07/24 12:37:16 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/07/24 12:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/07/24 12:37:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/06/27 13:02:00 | 000,289,024 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/05/30 06:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/03/10 13:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 12:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.Yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Yahoo.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {E5002167-3434-4D59-9CD6-EA5338E7A122}:1.9.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178

FF - HKLM\software\mozilla\Firefox\Extensions\\{E5002167-3434-4D59-9CD6-EA5338E7A122}: C:\Documents and Settings\Annie's\Local Settings\Application Data\{E5002167-3434-4D59-9CD6-EA5338E7A122} [2010/02/04 00:11:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/03/19 16:25:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/20 00:27:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/20 00:27:20 | 000,000,000 | ---D | M]

[2011/03/20 00:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Annie's\Application Data\Mozilla\Extensions
[2011/03/21 19:32:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Annie's\Application Data\Mozilla\Firefox\Profiles\l8tf1wh5.default\extensions
[2011/03/20 15:30:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Annie's\Application Data\Mozilla\Firefox\Profiles\l8tf1wh5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/20 00:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/04 00:11:06 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ANNIE'S\LOCAL SETTINGS\APPLICATION DATA\{E5002167-3434-4D59-9CD6-EA5338E7A122}
[2011/03/19 16:25:22 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2009/11/28 09:14:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT

O1 HOSTS File: ([2008/04/14 23:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {f5c6ede3-a718-427c-a61f-18ebf40fb0f6} - File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Annie's] File not found
O4 - HKCU..\Run: [mgwueb] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1300571324421 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdsock.dll) - File not found
O20 - AppInit_DLLs: (norefose.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O21 - SSODL: furukakoh - {5e56a70e-0569-42a7-b1e7-3df86d98e611} - CLSID or File not found.
O21 - SSODL: hehididel - {7c8da397-d008-4d4f-b282-6ba7483c34d0} - CLSID or File not found.
O21 - SSODL: tonifiwud - {daeb790d-0d18-4ca6-ba2b-bf715506f034} - CLSID or File not found.
O22 - SharedTaskScheduler: {5e56a70e-0569-42a7-b1e7-3df86d98e611} - kupuhivus - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {c219667b-ba81-42dc-bfc6-5cd5e5812b7d} - jugezatag - Reg Error: Key error. File not found
O22 - SharedTaskScheduler: {daeb790d-0d18-4ca6-ba2b-bf715506f034} - jugezatag - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{499e4a90-d564-11de-9123-002243da6067}\Shell\AutoRun\command - "" = D:\8dtyjjf.exe
O33 - MountPoints2\{499e4a90-d564-11de-9123-002243da6067}\Shell\open\Command - "" = D:\8dtyjjf.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/21 19:37:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Annie's\Desktop\OTL.exe
[2011/03/21 19:35:07 | 000,000,000 | ---D | C] -- C:\6b74ad489d9752676e295ce3
[2011/03/21 19:22:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/03/20 15:35:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/03/20 15:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annie's\My Documents\Downloads
[2011/03/20 00:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annie's\Local Settings\Application Data\Mozilla
[2011/03/20 00:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annie's\Application Data\Mozilla
[2011/03/20 00:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/03/19 22:50:36 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/03/19 22:50:36 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/03/19 22:50:14 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/03/19 16:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/03/19 16:25:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/03/19 16:21:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Annie's\IECompatCache
[2011/03/19 14:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annie's\Application Data\Malwarebytes
[2011/03/19 14:16:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/19 14:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/19 14:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/19 14:15:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/19 14:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/19 12:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annie's\Application Data\AVG10
[2011/03/19 12:14:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/19 12:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/19 12:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/03/19 12:02:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/19 11:56:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/18 21:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/03/18 15:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/03/17 20:02:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Annie's\PrivacIE
[2011/03/17 19:53:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Annie's\IETldCache
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/21 19:40:38 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/21 19:40:38 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/21 19:38:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/21 19:37:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Annie's\Desktop\OTL.exe
[2011/03/21 19:28:48 | 109,468,359 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/21 19:20:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/21 19:20:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/21 19:20:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/21 19:20:21 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/20 19:10:46 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\fwdkvlhb.job
[2011/03/20 15:35:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/20 00:27:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/03/20 00:27:24 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Annie's\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/20 00:27:24 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/19 23:59:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/19 23:52:21 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\tatubawa
[2011/03/19 22:45:51 | 085,803,008 | ---- | M] () -- C:\Documents and Settings\Annie's\Desktop\VIPRERescue8751.exe
[2011/03/19 22:16:25 | 000,008,928 | ---- | M] () -- C:\WINDOWS\Sxahuretozunese.dat
[2011/03/19 16:26:34 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/03/19 13:06:52 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/19 11:55:32 | 000,000,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/03/19 11:43:56 | 000,009,060 | ---- | M] () -- C:\WINDOWS\anaqujuz.dll
[2011/03/18 21:28:59 | 000,009,044 | ---- | M] () -- C:\WINDOWS\unuwemowemowe.dll
[2011/03/18 15:32:22 | 000,012,386 | ---- | M] () -- C:\WINDOWS\iqedahigusudiho.dll
[2011/03/18 13:07:22 | 000,012,556 | ---- | M] () -- C:\WINDOWS\awofatufoqi.dll
[2011/03/17 20:49:34 | 000,012,340 | ---- | M] () -- C:\WINDOWS\enaburuyaxu.dll
[2011/03/17 20:02:18 | 000,012,281 | ---- | M] () -- C:\WINDOWS\ofotamaga.dll
[2011/03/17 19:54:17 | 000,012,555 | ---- | M] () -- C:\WINDOWS\ucunibume.dll
[2011/03/17 19:53:51 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Annie's\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\tatubawa
[2011/03/21 19:28:48 | 109,468,359 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/20 00:27:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/20 00:27:24 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Annie's\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/20 00:27:24 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/19 22:49:29 | 085,803,008 | ---- | C] () -- C:\Documents and Settings\Annie's\Desktop\VIPRERescue8751.exe
[2011/03/19 16:26:34 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/03/19 14:16:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/19 13:03:28 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/19 13:03:26 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/03/19 11:55:32 | 000,000,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/03/19 11:43:56 | 000,009,060 | ---- | C] () -- C:\WINDOWS\anaqujuz.dll
[2011/03/18 21:28:59 | 000,009,044 | ---- | C] () -- C:\WINDOWS\unuwemowemowe.dll
[2011/03/18 15:33:12 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/18 15:32:21 | 000,012,386 | ---- | C] () -- C:\WINDOWS\iqedahigusudiho.dll
[2011/03/18 13:07:21 | 000,012,556 | ---- | C] () -- C:\WINDOWS\awofatufoqi.dll
[2011/03/17 20:49:34 | 000,012,340 | ---- | C] () -- C:\WINDOWS\enaburuyaxu.dll
[2011/03/17 20:02:17 | 000,012,281 | ---- | C] () -- C:\WINDOWS\ofotamaga.dll
[2011/03/17 19:54:17 | 000,012,555 | ---- | C] () -- C:\WINDOWS\ucunibume.dll
[2010/02/06 23:46:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2010/02/06 23:26:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2010/02/06 23:06:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2010/02/06 22:46:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2010/02/06 22:26:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2010/02/06 22:06:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2010/02/06 21:46:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2010/02/06 21:26:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2010/02/06 20:56:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2010/02/06 19:03:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010/02/06 18:43:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010/02/06 18:23:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/02/04 00:11:14 | 000,008,928 | ---- | C] () -- C:\WINDOWS\Sxahuretozunese.dat
[2010/02/04 00:11:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hrusu.bin
[2009/11/20 21:52:12 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Annie's\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/19 18:37:27 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Annie's\Application Data\wklnhst.dat
[2008/12/23 03:11:31 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/12/23 02:57:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/07/30 13:55:02 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/06/24 12:48:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/24 12:48:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/24 12:26:44 | 000,441,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/06/24 12:26:44 | 000,071,462 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/06/24 12:16:28 | 000,224,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/24 12:12:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/24 12:10:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/14 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 16:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 16:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/03/19 16:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/19 12:14:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/19 16:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/02/24 00:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2011/03/19 11:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/12/20 15:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/23 03:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/03/19 12:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Annie's\Application Data\AVG10
[2009/11/19 18:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Annie's\Application Data\Template
[2008/12/23 03:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Annie's\Application Data\TMP
[2009/11/21 17:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Annie's\Application Data\uTorrent
[2011/03/20 19:10:46 | 000,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\fwdkvlhb.job

========== Purity Check ==========



< End of report >


Extras Log:

OTL Extras logfile created on: 3/21/2011 7:39:09 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Annie's\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 359.00 Mb Available Physical Memory | 35.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 47.70 Gb Free Space | 85.35% Space Free | Partition Type: NTFS

Computer Name: ANNIE | User Name: Annie's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"15583:TCP" = 15583:TCP:*:Enabled:BitComet 15583 TCP
"15583:UDP" = 15583:UDP:*:Enabled:BitComet 15583 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Downloads\rkill.com" = C:\Downloads\rkill.com:*:Enabled:rkill -- ()
"C:\WINDOWS\system32\ssflwbox.scr" = C:\WINDOWS\system32\ssflwbox.scr:*:Enabled:ssflwbox -- (Microsoft Corporation)
"C:\Downloads\mikey.exe" = C:\Downloads\mikey.exe:*:Enabled:mikey -- (Malwarebytes Corporation )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{1178CE69-1B1D-4ED2-9E52-3E98A8C99816}" = HP User Guides 0119
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4F2AF17E-94F0-4F22-943D-216CE46AC502}" = HP Mobile Broadband Setup Utility
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E35AF511-B618-4D02-B559-0F2147341D3B}" = AVG 2011
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"553D07C7937AEF19AECBF1E27F5709BCDA84B2C7" = Windows Driver Package - SMSC LAN9500 USB 2.0 to Ethernet 10/100 Adapter x86 Driver (05/12/2008 1.52.0000.0000)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2011
"B7BEAA1057EE33043F87079C40B92DE3EAEBDEEF" = Windows Driver Package - SMSC LAN9500 USB 2.0 to Ethernet 10/100 Adapter x64 Driver (05/12/2008 1.52.0000.0000)
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 12.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 3/20/2011 12:56:03 AM | Computer Name = ANNIE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 3/20/2011 12:56:03 AM | Computer Name = ANNIE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 3/20/2011 1:08:50 AM | Computer Name = ANNIE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 3/20/2011 1:08:50 AM | Computer Name = ANNIE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 3/20/2011 4:27:08 PM | Computer Name = ANNIE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f0f4: Security Update for Windows XP (KB2393802).

Error - 3/20/2011 8:11:08 PM | Computer Name = ANNIE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 3/20/2011 8:11:08 PM | Computer Name = ANNIE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 3/21/2011 8:20:50 PM | Computer Name = ANNIE | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 3/21/2011 8:20:50 PM | Computer Name = ANNIE | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 3/21/2011 8:24:28 PM | Computer Name = ANNIE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x8007f0f4: Security Update for Windows XP (KB2393802).


< End of report >


aswMBR Log:

aswMBR version 0.9.4 Copyright© 2011 AVAST Software
Run date: 2011-03-21 19:52:39
-----------------------------
19:52:39.015 OS Version: Windows 5.1.2600 Service Pack 3
19:52:39.015 Number of processors: 2 586 0x1C02
19:52:39.015 ComputerName: ANNIE UserName:
19:52:41.390 Initialize success
19:53:13.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdePort0
19:53:13.984 Disk 0 Vendor: SAMSUNG_HS06THB NN100-04 Size: 57241MB BusType: 3
19:53:13.984 Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_HS06THB_________________________NN100-04#31534b53314a5136324335333836202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} not found
19:53:14.000 Device \Driver\atapi -> DriverStartIo 86d4c4bf
19:53:16.078 Disk 0 MBR read successfully
19:53:16.093 Disk 0 MBR scan
19:53:18.125 Disk 0 scanning sectors +117210240
19:53:18.234 Disk 0 scanning C:\WINDOWS\system32\drivers
19:53:35.781 File C:\WINDOWS\system32\drivers\atapi.sys TDL3 **ROOTKIT**
19:53:35.828 Disk 0 trace - called modules:
19:53:35.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86d4c618]<<
19:53:35.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d04ab8]
19:53:35.890 3 CLASSPNP.SYS[f74e8fd7] -> nt!IofCallDriver -> \Device\0000006a[0x86d07478]
19:53:35.921 5 ACPI.sys[f735f620] -> nt!IofCallDriver -> [0x86d79d98]
19:53:35.968 [0x86d2a8c0] -> IRP_MJ_CREATE -> 0x86d4c618
19:53:36.000 Scan finished successfully


GMER.TXT

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-21 20:16:27
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 SAMSUNG_HS06THB rev.NN100-04
Running: 6uontf8s.exe; Driver: C:\DOCUME~1\Annie's\LOCALS~1\Temp\uxtdrpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA3EAD6C0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA3EAD770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA3EAD810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA3EAD8B0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2FC8 80504864 8 Bytes JMP EAD810A3
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF73277A4]
? C:\DOCUME~1\Annie's\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\wuauclt.exe[704] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\wuauclt.exe[704] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\system32\wuauclt.exe[704] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C
.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006D000A
.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006C000C
.text C:\WINDOWS\System32\svchost.exe[1136] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 032A000A
.text C:\WINDOWS\Explorer.EXE[1524] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1524] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[1524] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[1612] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0125000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1612] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0126000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1612] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0124000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[1612] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\WINDOWS\system32\wuauclt.exe[3500] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\wuauclt.exe[3500] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\wuauclt.exe[3500] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C1000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 86D4C4BF

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskSAMSUNG_HS06THB_________________________NN100-04#31534b53314a5136324335333836202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification; TDL3 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

Edited by pystryker, 21 March 2011 - 07:48 PM.

  • 0

#4
NeonFx

NeonFx

    Malware Removal Dude

  • Expert
  • 3,797 posts
Hi again! Thank you for that. It helps give me a good overview of what's running on your computer and it helps me develop a plan of action. Let's start fixing things now!

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 3,911 posts
Hey Neon, here's the combofix log:

ComboFix 11-03-21.01 - Annie's 03/21/2011 22:32:40.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.768 [GMT -5:00]
Running from: c:\documents and settings\Annie's\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Fast Browser Search
c:\windows\anaqujuz.dll
c:\windows\awofatufoqi.dll
c:\windows\enaburuyaxu.dll
c:\windows\iqedahigusudiho.dll
c:\windows\ofotamaga.dll
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\29358.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\Tasks\fwdkvlhb.job
c:\windows\Temp\tmp3.tmp
c:\windows\ucunibume.dll
c:\windows\unuwemowemowe.dll
.
Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty had a snack :D
.
((((((((((((((((((((((((( Files Created from 2011-02-22 to 2011-03-22 )))))))))))))))))))))))))))))))
.
.
2011-03-20 20:35 . 2011-03-20 20:35 -------- d-----w- c:\windows\ie8updates
2011-03-20 05:12 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2011-03-20 05:11 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-03-20 03:50 . 2010-11-09 19:56 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-20 03:50 . 2010-11-09 19:56 27984 ----a-w- c:\windows\system32\sbbd.exe
2011-03-20 03:50 . 2011-03-20 04:50 -------- d-----w- C:\VIPRERESCUE
2011-03-19 21:21 . 2011-03-19 21:21 -------- d-sh--w- c:\documents and settings\Annie's\IECompatCache
2011-03-19 19:16 . 2011-03-19 19:16 -------- d-----w- c:\documents and settings\Annie's\Application Data\Malwarebytes
2011-03-19 19:16 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-19 19:16 . 2011-03-19 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-03-19 19:15 . 2011-03-20 04:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-19 19:15 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-19 17:16 . 2011-03-19 17:16 -------- d-----w- c:\documents and settings\Annie's\Application Data\AVG10
2011-03-19 17:14 . 2011-03-19 17:14 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-03-19 17:12 . 2011-03-22 03:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-03-19 17:11 . 2011-03-19 17:11 -------- d-----w- c:\program files\AVG
2011-03-19 17:02 . 2011-03-19 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-03-19 02:25 . 2011-03-19 02:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-03-18 20:33 . 2011-03-18 20:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-03-18 01:02 . 2011-03-18 01:02 -------- d-sh--w- c:\documents and settings\Annie's\PrivacIE
2011-03-18 00:58 . 2011-03-18 00:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-03-18 00:55 . 2011-03-18 00:55 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2011-03-18 00:54 . 2011-03-18 00:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-03-18 00:53 . 2011-03-18 00:53 -------- d-sh--w- c:\documents and settings\Annie's\IETldCache
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-19 18:28 . 2008-04-14 15:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"IDTSysTrayApp"="sttray.exe" [2008-08-30 442477]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1343488]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2008-07-08 439600]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 604776]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Wireless Assistant\\HPWAMain.exe"=
"c:\\Program Files\\Hewlett-Packard\\Shared\\HpqToaster.exe"=
"c:\\Downloads\\rkill.com"=
"c:\\WINDOWS\\system32\\ssflwbox.scr"=
"c:\\Downloads\\mikey.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15583:TCP"= 15583:TCP:BitComet 15583 TCP
"15583:UDP"= 15583:UDP:BitComet 15583 UDP
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [3/19/2011 10:50 PM 98392]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [12/23/2008 2:58 AM 112128]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/26/2010 5:26 PM 135664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 22:26]
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 22:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.Yahoo.com
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: {FBA1985F-CA2E-4F9A-A9A8-993EE3523E2C} = 68.87.74.166
FF - ProfilePath - c:\documents and settings\Annie's\Application Data\Mozilla\Firefox\Profiles\l8tf1wh5.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext
FF - Ext: XULRunner: {E5002167-3434-4D59-9CD6-EA5338E7A122} - c:\documents and settings\Annie's\Local Settings\Application Data\{E5002167-3434-4D59-9CD6-EA5338E7A122}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{f5c6ede3-a718-427c-a61f-18ebf40fb0f6} - lebesisu.dll
HKCU-Run-mgwueb - c:\documents and settings\Annie's\mgwueb.exe
SharedTaskScheduler-{5e56a70e-0569-42a7-b1e7-3df86d98e611} - (no file)
SharedTaskScheduler-{c219667b-ba81-42dc-bfc6-5cd5e5812b7d} - (no file)
SharedTaskScheduler-{daeb790d-0d18-4ca6-ba2b-bf715506f034} - (no file)
SSODL-furukakoh-{5e56a70e-0569-42a7-b1e7-3df86d98e611} - (no file)
SSODL-hehididel-{7c8da397-d008-4d4f-b282-6ba7483c34d0} - (no file)
SSODL-tonifiwud-{daeb790d-0d18-4ca6-ba2b-bf715506f034} - (no file)
Notify-TPSvc - TPSvc.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-21 22:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c2,55,89,c3,22,31,66,4f,a5,99,3e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c2,55,89,c3,22,31,66,4f,a5,99,3e,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2396)
c:\windows\system32\btmmhook.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\wscntfy.exe
c:\windows\sttray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2011-03-21 22:44:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-22 03:43
.
Pre-Run: 51,598,647,296 bytes free
Post-Run: 51,745,845,248 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 2EF86BE4DD7EAB8DA3C6E307C01B8ACF
  • 0

#6
NeonFx

NeonFx

    Malware Removal Dude

  • Expert
  • 3,797 posts
Hey there, sorry for the wait and thank you for your patience!

You're looking better now. Lets run a fix and some scanning tools.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {f5c6ede3-a718-427c-a61f-18ebf40fb0f6} - File not found
    O4 - HKCU..\Run: [Annie's] File not found
    O4 - HKCU..\Run: [mgwueb] File not found
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\kbdsock.dll) - File not found
    O20 - AppInit_DLLs: (norefose.dll) - File not found
    O21 - SSODL: furukakoh - {5e56a70e-0569-42a7-b1e7-3df86d98e611} - CLSID or File not found.
    O21 - SSODL: hehididel - {7c8da397-d008-4d4f-b282-6ba7483c34d0} - CLSID or File not found.
    O21 - SSODL: tonifiwud - {daeb790d-0d18-4ca6-ba2b-bf715506f034} - CLSID or File not found.
    O22 - SharedTaskScheduler: {5e56a70e-0569-42a7-b1e7-3df86d98e611} - kupuhivus - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {c219667b-ba81-42dc-bfc6-5cd5e5812b7d} - jugezatag - Reg Error: Key error. File not found
    O22 - SharedTaskScheduler: {daeb790d-0d18-4ca6-ba2b-bf715506f034} - jugezatag - Reg Error: Key error. File not found
    O33 - MountPoints2\{499e4a90-d564-11de-9123-002243da6067}\Shell\AutoRun\command - "" = D:\8dtyjjf.exe
    O33 - MountPoints2\{499e4a90-d564-11de-9123-002243da6067}\Shell\open\Command - "" = D:\8dtyjjf.exe
    [2011/03/20 19:10:46 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\fwdkvlhb.job
    [2011/03/19 22:16:25 | 000,008,928 | ---- | M] () -- C:\WINDOWS\Sxahuretozunese.dat
    [2011/03/19 23:52:21 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\tatubawa
    [2011/03/19 11:55:32 | 000,000,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2011/03/19 11:43:56 | 000,009,060 | ---- | M] () -- C:\WINDOWS\anaqujuz.dll
    [2011/03/18 21:28:59 | 000,009,044 | ---- | M] () -- C:\WINDOWS\unuwemowemowe.dll
    [2011/03/18 15:32:22 | 000,012,386 | ---- | M] () -- C:\WINDOWS\iqedahigusudiho.dll
    [2011/03/18 13:07:22 | 000,012,556 | ---- | M] () -- C:\WINDOWS\awofatufoqi.dll
    [2011/03/17 20:49:34 | 000,012,340 | ---- | M] () -- C:\WINDOWS\enaburuyaxu.dll
    [2011/03/17 20:02:18 | 000,012,281 | ---- | M] () -- C:\WINDOWS\ofotamaga.dll
    [2011/03/17 19:54:17 | 000,012,555 | ---- | M] () -- C:\WINDOWS\ucunibume.dll
    [2011/03/19 11:55:32 | 000,000,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
    [2011/03/19 11:43:56 | 000,009,060 | ---- | C] () -- C:\WINDOWS\anaqujuz.dll
    [2011/03/18 21:28:59 | 000,009,044 | ---- | C] () -- C:\WINDOWS\unuwemowemowe.dll
    [2011/03/18 15:32:21 | 000,012,386 | ---- | C] () -- C:\WINDOWS\iqedahigusudiho.dll
    [2011/03/18 13:07:21 | 000,012,556 | ---- | C] () -- C:\WINDOWS\awofatufoqi.dll
    [2011/03/17 20:49:34 | 000,012,340 | ---- | C] () -- C:\WINDOWS\enaburuyaxu.dll
    [2011/03/17 20:02:17 | 000,012,281 | ---- | C] () -- C:\WINDOWS\ofotamaga.dll
    [2011/03/17 19:54:17 | 000,012,555 | ---- | C] () -- C:\WINDOWS\ucunibume.dll
    [2010/02/06 23:46:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
    [2010/02/06 23:26:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
    [2010/02/06 23:06:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
    [2010/02/06 22:46:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
    [2010/02/06 22:26:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
    [2010/02/06 22:06:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
    [2010/02/06 21:46:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
    [2010/02/06 21:26:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
    [2010/02/06 20:56:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
    [2010/02/06 19:03:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
    [2010/02/06 18:43:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
    [2010/02/06 18:23:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
    [2010/02/04 00:11:14 | 000,008,928 | ---- | C] () -- C:\WINDOWS\Sxahuretozunese.dat
    [2010/02/04 00:11:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hrusu.bin
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.



Malwarebytes' Anti-Malware
Please run Malwarebytes' Anti-Malware
  • Please update MalwareBytes by clicking on the update tab and then on the button.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.




TDSSKiller
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If a Malicious file is detected, the default action will be Cure, click on Continue
  • If a Suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#7
pystryker

pystryker

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 3,911 posts
Hey Neon, here's the logs you requested:

OTL Log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f5c6ede3-a718-427c-a61f-18ebf40fb0f6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5c6ede3-a718-427c-a61f-18ebf40fb0f6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Annie's not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\mgwueb not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\furukakoh not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e56a70e-0569-42a7-b1e7-3df86d98e611}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\hehididel not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7c8da397-d008-4d4f-b282-6ba7483c34d0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\tonifiwud not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{daeb790d-0d18-4ca6-ba2b-bf715506f034}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{5e56a70e-0569-42a7-b1e7-3df86d98e611} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e56a70e-0569-42a7-b1e7-3df86d98e611}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{c219667b-ba81-42dc-bfc6-5cd5e5812b7d} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c219667b-ba81-42dc-bfc6-5cd5e5812b7d}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{daeb790d-0d18-4ca6-ba2b-bf715506f034} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{daeb790d-0d18-4ca6-ba2b-bf715506f034}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{499e4a90-d564-11de-9123-002243da6067}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{499e4a90-d564-11de-9123-002243da6067}\ not found.
File D:\8dtyjjf.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{499e4a90-d564-11de-9123-002243da6067}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{499e4a90-d564-11de-9123-002243da6067}\ not found.
File D:\8dtyjjf.exe not found.
File C:\WINDOWS\tasks\fwdkvlhb.job not found.
C:\WINDOWS\Sxahuretozunese.dat moved successfully.
C:\WINDOWS\system32\tatubawa moved successfully.
C:\WINDOWS\system32\drivers\kgpcpy.cfg moved successfully.
File C:\WINDOWS\anaqujuz.dll not found.
File C:\WINDOWS\unuwemowemowe.dll not found.
File C:\WINDOWS\iqedahigusudiho.dll not found.
File C:\WINDOWS\awofatufoqi.dll not found.
File C:\WINDOWS\enaburuyaxu.dll not found.
File C:\WINDOWS\ofotamaga.dll not found.
File C:\WINDOWS\ucunibume.dll not found.
File C:\WINDOWS\System32\drivers\kgpcpy.cfg not found.
File C:\WINDOWS\anaqujuz.dll not found.
File C:\WINDOWS\unuwemowemowe.dll not found.
File C:\WINDOWS\iqedahigusudiho.dll not found.
File C:\WINDOWS\awofatufoqi.dll not found.
File C:\WINDOWS\enaburuyaxu.dll not found.
File C:\WINDOWS\ofotamaga.dll not found.
File C:\WINDOWS\ucunibume.dll not found.
File C:\WINDOWS\System32\23281.exe not found.
File C:\WINDOWS\System32\28145.exe not found.
File C:\WINDOWS\System32\5705.exe not found.
File C:\WINDOWS\System32\24464.exe not found.
File C:\WINDOWS\System32\26962.exe not found.
File C:\WINDOWS\System32\29358.exe not found.
File C:\WINDOWS\System32\11478.exe not found.
File C:\WINDOWS\System32\15724.exe not found.
File C:\WINDOWS\System32\19169.exe not found.
File C:\WINDOWS\System32\26500.exe not found.
File C:\WINDOWS\System32\6334.exe not found.
File C:\WINDOWS\System32\18467.exe not found.
File C:\WINDOWS\Sxahuretozunese.dat not found.
C:\WINDOWS\Hrusu.bin moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Annie's
->Temp folder emptied: 3535 bytes
->Temporary Internet Files folder emptied: 327974 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58639162 bytes
->Flash cache emptied: 2005516 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41620 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 3055 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1400908 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 60.00 mb


[EMPTYFLASH]

User: All Users

User: Annie's
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.22.3 log created on 03232011_173356

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


MBAM Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6146

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/23/2011 5:52:12 PM
mbam-log-2011-03-23 (17-52-12).txt

Scan type: Full scan (C:\|)
Objects scanned: 167444
Time elapsed: 13 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

TDS KILLER LOG

2011/03/23 17:57:06.0796 3632 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/23 17:57:07.0531 3632 ================================================================================
2011/03/23 17:57:07.0531 3632 SystemInfo:
2011/03/23 17:57:07.0531 3632
2011/03/23 17:57:07.0531 3632 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/23 17:57:07.0531 3632 Product type: Workstation
2011/03/23 17:57:07.0531 3632 ComputerName: ANNIE
2011/03/23 17:57:07.0531 3632 UserName: Annie's
2011/03/23 17:57:07.0531 3632 Windows directory: C:\WINDOWS
2011/03/23 17:57:07.0531 3632 System windows directory: C:\WINDOWS
2011/03/23 17:57:07.0531 3632 Processor architecture: Intel x86
2011/03/23 17:57:07.0531 3632 Number of processors: 2
2011/03/23 17:57:07.0531 3632 Page size: 0x1000
2011/03/23 17:57:07.0531 3632 Boot type: Normal boot
2011/03/23 17:57:07.0531 3632 ================================================================================
2011/03/23 17:57:08.0125 3632 Initialize success
2011/03/23 17:57:12.0765 3524 ================================================================================
2011/03/23 17:57:12.0765 3524 Scan started
2011/03/23 17:57:12.0765 3524 Mode: Manual;
2011/03/23 17:57:12.0765 3524 ================================================================================
2011/03/23 17:57:15.0390 3524 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/03/23 17:57:15.0468 3524 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/23 17:57:15.0531 3524 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/23 17:57:15.0593 3524 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/03/23 17:57:15.0656 3524 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/23 17:57:15.0734 3524 AESTAud (20f078136f3bdc4c0405c0527b769303) C:\WINDOWS\system32\drivers\AESTAud.sys
2011/03/23 17:57:15.0765 3524 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/23 17:57:15.0796 3524 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/03/23 17:57:15.0843 3524 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/03/23 17:57:15.0875 3524 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/03/23 17:57:15.0921 3524 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/03/23 17:57:15.0953 3524 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/03/23 17:57:16.0000 3524 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/23 17:57:16.0062 3524 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/03/23 17:57:16.0093 3524 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/03/23 17:57:16.0125 3524 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/03/23 17:57:16.0187 3524 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/23 17:57:16.0218 3524 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/03/23 17:57:16.0265 3524 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/03/23 17:57:16.0296 3524 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/03/23 17:57:16.0375 3524 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/23 17:57:16.0406 3524 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/23 17:57:16.0484 3524 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/23 17:57:16.0531 3524 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/23 17:57:16.0656 3524 BCM43XX (c89327377d4b62dc792e8930ea55f571) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/03/23 17:57:16.0718 3524 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/23 17:57:16.0812 3524 btaudio (4b43dfe1c1fbb305a1dc5504ef9bb34e) C:\WINDOWS\system32\drivers\btaudio.sys
2011/03/23 17:57:16.0875 3524 BTDriver (2f9f111d31aa3fbbe5781d829a4524e6) C:\WINDOWS\system32\DRIVERS\btport.sys
2011/03/23 17:57:16.0968 3524 BTKRNL (b4355289cb2ebcc91ae995f916d271b7) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2011/03/23 17:57:17.0046 3524 BTWDNDIS (485020a1e1fc5c51a800ca69c618d881) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
2011/03/23 17:57:17.0093 3524 btwhid (949eca9c56f657c06d3166d51f3226c7) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2011/03/23 17:57:17.0140 3524 BTWUSB (fac7e5965162c70d184dfe92b4bcbd1b) C:\WINDOWS\system32\Drivers\btwusb.sys
2011/03/23 17:57:17.0234 3524 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/03/23 17:57:17.0281 3524 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/23 17:57:17.0328 3524 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/23 17:57:17.0375 3524 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/03/23 17:57:17.0437 3524 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/23 17:57:17.0500 3524 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/23 17:57:17.0546 3524 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/23 17:57:17.0640 3524 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/23 17:57:17.0687 3524 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/03/23 17:57:17.0734 3524 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/23 17:57:17.0796 3524 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/03/23 17:57:17.0843 3524 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/03/23 17:57:17.0875 3524 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/03/23 17:57:17.0953 3524 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/23 17:57:18.0046 3524 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/23 17:57:18.0093 3524 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/23 17:57:18.0140 3524 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/23 17:57:18.0203 3524 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/23 17:57:18.0265 3524 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/03/23 17:57:18.0312 3524 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/23 17:57:18.0406 3524 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/23 17:57:18.0453 3524 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/23 17:57:18.0484 3524 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/23 17:57:18.0515 3524 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/23 17:57:18.0562 3524 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/23 17:57:18.0593 3524 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/23 17:57:18.0640 3524 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/23 17:57:18.0687 3524 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/23 17:57:18.0734 3524 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/23 17:57:18.0812 3524 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/03/23 17:57:18.0906 3524 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/23 17:57:18.0953 3524 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/23 17:57:18.0984 3524 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/03/23 17:57:19.0031 3524 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/23 17:57:19.0375 3524 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/03/23 17:57:19.0734 3524 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/23 17:57:19.0843 3524 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/03/23 17:57:19.0906 3524 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/23 17:57:19.0984 3524 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/23 17:57:20.0015 3524 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/23 17:57:20.0046 3524 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/23 17:57:20.0078 3524 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/23 17:57:20.0125 3524 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/23 17:57:20.0171 3524 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/23 17:57:20.0203 3524 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/23 17:57:20.0265 3524 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/23 17:57:20.0296 3524 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/23 17:57:20.0343 3524 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/23 17:57:20.0375 3524 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/23 17:57:20.0515 3524 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/23 17:57:20.0578 3524 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/23 17:57:20.0625 3524 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/23 17:57:20.0656 3524 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/23 17:57:20.0687 3524 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/03/23 17:57:20.0734 3524 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/23 17:57:20.0796 3524 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/23 17:57:20.0859 3524 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/23 17:57:20.0921 3524 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/23 17:57:20.0968 3524 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/23 17:57:21.0000 3524 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/23 17:57:21.0046 3524 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/23 17:57:21.0078 3524 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/23 17:57:21.0109 3524 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/23 17:57:21.0140 3524 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/23 17:57:21.0203 3524 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/23 17:57:21.0234 3524 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/23 17:57:21.0281 3524 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/23 17:57:21.0328 3524 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/23 17:57:21.0343 3524 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/23 17:57:21.0406 3524 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/23 17:57:21.0437 3524 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/23 17:57:21.0515 3524 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/23 17:57:21.0593 3524 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/23 17:57:21.0640 3524 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/23 17:57:21.0703 3524 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/23 17:57:21.0781 3524 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/23 17:57:21.0812 3524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/23 17:57:21.0843 3524 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/23 17:57:21.0875 3524 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/23 17:57:21.0937 3524 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/23 17:57:21.0968 3524 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/23 17:57:22.0015 3524 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/23 17:57:22.0062 3524 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/23 17:57:22.0125 3524 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/23 17:57:22.0171 3524 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/23 17:57:22.0328 3524 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/03/23 17:57:22.0359 3524 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/03/23 17:57:22.0468 3524 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/23 17:57:22.0515 3524 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/23 17:57:22.0546 3524 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/23 17:57:22.0593 3524 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/03/23 17:57:22.0625 3524 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/03/23 17:57:22.0656 3524 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/03/23 17:57:22.0687 3524 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/03/23 17:57:22.0734 3524 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/03/23 17:57:22.0781 3524 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/23 17:57:22.0828 3524 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/23 17:57:22.0875 3524 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/23 17:57:22.0906 3524 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/23 17:57:22.0968 3524 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/23 17:57:23.0015 3524 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/23 17:57:23.0093 3524 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/23 17:57:23.0140 3524 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/23 17:57:23.0203 3524 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/23 17:57:23.0312 3524 SBRE (c1ae5d1f53285d79a0b73a62af20734f) C:\WINDOWS\system32\drivers\SBREDrv.sys
2011/03/23 17:57:23.0375 3524 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/03/23 17:57:23.0406 3524 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/23 17:57:23.0484 3524 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/23 17:57:23.0546 3524 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/23 17:57:23.0656 3524 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/03/23 17:57:23.0703 3524 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/23 17:57:23.0781 3524 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/03/23 17:57:23.0843 3524 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/23 17:57:23.0875 3524 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/23 17:57:23.0984 3524 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/23 17:57:24.0125 3524 STHDA (32c6df3f7d1241fd8348498b31152131) C:\WINDOWS\system32\drivers\sthda.sys
2011/03/23 17:57:24.0203 3524 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/23 17:57:24.0250 3524 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/23 17:57:24.0296 3524 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/23 17:57:24.0343 3524 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/03/23 17:57:24.0390 3524 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/03/23 17:57:24.0421 3524 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/03/23 17:57:24.0453 3524 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/03/23 17:57:24.0531 3524 SynTP (c8cc806f0506e9f168750371d37eee18) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/03/23 17:57:24.0578 3524 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/23 17:57:24.0671 3524 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/23 17:57:24.0734 3524 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/23 17:57:24.0750 3524 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/23 17:57:24.0812 3524 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/23 17:57:24.0875 3524 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/03/23 17:57:24.0953 3524 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/23 17:57:24.0984 3524 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/03/23 17:57:25.0046 3524 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/23 17:57:25.0140 3524 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/23 17:57:25.0218 3524 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/23 17:57:25.0250 3524 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/23 17:57:25.0296 3524 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/23 17:57:25.0343 3524 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/23 17:57:25.0390 3524 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/03/23 17:57:25.0421 3524 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/23 17:57:25.0484 3524 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/03/23 17:57:25.0515 3524 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/03/23 17:57:25.0546 3524 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/23 17:57:25.0640 3524 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/23 17:57:25.0750 3524 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/23 17:57:25.0859 3524 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/03/23 17:57:25.0937 3524 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/23 17:57:25.0968 3524 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/23 17:57:26.0031 3524 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/23 17:57:26.0062 3524 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/23 17:57:26.0171 3524 yukonwxp (849494d3f85a45231744ca7470246c71) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/03/23 17:57:26.0500 3524 ================================================================================
2011/03/23 17:57:26.0500 3524 Scan finished
2011/03/23 17:57:26.0500 3524 ================================================================================
  • 0

#8
NeonFx

NeonFx

    Malware Removal Dude

  • Expert
  • 3,797 posts
Those are great results!

Please run OTL again and click on the Quick Scan button. Please copy and paste those results here for me.

Also, could you run AVG to see if these are still showing up?

"";"C:\WINDOWS\system32\winlogon.exe (780):\memory_00180000";"Trojan horse Agent_r.QS";"Object is inaccessible."

"";"C:\WINDOWS\system32\svchost.exe (2512):\memory_001a0000";"Trojan horse Agent_r.QS";"Object is inaccessible."

"";"C:\WINDOWS\system32\spoolsv.exe (1768):\memory_001a0000";"Trojan horse Agent_r.QS";"Object is inaccessible."



If they do, would it be possible to get me the full log of the scan? I'm not entirely sure how this is done in your version of AVG. Let me know if you need help with this.
  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Topic Starter
  • Malware Removal
  • 3,911 posts
New OTL Log:

OTL logfile created on: 3/23/2011 8:56:13 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Annie's\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 573.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 48.01 Gb Free Space | 85.90% Space Free | Partition Type: NTFS

Computer Name: ANNIE | User Name: Annie's | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/21 19:37:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Annie's\Desktop\OTL.exe
PRC - [2011/03/03 13:16:33 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/08/29 19:03:24 | 000,442,477 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2008/08/29 19:03:24 | 000,237,667 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2008/07/30 13:56:16 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/04/14 23:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 07:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe


========== Modules (SafeList) ==========

MOD - [2011/03/21 19:37:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Annie's\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/07/30 13:54:34 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2009/12/10 12:03:14 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2008/08/29 19:03:24 | 000,237,667 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)


========== Driver Services (SafeList) ==========

DRV - [2010/11/09 14:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2008/12/23 03:02:38 | 001,294,200 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/08/29 19:03:24 | 001,388,980 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/08/28 10:16:36 | 000,112,128 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/07/24 12:37:16 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/07/24 12:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008/07/24 12:37:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/06/27 13:02:00 | 000,289,024 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/05/30 06:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008/03/10 13:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008/02/04 12:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.Yahoo.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {E5002167-3434-4D59-9CD6-EA5338E7A122}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{E5002167-3434-4D59-9CD6-EA5338E7A122}: C:\Documents and Settings\Annie's\Local Settings\Application Data\{E5002167-3434-4D59-9CD6-EA5338E7A122} [2010/02/04 00:11:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/20 00:27:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/20 00:27:20 | 000,000,000 | ---D | M]

[2011/03/20 00:27:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Annie's\Application Data\Mozilla\Extensions
[2011/03/23 17:46:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Annie's\Application Data\Mozilla\Firefox\Profiles\l8tf1wh5.default\extensions
[2011/03/21 19:46:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Annie's\Application Data\Mozilla\Firefox\Profiles\l8tf1wh5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/20 00:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/02/04 00:11:06 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ANNIE'S\LOCAL SETTINGS\APPLICATION DATA\{E5002167-3434-4D59-9CD6-EA5338E7A122}
[2009/11/28 09:14:31 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT

O1 HOSTS File: ([2011/03/23 17:33:59 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1300571324421 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/23 17:56:48 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Annie's\Desktop\TDSSKiller.exe
[2011/03/23 17:34:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/23 17:33:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/21 22:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/21 22:24:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/21 22:22:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/21 22:22:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/21 22:22:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/21 22:22:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/21 22:22:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/21 22:22:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/03/21 22:08:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/21 19:47:09 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Annie's\Desktop\aswMBR.exe
[2011/03/21 19:37:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Annie's\Desktop\OTL.exe
[2011/03/20 15:35:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/03/20 15:34:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annie's\My Documents\Downloads
[2011/03/20 00:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annie's\Local Settings\Application Data\Mozilla
[2011/03/20 00:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annie's\Application Data\Mozilla
[2011/03/20 00:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/03/19 22:50:36 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/03/19 22:50:36 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2011/03/19 22:50:14 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/03/19 16:21:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Annie's\IECompatCache
[2011/03/19 14:16:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annie's\Application Data\Malwarebytes
[2011/03/19 14:16:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/19 14:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/19 14:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/19 14:15:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/19 14:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/19 12:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Annie's\Application Data\AVG10
[2011/03/19 12:14:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/19 12:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/19 12:11:58 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/03/19 12:02:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/19 11:56:48 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/03/18 21:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/03/18 15:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/03/17 20:02:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Annie's\PrivacIE
[2011/03/17 19:53:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Annie's\IETldCache

========== Files - Modified Within 30 Days ==========

[2011/03/23 19:38:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/23 17:39:55 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/23 17:39:55 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/23 17:35:11 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/23 17:35:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/23 17:35:05 | 1064,620,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/23 17:33:59 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/03/22 20:09:17 | 000,224,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/22 19:53:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/21 22:48:14 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Annie's\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/21 22:25:00 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/03/21 20:01:35 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Annie's\Desktop\6uontf8s.exe
[2011/03/21 20:00:55 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Annie's\Desktop\MBR.dat
[2011/03/21 19:58:50 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2011/03/21 19:47:38 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Annie's\Desktop\aswMBR.exe
[2011/03/21 19:37:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Annie's\Desktop\OTL.exe
[2011/03/21 19:20:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/20 00:27:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/03/20 00:27:24 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Annie's\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/20 00:27:24 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/19 23:59:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/19 22:45:51 | 085,803,008 | ---- | M] () -- C:\Documents and Settings\Annie's\Desktop\VIPRERescue8751.exe
[2011/03/19 13:06:52 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/17 19:53:51 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Annie's\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/10 12:27:00 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Annie's\Desktop\TDSSKiller.exe

========== Files Created - No Company Name ==========

[2011/03/21 22:25:00 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/03/21 22:24:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/21 22:22:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/21 22:22:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/21 22:22:37 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/21 22:22:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/21 22:22:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/21 20:01:34 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Annie's\Desktop\6uontf8s.exe
[2011/03/21 20:00:55 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Annie's\Desktop\MBR.dat
[2011/03/21 19:58:50 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/03/20 00:27:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/20 00:27:24 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Annie's\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/20 00:27:24 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/19 22:49:29 | 085,803,008 | ---- | C] () -- C:\Documents and Settings\Annie's\Desktop\VIPRERescue8751.exe
[2011/03/19 14:16:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/19 13:03:28 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/19 13:03:26 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/03/18 15:33:12 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/11/20 21:52:12 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Annie's\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/19 18:37:27 | 000,000,158 | ---- | C] () -- C:\Documents and Settings\Annie's\Application Data\wklnhst.dat
[2008/12/23 03:11:31 | 000,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/12/23 02:57:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/07/30 13:55:02 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/06/24 12:48:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/06/24 12:48:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/24 12:26:44 | 000,441,692 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/06/24 12:26:44 | 000,071,462 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/06/24 12:16:28 | 000,224,816 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/06/24 12:12:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/06/24 12:10:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/14 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/05/28 16:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 16:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/03/21 22:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/19 12:14:34 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/19 16:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/02/24 00:22:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2011/03/19 11:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/12/20 15:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/23 03:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/03/19 12:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Annie's\Application Data\AVG10
[2009/11/19 18:37:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Annie's\Application Data\Template
[2008/12/23 03:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Annie's\Application Data\TMP
[2009/11/21 17:00:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Annie's\Application Data\uTorrent

========== Purity Check ==========



< End of report >

This is all I could find for an AVG LOG:

"3/19/2011, 4:27:22 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is starting."
"3/19/2011, 4:27:27 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is running."
"3/19/2011, 4:27:52 PM";"NT AUTHORITY\SYSTEM";"General";"A new license number ----- activation."
"3/19/2011, 4:29:38 PM";"ANNIE\Annie's";"Update";"Update was started."
"3/19/2011, 4:31:59 PM";"ANNIE\Annie's";"Update";"Update completed."
"3/19/2011, 4:33:36 PM";"ANNIE\Annie's";"Scan";"User scan was started."
"3/19/2011, 4:51:52 PM";"ANNIE\Annie's";"Scan";"User scan was interrupted. Found 66 infected files and 0 warnings."
"3/19/2011, 4:54:34 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is stopping."
"3/19/2011, 4:54:36 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is stopped."
"3/19/2011, 4:57:46 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is starting."
"3/19/2011, 4:57:52 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is running."
"3/19/2011, 5:01:51 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is stopping."
"3/19/2011, 5:01:53 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is stopped."
"3/19/2011, 8:15:05 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is starting."
"3/19/2011, 8:15:07 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is running."
"3/19/2011, 8:18:17 PM";"NT AUTHORITY\SYSTEM";"Update";"Update was started."
"3/19/2011, 8:19:09 PM";"NT AUTHORITY\SYSTEM";"Update";"Update completed."
"3/19/2011, 10:37:42 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process USERINIT.EXE was detected."
"3/19/2011, 11:54:27 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is stopping."
"3/19/2011, 11:55:53 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is starting."
"3/19/2011, 11:55:54 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is running."
"3/19/2011, 11:56:13 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process WINLOGON.EXE was detected."
"3/19/2011, 11:56:28 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process WINLOGON.EXE was quarantined."
"3/19/2011, 11:56:35 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process IEXPLORE.EXE was detected."
"3/19/2011, 11:57:02 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process IEXPLORE.EXE was quarantined."
"3/19/2011, 11:57:07 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process USERINIT.EXE was detected."
"3/19/2011, 11:57:12 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process USERINIT.EXE was quarantined."
"3/19/2011, 11:57:18 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process USERINIT.EXE was detected."
"3/19/2011, 11:57:24 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process USERINIT.EXE was quarantined."
"3/19/2011, 11:57:30 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process WINLOGON.EXE was detected."
"3/19/2011, 11:57:33 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process WINLOGON.EXE was quarantined."
"3/19/2011, 11:57:39 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process IEXPLORE.EXE was detected."
"3/19/2011, 11:58:31 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process IEXPLORE.EXE was added to the allowed list."
"3/19/2011, 11:58:31 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process RKILL.COM was detected."
"3/19/2011, 11:58:42 PM";"NT AUTHORITY\SYSTEM";"IDP";"Process RKILL.COM was added to the allowed list."
"3/20/2011, 12:07:10 AM";"NT AUTHORITY\SYSTEM";"General";"AVG is stopping."
"3/20/2011, 12:07:13 AM";"NT AUTHORITY\SYSTEM";"General";"AVG is stopped."
"3/20/2011, 12:08:39 AM";"NT AUTHORITY\SYSTEM";"General";"AVG is starting."
"3/20/2011, 12:08:41 AM";"NT AUTHORITY\SYSTEM";"General";"AVG is running."
"3/20/2011, 12:34:21 AM";"ANNIE\Annie's";"Scan";"User scan was started."
"3/20/2011, 12:34:51 AM";"ANNIE\Annie's";"Scan";"User scan was interrupted. Found 58 infected files and 0 warnings."
"3/20/2011, 3:23:27 PM";"NT AUTHORITY\SYSTEM";"Update";"Update was started."
"3/20/2011, 3:24:48 PM";"NT AUTHORITY\SYSTEM";"Update";"Update completed."
"3/20/2011, 3:52:06 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is stopping."
"3/20/2011, 3:52:08 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is stopped."
"3/20/2011, 7:11:03 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is starting."
"3/20/2011, 7:11:05 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is running."
"3/20/2011, 7:13:23 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is stopping."
"3/20/2011, 7:13:26 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is stopped."
"3/21/2011, 7:20:43 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is starting."
"3/21/2011, 7:20:47 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is running."
"3/21/2011, 7:23:56 PM";"NT AUTHORITY\SYSTEM";"Update";"Update was started."
"3/21/2011, 7:29:57 PM";"NT AUTHORITY\SYSTEM";"Update";"Update completed."
"3/21/2011, 7:31:08 PM";"ANNIE\Annie's";"Scan";"User scan was started."
"3/21/2011, 7:38:37 PM";"ANNIE\Annie's";"Scan";"User scan was interrupted. Found 76 infected files and 0 warnings."
"3/21/2011, 8:38:52 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is stopping."
"3/21/2011, 8:38:54 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is stopped."
"3/21/2011, 8:40:26 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is starting."
"3/21/2011, 8:40:28 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is running."
"3/21/2011, 10:17:38 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is stopping."
"3/21/2011, 10:17:40 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is stopped."
"3/23/2011, 9:16:22 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is starting."
"3/23/2011, 9:16:27 PM";"NT AUTHORITY\SYSTEM";"General";"AVG is running."
"3/23/2011, 9:16:40 PM";"NT AUTHORITY\SYSTEM";"General";"A new license number ---- activation."
"3/23/2011, 9:18:32 PM";"ANNIE\Annie's";"Update";"Update was started."
"3/23/2011, 9:20:42 PM";"ANNIE\Annie's";"Update";"Update completed."
"3/23/2011, 9:20:50 PM";"ANNIE\Annie's";"Scan";"User scan was started."
"3/23/2011, 9:40:38 PM";"ANNIE\Annie's";"Scan";"User scan completed. Found 0 infected files and 0 warnings."
  • 0

#10
NeonFx

NeonFx

    Malware Removal Dude

  • Expert
  • 3,797 posts
That's great! AVG is no long finding infections.

Let's clean up a bit and run one more scan for giggles just to be sure we didn't miss anything.


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1
    
    :Commands
    [CLEARALLRESTOREPOINTS]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done






General Antivirus Scan:


Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply




Let me also know if there is anything else I can help you with, if you notice any symptoms, or if you have any questions.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP