Inactive Help with win32/heur

Status
Not open for further replies.
A

asouperman

Posts: 11   +0
I followed your 8 step removal and here are the logs.
Thank You
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5538

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

1/17/2011 2:28:38 PM
mbam-log-2011-01-17 (14-28-38).txt

Scan type: Quick scan
Objects scanned: 143474
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 59
Registry Values Infected: 6
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\msctfime.iem (Trojan.GamesThief) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360sd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360se.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360SoftMgrSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360speedld.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krnl360svc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kswebshield.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McNASvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcods.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC1.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPSVC2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msksrver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qutmserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfCtlCom.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TMBMSRV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TmProxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UfSeAgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zhudongfangyu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ÐÞ¸´¹¤¾ß.exe (Security.Hijack) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\gbvgbv12.exe (Trojan.GamesThief) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msctfime.iem (Trojan.GamesThief) -> Delete on reboot.
c:\WINDOWS\windowsupdata7.jpg (Trojan.Traces) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\gbvgbv07.exe (Trojan.OnlineGames) -> Quarantined and deleted successfully.


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-17 18:20:50
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HTS541010G9AT00 rev.MBZOA60A
Running: sqmeuizi[1].exe; Driver: C:\DOCUME~1\Tony\LOCALS~1\Temp\pxtdqpow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 5/19/2006 9:54:08 AM
System Uptime: 1/17/2011 6:15:32 PM (0 hours ago)

Motherboard: Gateway | |
Processor: AMD Turion(tm) 64 Mobile Technology ML-32 | Socket 754 | 1790/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 86 GiB total, 75.582 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 4.993 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_0300107B&REV_10\4&2EA2911C&0&0030
Manufacturer: Marvell
Name: Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4351&SUBSYS_0300107B&REV_10\4&2EA2911C&0&0030
Service: yukonwxp

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Flash Player 9 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
AiO_Scan_CDA
AiOSoftwareNPI
ArcSoft Software Suite
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 2011
Broadcom 802.11 Network Adapter
BufferChm
Conexant AC-Link Audio
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CustomerResearchQFolder
Destinations
DeviceManagementQFolder
DocProc
DVD Solution
eSupportQFolder
F300
F300_Help
F300Trb
Fax_CDA
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB895953)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HPProductAssistant
Internet Explorer Security Plugin 2006
J2SE Runtime Environment 5.0 Update 2
Malwarebytes' Anti-Malware
MarketResearch
Media-Codec 4.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Money 2006
Microsoft Office 2003 Web Components
Microsoft Office Standard Edition 2003
Microsoft Office XP Web Components
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
MyITLab ActiveX Installer 2.7.5.312
NewCopy_CDA
Power2Go 4.0
PowerDVD
ProductContextNPI
Public Messenger ver 2.03
QuickTime
Readme
RealPlayer Basic
Recovery Software Suite Gateway
Scan
ScannerCopy
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Soft Data Fax Modem with SmartCP
SolutionCenter
Status
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Backup Utility
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086

==== Event Viewer Messages From Past Week ========

1/17/2011 6:16:57 PM, error: System Error [1003] - Error code 000000f7, parameter1 84d9d000, parameter2 000062d8, parameter3 ffff9d27, parameter4 00000000.
1/17/2011 6:07:42 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
1/17/2011 6:07:40 PM, error: SRService [104] - The System Restore initialization process failed.
1/17/2011 2:17:16 PM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).
1/17/2011 2:17:16 PM, error: Service Control Manager [7034] - The Broadcom Wireless LAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
1/17/2011 2:17:16 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
1/17/2011 2:13:43 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
1/17/2011 2:13:28 PM, error: Service Control Manager [7023] - The COM+ Event System service terminated with the following error: Invalid access to memory location.
1/17/2011 1:58:18 PM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: Invalid access to memory location.
1/17/2011 1:58:14 PM, error: Workstation [5728] - Could not load any transport.
1/17/2011 1:36:46 PM, error: Service Control Manager [7023] - The Background Intelligent Transfer Service service terminated with the following error: The specified module could not be found.
1/17/2011 1:31:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde

==== End Of File ===========================

DDS (Ver_10-12-12.02) - NTFSx86
Run by Tony at 18:22:28.25 on Mon 01/17/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.368 [GMT -5:00]

AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe -k imgsvc
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ArcSoft\Software Suite\TotalMedia Backup & Record\uBBMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\Content.IE5\YTD33KFS\dds[1].scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6440
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6440
mWinlogon: SFCDisable=-99 (0xffffff9d)
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Cleanup] c:\docume~1\owner\locals~1\temp\2011116211644_mcappins.exe /v=3 /cleanup
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRun: [Power2GoExpress] NA
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\software suite\totalmedia backup & record\uBBMonitor.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: amaena.com
Trusted Zone: avsystemcare.com
Trusted Zone: gomyhit.com
Trusted Zone: imageservr.com
Trusted Zone: imagesrvr.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: storageguardsoft.com
Trusted Zone: trustedantivirus.com
Trusted Zone: virusschlacht.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
STS: {2be26361-58a2-4836-be57-b838f02fec3f} - No File

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-11-22 3226632]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2006-4-18 200576]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]

=============== Created Last 30 ================

2011-01-17 17:28:33 -------- d--h--w- C:\$AVG
2011-01-17 17:22:40 -------- d-----w- c:\docume~1\tony\applic~1\AVG10
2011-01-17 17:21:15 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-01-17 17:18:16 -------- d-----w- c:\windows\system32\drivers\AVG
2011-01-17 17:18:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-01-17 17:17:35 -------- d-----w- c:\program files\AVG
2011-01-17 17:05:03 267776 ----a-w- c:\windows\system32\ddraw.dll
2011-01-17 16:13:17 -------- d-----w- c:\docume~1\tony\applic~1\Malwarebytes
2011-01-17 16:12:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-17 16:12:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-17 16:12:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-17 16:12:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-17 15:29:51 -------- d-----w- c:\program files\CleanUp!
2011-01-17 13:52:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-01-17 13:50:05 -------- d-sh--w- c:\documents and settings\tony\PrivacIE
2011-01-17 13:26:01 -------- dc-h--w- c:\windows\ie8
2011-01-17 02:58:12 -------- d-----w- c:\windows\pss
2011-01-17 02:19:17 50232 ----a-w- c:\windows\system32\dbr24002.ocx
2011-01-17 02:19:17 33280 ----a-w- c:\windows\system32\gbvgbv24.exe
2011-01-17 02:19:09 33280 ----a-w- c:\windows\system32\gbvgbv23.exe
2011-01-17 02:18:53 33280 ----a-w- c:\windows\system32\gbvgbv21.exe
2011-01-17 02:18:45 33280 ----a-w- c:\windows\system32\gbvgbv20.exe
2011-01-17 02:18:36 33280 ----a-w- c:\windows\system32\gbvgbv19.exe
2011-01-17 02:18:28 33280 ----a-w- c:\windows\system32\gbvgbv18.exe
2011-01-17 02:18:20 33280 ----a-w- c:\windows\system32\gbvgbv16.exe
2011-01-17 02:18:12 33280 ----a-w- c:\windows\system32\gbvgbv15.exe
2011-01-17 02:18:04 33280 ----a-w- c:\windows\system32\gbvgbv02.exe
2011-01-17 02:17:56 33280 ----a-w- c:\windows\system32\gbvgbv14.exe
2011-01-17 02:17:48 33280 ----a-w- c:\windows\system32\gbvgbv05.exe
2011-01-17 02:17:40 33280 ----a-w- c:\windows\system32\gbvgbv22.exe
2011-01-17 02:17:39 49208 ----a-w- c:\windows\system32\dbr22002.ocx
2011-01-17 02:17:22 33280 ----a-w- c:\windows\system32\gbvgbv17.exe
2011-01-17 02:17:13 33280 ----a-w- c:\windows\system32\gbvgbv00.exe
2011-01-17 02:17:04 33280 ----a-w- c:\windows\system32\gbvgbv08.exe
2011-01-17 02:16:47 49208 ----a-w- c:\windows\system32\dbr01013.ocx
2011-01-17 02:16:47 33280 ----a-w- c:\windows\system32\gbvgbv01.exe
2011-01-17 02:16:39 33280 ----a-w- c:\windows\system32\gbvgbv10.exe
2011-01-17 02:16:31 33280 ----a-w- c:\windows\system32\gbvgbv13.exe
2011-01-17 02:16:06 33280 ----a-w- c:\windows\system32\gbvgbv11.exe
2011-01-17 02:15:58 33280 ----a-w- c:\windows\system32\gbvgbv06.exe
2011-01-17 02:15:50 33280 ----a-w- c:\windows\system32\gbvgbv09.exe
2011-01-17 02:15:42 33280 ----a-w- c:\windows\system32\gbvgbv03.exe

==================== Find3M ====================

2011-01-17 17:05:11 369152 ----a-w- c:\windows\system32\dsound.dll
2011-01-17 17:05:03 369152 ----a-w- c:\windows\system32\dsound.dll.bak
2011-01-17 17:01:58 267776 ----a-w- c:\windows\system32\ddraw.dll.bak
2011-01-17 17:01:49 793600 ----a-w- c:\windows\system32\comres.dll
2011-01-17 13:44:26 793600 ----a-w- c:\windows\system32\comres.dll.bak

============= FINISH: 18:23:48.04 ===============
 
Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBR

Here is the MBR report appremover failed to remove avg.


BRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 182):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xF7A72000 \WINDOWS\system32\KDCOM.DLL
0xF7982000 \WINDOWS\system32\BOOTVID.dll
0xF7443000 ACPI.sys
0xF7A74000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7432000 pci.sys
0xF7572000 isapnp.sys
0xF7986000 compbatt.sys
0xF798A000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B3A000 pciide.sys
0xF77F2000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A76000 aliide.sys
0xF7A78000 cmdide.sys
0xF7A7A000 toside.sys
0xF7A7C000 viaide.sys
0xF7A7E000 intelide.sys
0xF7414000 pcmcia.sys
0xF7582000 MountMgr.sys
0xF73F5000 ftdisk.sys
0xF77FA000 PartMgr.sys
0xF798E000 ACPIEC.sys
0xF7B3B000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF7592000 VolSnap.sys
0xF7992000 cpqarray.sys
0xF73DD000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF73C5000 atapi.sys
0xF7996000 aha154x.sys
0xF7802000 sparrow.sys
0xF799A000 symc810.sys
0xF75A2000 aic78xx.sys
0xF799E000 dac960nt.sys
0xF75B2000 ql10wnt.sys
0xF79A2000 amsint.sys
0xF780A000 asc.sys
0xF79A6000 asc3550.sys
0xF7812000 mraid35x.sys
0xF781A000 i2omp.sys
0xF79AA000 ini910u.sys
0xF75C2000 ql1240.sys
0xF75D2000 aic78u2.sys
0xF7822000 symc8xx.sys
0xF782A000 sym_hi.sys
0xF7832000 sym_u3.sys
0xF783A000 ABP480N5.SYS
0xF7842000 asc3350p.sys
0xF7A80000 cd20xrnt.sys
0xF75E2000 ultra.sys
0xF73AC000 adpu160m.sys
0xF784A000 dpti2o.sys
0xF75F2000 ql1080.sys
0xF7602000 ql1280.sys
0xF7612000 ql12160.sys
0xF7852000 perc2.sys
0xF7A82000 perc2hib.sys
0xF785A000 hpn.sys
0xF79AE000 cbidf2k.sys
0xF7380000 dac2w2k.sys
0xF7622000 disk.sys
0xF7632000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7360000 fltmgr.sys
0xF7349000 KSecDD.sys
0xF72BC000 Ntfs.sys
0xF728F000 NDIS.sys
0xF7642000 sisagp.sys
0xF7652000 viaagp.sys
0xF7662000 ohci1394.sys
0xF7672000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7275000 Mup.sys
0xF7862000 avgrkx86.sys
0xF7682000 AVGIDSEH.Sys
0xF7692000 agp440.sys
0xF76A2000 alim1541.sys
0xF76B2000 amdagp.sys
0xF76C2000 agpCPQ.sys
0xF76E2000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF76F2000 \SystemRoot\system32\DRIVERS\AmdK8.sys
0xF7A2E000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF702F000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF701B000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF78DA000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6FF7000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78E2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7702000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF78EA000 \SystemRoot\system32\drivers\Afc.sys
0xF7712000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7722000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6FD4000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7732000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7902000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6FA6000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A86000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7912000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF6F4B000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF6F23000 \SystemRoot\system32\drivers\tifm21.sys
0xF6F0F000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF6EB9000 \SystemRoot\system32\drivers\camc6hal.sys
0xF7742000 \SystemRoot\system32\drivers\camc6aud.sys
0xF6E95000 \SystemRoot\system32\drivers\portcls.sys
0xF7752000 \SystemRoot\system32\drivers\drmk.sys
0xF6DC4000 \SystemRoot\system32\DRIVERS\HSFHWATI.sys
0xF6CC6000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xF6C1A000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7942000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7952000 \SystemRoot\system32\DRIVERS\avgfwdx.sys
0xF7BE5000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7762000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A52000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6C03000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7772000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7782000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7972000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6BF2000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7792000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7882000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7892000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF77A2000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7A8E000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6B94000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A62000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF77B2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF77E2000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7168000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7255000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xF7A98000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C2B000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A9C000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78BA000 \SystemRoot\System32\drivers\vga.sys
0xF7AA0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AA4000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78CA000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78F2000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7160000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF2A01000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF29A8000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF2960000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xF293A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7245000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7235000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF2912000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7A32000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF28F0000 \SystemRoot\System32\drivers\afd.sys
0xF7225000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF28C5000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF2855000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF71F5000 \SystemRoot\System32\Drivers\Fips.SYS
0xF27F3000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF27B7000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xF276B000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF26DB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AFA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF270F000 \SystemRoot\System32\drivers\Dxapi.sys
0xF2A84000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7B96000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF04E000 \SystemRoot\System32\ati2cqag.dll
0xBF080000 \SystemRoot\System32\atikvmag.dll
0xBF0B2000 \SystemRoot\System32\ati3duag.dll
0xBF2E6000 \SystemRoot\System32\ativvaxx.dll
0xF055F000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xF0557000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF02E6000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7AC8000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xF6E45000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xF02DE000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF0154000 \SystemRoot\system32\DRIVERS\srv.sys
0xF025E000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xF0064000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xEFCB7000 \SystemRoot\system32\drivers\wdmaud.sys
0xF0104000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7AE4000
0xEFC6C000
0xEFE14000
0xEFE34000
0xEFC41000 \SystemRoot\system32\drivers\kmixer.sys
0xF7BCE000
0xEFA29000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEF8B0000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 51):
0 System Idle Process
4 System
840 C:\WINDOWS\system32\smss.exe
872 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
928 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
1076 csrss.exe
1116 C:\WINDOWS\system32\winlogon.exe
1188 C:\WINDOWS\system32\services.exe
1200 C:\WINDOWS\system32\lsass.exe
1424 C:\WINDOWS\system32\ati2evxx.exe
1444 C:\WINDOWS\system32\svchost.exe
1552 svchost.exe
1596 C:\WINDOWS\system32\svchost.exe
1708 svchost.exe
1748 svchost.exe
2040 C:\WINDOWS\system32\WLTRYSVC.EXE
116 C:\WINDOWS\system32\BCMWLTRY.EXE
192 C:\WINDOWS\system32\spoolsv.exe
272 svchost.exe
316 C:\Program Files\AVG\AVG10\avgfws.exe
620 C:\Program Files\AVG\AVG10\avgwdsvc.exe
824 C:\WINDOWS\system32\HPZipm12.exe
1052 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
1152 C:\WINDOWS\system32\svchost.exe
1328 wdfmgr.exe
1988 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
1204 C:\WINDOWS\system32\wuauclt.exe
2016 C:\Program Files\AVG\AVG10\avgam.exe
336 C:\Program Files\AVG\AVG10\avgnsx.exe
2084 C:\WINDOWS\system32\ati2evxx.exe
2228 wmiprvse.exe
2260 C:\WINDOWS\explorer.exe
3060 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
3128 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
3184 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3256 C:\Program Files\Internet Explorer\iexplore.exe
3268 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
3328 C:\WINDOWS\system32\WLTRAY.EXE
3416 C:\Program Files\QuickTime\qttask.exe
3640 C:\Program Files\AVG\AVG10\avgtray.exe
3892 C:\WINDOWS\system32\ctfmon.exe
3988 alg.exe
792 C:\Program Files\ArcSoft\Software Suite\TotalMedia Backup & Record\uBBMonitor.exe
2184 C:\Program Files\AVG\AVG10\avgcsrvx.exe
3764 C:\Program Files\Internet Explorer\iexplore.exe
2420 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
3056 C:\Program Files\Internet Explorer\iexplore.exe
3852 C:\Program Files\Internet Explorer\iexplore.exe
2568 C:\Documents and Settings\Tony\Local Settings\Temporary Internet Files\Content.IE5\MCLARLL7\MBRCheck[1].exe
1976 C:\WINDOWS\system32\wuauclt.exe
2644 C:\WINDOWS\SoftwareDistribution\Download\dde4ab1aadf2bde9aad7fd6adf8b4bae\update\update.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`b5ce7a00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: HTS541010G9AT00, Rev: MBZOA60A

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: B912FB73863AB8851B2740E0251894FAEECAF4CD


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
combofix

here is the combofix report.
Thank You for your help!

ComboFix 11-01-17.01 - Tony 01/17/2011 19:49:13.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.646 [GMT -5:00]
Running from: c:\documents and settings\Tony\My Documents\tony-log.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\media-codec
c:\program files\media-codec\ot.ico
c:\program files\media-codec\ts.ico
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\c_30218.nls
c:\windows\system32\dbr01013.ocx
c:\windows\system32\dbr22002.ocx
c:\windows\system32\dbr24002.ocx
c:\windows\system32\ddraw.dll.bak
c:\windows\system32\gbvgbv00.exe
c:\windows\system32\gbvgbv01.exe
c:\windows\system32\gbvgbv02.exe
c:\windows\system32\gbvgbv03.exe
c:\windows\system32\gbvgbv05.exe
c:\windows\system32\gbvgbv06.exe
c:\windows\system32\gbvgbv08.exe
c:\windows\system32\gbvgbv09.exe
c:\windows\system32\gbvgbv10.exe
c:\windows\system32\gbvgbv11.exe
c:\windows\system32\gbvgbv13.exe
c:\windows\system32\gbvgbv14.exe
c:\windows\system32\gbvgbv15.exe
c:\windows\system32\gbvgbv16.exe
c:\windows\system32\gbvgbv17.exe
c:\windows\system32\gbvgbv18.exe
c:\windows\system32\gbvgbv19.exe
c:\windows\system32\gbvgbv20.exe
c:\windows\system32\gbvgbv21.exe
c:\windows\system32\gbvgbv22.exe
c:\windows\system32\gbvgbv23.exe
c:\windows\system32\gbvgbv24.exe
c:\windows\system32\stu2.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FORTER


((((((((((((((((((((((((( Files Created from 2010-12-18 to 2011-01-18 )))))))))))))))))))))))))))))))
.

2011-01-18 00:06 . 2011-01-18 00:06 -------- d-----w- c:\windows\system32\scripting
2011-01-18 00:06 . 2011-01-18 00:06 -------- d-----w- c:\windows\l2schemas
2011-01-18 00:06 . 2011-01-18 00:06 -------- d-----w- c:\windows\system32\en
2011-01-18 00:06 . 2011-01-18 00:06 -------- d-----w- c:\windows\system32\bits
2011-01-17 23:53 . 2011-01-17 23:53 -------- d-----w- c:\windows\EHome
2011-01-17 23:38 . 2011-01-17 23:38 -------- d-----w- c:\program files\Trend Micro
2011-01-17 17:21 . 2011-01-17 17:21 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-17 17:18 . 2011-01-18 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-01-17 17:17 . 2011-01-17 17:17 -------- d-----w- c:\program files\AVG
2011-01-17 17:05 . 2008-04-14 00:11 279552 ----a-w- c:\windows\system32\ddraw.dll
2011-01-17 16:12 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-17 16:12 . 2011-01-17 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-17 16:12 . 2011-01-17 16:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-17 16:12 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-17 15:29 . 2011-01-17 17:28 -------- d-----w- c:\program files\CleanUp!
2011-01-17 13:52 . 2011-01-17 17:17 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-01-17 13:44 . 2008-04-14 00:11 792064 ----a-w- c:\windows\system32\comres.dll
2011-01-17 13:44 . 2011-01-17 13:50 -------- d-----w- c:\documents and settings\Tony
2011-01-17 13:36 . 2011-01-17 13:36 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-01-17 13:33 . 2011-01-17 13:33 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2011-01-17 13:33 . 2011-01-17 13:33 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-01-17 13:32 . 2011-01-17 13:32 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2011-01-17 13:26 . 2011-01-17 13:27 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-17 17:05 . 2004-08-26 16:11 369152 ----a-w- c:\windows\system32\dsound.dll.bak
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-29 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-19 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
TotalMedia Backup & Record Monitor.lnk - c:\program files\ArcSoft\Software Suite\TotalMedia Backup & Record\uBBMonitor.exe [2006-12-10 266240]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [4/18/2006 7:44 PM 200576]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6440
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: amaena.com
Trusted Zone: avsystemcare.com
Trusted Zone: imageservr.com
Trusted Zone: imagesrvr.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: storageguardsoft.com
Trusted Zone: trustedantivirus.com
Trusted Zone: virusschlacht.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-All ATI Software - c:\program files\ATI Technologies\UninstallAll\AtiCimUn.exe
AddRemove-CNXT_AUDIO - c:\program files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE
AddRemove-CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_0300107B - c:\program files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_0300107B\HXFSETUP.EXE
AddRemove-Help and Support - c:\progra~1\VERIZO~1\HELPSU~1\Uninstall.exe
AddRemove-Internet Explorer Security Plugin 2006 - c:\program files\Media-Codec\iesuninst.exe
AddRemove-Media-Codec - c:\program files\Media-Codec\uninst.exe
AddRemove-Money2006b - c:\program files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe
AddRemove-MSNINST - c:\program files\MSN\MsnInstaller\msninst.exe
AddRemove-Public Messenger ver 2.03 - c:\program files\Media-Codec\pmuninst.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-17 19:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3884)
c:\windows\system32\SynTPFcs.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\wltrysvc.exe
c:\windows\System32\bcmwltry.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WLTRAY.exe
.
**************************************************************************
.
Completion time: 2011-01-17 19:58:12 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-18 00:58

Pre-Run: 80,790,265,856 bytes free
Post-Run: 80,704,266,240 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 63693A5F5EE41B023DE1BB0711375DC2
 
We need to double check your MBR...

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

=======================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
 
boot remover

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000001`b5ce7a00
Boot sector MD5 is: 1c2cb8572a044a14cace6d033e5575b7

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
eset file

C:\Documents and Settings\Owner\Shared\celebrate me home kenny.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Owner\Shared\listen beyonce.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Documents and Settings\Owner\Shared\love you i do jennifer hudson.mp3 WMA/TrojanDownloader.GetCodec.C trojan
C:\Documents and Settings\Owner\Shared\nothing bout love makes sense.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\ENU\ReadMe.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AntivirusGolden\Logs\scan_log_09242006-224536.html HTML/ScrInject.B.Gen virus
C:\Program Files\AntivirusGolden\Logs\scan_log_09252006-104518.html HTML/ScrInject.B.Gen virus
C:\Program Files\AntivirusGolden\Logs\scan_log_09252006-155229.html HTML/ScrInject.B.Gen virus
C:\Program Files\AntivirusGolden\Logs\scan_log_09252006-181946.html HTML/ScrInject.B.Gen virus
C:\Program Files\AntivirusGolden\Logs\scan_log_09252006-221753.html HTML/ScrInject.B.Gen virus
C:\Program Files\AntivirusGolden\Logs\scan_log_09262006-083922.html HTML/ScrInject.B.Gen virus
C:\Program Files\AntivirusGolden\Logs\scan_log_09262006-091741.html HTML/ScrInject.B.Gen virus
C:\Program Files\AntivirusGolden\Logs\scan_log_09262006-111052.html HTML/ScrInject.B.Gen virus
C:\Program Files\AntivirusGolden\Logs\scan_log_09272006-143254.html HTML/ScrInject.B.Gen virus
C:\Program Files\AntivirusGolden\Logs\scan_log_09272006-151138.html HTML/ScrInject.B.Gen virus
C:\Program Files\AntivirusGolden\Logs\scan_log_09272006-160449.html HTML/ScrInject.B.Gen virus
C:\Program Files\ArcSoft\Software Suite\Panorama Maker 4\Support\Help\How to shoot.htm HTML/ScrInject.B.Gen virus
C:\Program Files\ArcSoft\Software Suite\Panorama Maker 4\Support\Help\Shooting Checklist.htm HTML/ScrInject.B.Gen virus
C:\Program Files\ArcSoft\Software Suite\Panorama Maker 4\Support\Registration\registration.html HTML/ScrInject.B.Gen virus
C:\Program Files\ArcSoft\Software Suite\Photo Greeting Card\Support\Registration\registration.html HTML/ScrInject.B.Gen virus
C:\Program Files\ArcSoft\Software Suite\Scrapbook Creator\Web Registration\registration.html HTML/ScrInject.B.Gen virus
C:\Program Files\ArcSoft\Software Suite\TotalMedia Backup & Record\Support\Registration\registration.html HTML/ScrInject.B.Gen virus
C:\Program Files\ArcSoft\Software Suite\Web\webserve.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_cz.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_da.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_es.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_fr.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_ge.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_hu.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_id.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_in.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_it.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_jp.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_ko.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_ms.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_nl.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_pb.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_pl.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_pt.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_ru.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_sc.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_sk.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_sp.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_tr.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_us.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_zh.htm HTML/ScrInject.B.Gen virus
C:\Program Files\AVG\AVG10\Notification\BuyFull_zt.htm HTML/ScrInject.B.Gen virus
C:\Program Files\BigFix\__Data\BigFix\proxy.html HTML/ScrInject.B.Gen virus
C:\Program Files\BigFix\__Data\BigFix\TutorialPage1.html HTML/ScrInject.B.Gen virus
C:\Program Files\BigFix\__Data\BigFix\TutorialPage2.html HTML/ScrInject.B.Gen virus
C:\Program Files\BigFix\__Data\BigFix\TutorialPage3.html HTML/ScrInject.B.Gen virus
C:\Program Files\BigFix\__Data\BigFix\TutorialPage4.html HTML/ScrInject.B.Gen virus
C:\Program Files\BigFix\__Data\BigFix\TutorialPage5.html HTML/ScrInject.B.Gen virus
C:\Program Files\BigFix\__Data\BigFix\TutorialPage6.html HTML/ScrInject.B.Gen virus
C:\Program Files\BigFix\__Data\BigFix\TutorialPage7.html HTML/ScrInject.B.Gen virus
C:\Program Files\BigFix\__Data\BigFix\TutorialPage8.html HTML/ScrInject.B.Gen virus
C:\Program Files\BigFix\__Data\Gateway\ad.html HTML/ScrInject.B.Gen virus
C:\Program Files\BigFix\__Data\Gateway\ad_main.html HTML/ScrInject.B.Gen virus
C:\Program Files\CyberLink\Power2Go\Readme.htm HTML/ScrInject.B.Gen virus
C:\Program Files\CyberLink\Power2Go\p2go-upgrade\p2go-upgrade.htm HTML/ScrInject.B.Gen virus
C:\Program Files\CyberLink\PowerDVD\Readme.htm HTML/ScrInject.B.Gen virus
C:\Program Files\CyberLink\PowerDVD\AVSettings\Audio.htm HTML/ScrInject.B.Gen virus
C:\Program Files\CyberLink\PowerDVD\AVSettings\AVSetMenu.htm HTML/ScrInject.B.Gen virus
C:\Program Files\CyberLink\PowerDVD\AVSettings\Color.htm HTML/ScrInject.B.Gen virus
C:\Program Files\CyberLink\PowerDVD\AVSettings\Default.htm HTML/ScrInject.B.Gen virus
C:\Program Files\CyberLink\PowerDVD\AVSettings\Main.htm HTML/ScrInject.B.Gen virus
C:\Program Files\CyberLink\PowerDVD\AVSettings\Main_Audio.htm HTML/ScrInject.B.Gen virus
C:\Program Files\CyberLink\PowerDVD\AVSettings\Video.htm HTML/ScrInject.B.Gen virus
C:\Program Files\CyberLink\PowerDVD\pdvd6-dlx-audiopack\pdvd6-dvdaudio.htm HTML/ScrInject.B.Gen virus
C:\Program Files\CyberLink\PowerDVD\pdvd6-dlx-dts\pdvd6-dlx-dts.htm HTML/ScrInject.B.Gen virus
C:\Program Files\CyberLink\PowerDVD\pdvd6-interactual\pdvd6-interactual.htm HTML/ScrInject.B.Gen virus
C:\Program Files\CyberLink\PowerDVD\pdvd6-mobility\pdvd6-mobility.htm HTML/ScrInject.B.Gen virus
C:\Program Files\CyberLink\PowerDVD\pdvd6-upgrade\pdvd6-upgrade.htm HTML/ScrInject.B.Gen virus
C:\Program Files\CyberLink\PowerDVD\pdvd6_dolby\pdvd6-dolby.html HTML/ScrInject.B.Gen virus
C:\Program Files\HP\Digital Imaging\Skins\oov1\sc\scan.htm HTML/ScrInject.B.Gen virus
C:\Program Files\HP\Digital Imaging\Skins\oov1\ul\CamDate.htm HTML/ScrInject.B.Gen virus
C:\Program Files\HP\Digital Imaging\Skins\oov1\ul\DeviceSelect.htm HTML/ScrInject.B.Gen virus
C:\Program Files\HP\Digital Imaging\Skins\oov1\ul\PhotoDate.htm HTML/ScrInject.B.Gen virus
C:\Program Files\HP\Digital Imaging\Skins\oov1\ul\Progress.htm HTML/ScrInject.B.Gen virus
C:\Program Files\HP\Digital Imaging\Skins\oov1\ul\Startup.htm HTML/ScrInject.B.Gen virus
C:\Program Files\HP\Digital Imaging\Skins\oov1\ul\Summary.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Digital Image 2006\1033\Movies\adveditingpro.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Digital Image 2006\1033\Movies\exploringpro.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Digital Image 2006\1033\Movies\facepro.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Digital Image 2006\1033\Movies\organizepro.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Digital Image 2006\1033\Movies\touchuppro.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Digital Image 2006\Plug-Ins\Alien Skinformation.html HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\AccountsTutorial.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\backuphelp.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\BillsTutorial.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\BudgetTutorial.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\CreditTOC.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\finsrv_DLX.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\finsrv_PRM.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\finsrv_STD.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\GettingISP.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\gksell_DLX.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\invessentials.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\InvestmentQIFImport.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\InvestmentResearch.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\InvResearchOnline.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\LAUNCHER.HTM HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\newfeat.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\newfeat_lps.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\newfeat_std.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\newsvc.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\newsvc_biz.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\newsvc_prm.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\newsvc_std.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\osp_std.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\PocketPCInfo.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\privacy.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\quote.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\taxessentials.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Money 2006\MNYCoreFiles\WebCache\Tour.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Office\OFFICE11\INTLBAND.HTM HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Office\OFFICE11\1033\OFREADME.HTM HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Office\OFFICE11\1033\OLREADME.HTM HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Office\OFFICE11\1033\PPREADME.HTM HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Office\OFFICE11\1033\PVREADME.HTM HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Office\OFFICE11\1033\WDREADME.HTM HTML/ScrInject.B.Gen virus
C:\Program Files\Microsoft Office\OFFICE11\1033\XLREADME.HTM HTML/ScrInject.B.Gen virus
C:\Program Files\QuickTime\QuickTime Read Me.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Real\RealPlayer\playrlic.html HTML/ScrInject.B.Gen virus
C:\Program Files\Real\RealPlayer\Readme.html HTML/ScrInject.B.Gen virus
C:\Program Files\Slingo ® Deluxe\HowToPlay\HowToPlay.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Slingo ® Deluxe\HowToPlay\Pages\Contents.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Slingo ® Deluxe\HowToPlay\Pages\FAQ.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Slingo ® Deluxe\HowToPlay\Pages\Rules.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Slingo ® Deluxe\HowToPlay\Pages\Strategy.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Slingo ® Deluxe\HowToPlay\Pages\Welcome.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Verizon Online\Help Support\page\apperror.html HTML/ScrInject.B.Gen virus
C:\Program Files\Verizon Online\Help Support\page\auth_error.html HTML/ScrInject.B.Gen virus
C:\Program Files\Verizon Online\Help Support\page\error.html HTML/ScrInject.B.Gen virus
C:\Program Files\Verizon Online\Help Support\page\home.html HTML/ScrInject.B.Gen virus
C:\Program Files\Verizon Online\Help Support\page\index.html HTML/ScrInject.B.Gen virus
C:\Program Files\Verizon Online\Help Support\page\pocfrontdoor.html HTML/ScrInject.B.Gen virus
C:\Program Files\Verizon Online\Help Support\page\summary.html HTML/ScrInject.B.Gen virus
C:\Program Files\Verizon Online\Help Support\SmartBridge\AlertTmpl.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Verizon Online\Help Support\SmartBridge\AlertTmplType1.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Verizon Online\Help Support\SmartBridge\AlertTmplType2.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Verizon Online\Help Support\SmartBridge\AlertTmplType3.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Verizon Online\Help Support\SmartBridge\AlertTmplType4.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Verizon Online\Help Support\SmartBridge\AlertTmplType5.htm HTML/ScrInject.B.Gen virus
C:\Program Files\Verizon Online\Help Support\SmartBridge\SmartBridgeUpdate.htm HTML/ScrInject.B.Gen virus
C:\Qoobox\Quarantine\C\WINDOWS\system32\dbr01013.ocx.vir probably a variant of Win32/PSW.OnLineGames.QLH trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\dbr22002.ocx.vir probably a variant of Win32/PSW.OnLineGames.QLH trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\dbr24002.ocx.vir probably a variant of Win32/PSW.OnLineGames.QLH trojan
C:\WINDOWS\$NtServicePackUninstall$\userinit.exe a variant of Win32/TrojanDownloader.FakeAlert.AAB trojan
D:\MiniNT\system32\6to4.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\DHCP.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\AppMgmt.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\AudioSrv.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\CryptSvc.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\ERSvc.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\EventSystem.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\HidServ.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\Ias.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\Iprip.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\Irmon.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\LanmanServer.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\LanmanWorkstation.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\Messenger.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\Nla.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\Ntmssvc.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\NWCWorkstation.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\Nwsapagent.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\Rasauto.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\Remoteaccess.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\Schedule.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\Seclogon.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\SENS.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\Sharedaccess.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\SRService.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\Tapisrv.dll Win32/AutoRun.AntiAV.T worm
D:\MiniNT\system32\TrkWks.dll Win32/AutoRun.AntiAV.T worm
D:\i386\Apps\App04782\money\accoun~1.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\bakhelp.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\billst~1.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\budget~1.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\credit~2.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\finsrvd.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\finsrvp.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\finsrvs.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\gkselld.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\invess~1.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\invest~1.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\invest~2.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\invres~1.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\launcher.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\newfeat.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\newfeats.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\newfea~1.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\newsvc.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\newsvcb.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\newsvcp.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\newsvcs.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\osp_std.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\ppcinfo.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\privacy.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\quote.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\taxess~1.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\tour.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App04782\money\warranty.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App23139\releasenotes.html HTML/ScrInject.B.Gen virus
D:\i386\Apps\App31327\p2go\readme\read_chs.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App31327\p2go\readme\read_cht.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App31327\p2go\readme\read_deu.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App31327\p2go\readme\read_enu.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App31327\p2go\readme\read_esp.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App31327\p2go\readme\read_fra.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App31327\p2go\readme\read_ita.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App31327\p2go\readme\read_jpn.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App31327\p2go\readme\read_kor.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App31327\pdvd\readme\readchs.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App31327\pdvd\readme\readcht.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App31327\pdvd\readme\readdeu.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App31327\pdvd\readme\readenu.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App31327\pdvd\readme\readesp.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App31327\pdvd\readme\readfra.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App31327\pdvd\readme\readita.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App31327\pdvd\readme\readjpn.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App31327\pdvd\readme\readkor.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App01607\common\msshared\wkshared\oem\ws06warr.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App01607\pfiles\msworks\standard\help.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App01607\pfiles\msworks\standard\pages.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App01607\pfiles\msworks\standard\start.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App01607\pfiles\msworks\standard\tasks.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App01607\pfiles\msworks\standard\wksgsg.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App01607\pfiles\msworks\suite\help.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App01607\pfiles\msworks\suite\pages.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App01607\pfiles\msworks\suite\start.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App01607\pfiles\msworks\suite\tasks.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App01607\pfiles\msworks\suite\wksgsg.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App01607\pfiles\office\ppv\pvreadme.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App07342\readme.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App07342\setup.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App07342\files\pfiles\msoffice\office11\1033\ofreadme.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App07342\files\pfiles\msoffice\office11\1033\olreadme.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App07342\files\pfiles\msoffice\office11\1033\ppreadme.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App07342\files\pfiles\msoffice\office11\1033\pvreadme.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App07342\files\pfiles\msoffice\office11\1033\wdreadme.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App07342\files\pfiles\msoffice\office11\1033\xlreadme.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App23742\pi\1033\movies\advedi_1.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App23742\pi\1033\movies\explor_1.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App23742\pi\1033\movies\facepro.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App23742\pi\1033\movies\organi_1.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App23742\pi\1033\movies\touchu_1.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App23742\pi\plug_ins\aliens_1.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\actshell.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\amd.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\dtsgnup.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\msobshel.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\error\dialtone.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\html\dslmain\dslmain.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\html\dslmain\dsl_a.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\html\dslmain\dsl_b.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\html\oemcust\aolchoos.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\html\oemcust\bbgwbuy.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\html\oemcust\bbsetup.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\html\oemcust\byoachos.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\html\oemcust\espbasic.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\html\oemcust\espcc.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\html\oemcust\espquestion.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\html\oemcust\espterms.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\html\oemcust\espthankyou.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\html\oemcust\netscape.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\html\oemcust\oemcust.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\html\oemcust\sellbyoa.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\html\oemhw\oemhw.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\html\oemreg\oemadd.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\isperror\ispdtone.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\regerror\rdtone.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\setup\badeula.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\setup\compname.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\setup\dialup.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\setup\drdyisp.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\setup\drdyref.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\setup\fini.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\setup\ics.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\setup\isp.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\setup\miglist.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\setup\neweula.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\setup\oempriv.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\setup\prvcyms.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\setup\reg1.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\setup\reg3.htm HTML/ScrInject.B.Gen virus
D:\i386\Apps\App24318\setup\welcome.htm HTML/ScrInject.B.Gen virus
 
This doesn't look good.

I need some more info...
Is this legit Windows version?
What is drive D?
Are all those programs listed above, like Microsoft Office, CyberLink Power2Go, ArcSoft, AVG, etc. some downloaded, cracked applications?
 
legit

As far as i know it's all legit.someone gave me this laptop because it wouldn't work.
I don't know what d drive is
 
OK, we can try to clean it, but I can't guarantee, everything will work afterwards.
You don't know much about this computer, since it was given to you, but for me it looks like there is a lot of illegal cracked software there, including (maybe) Windows itself.

In my opinion, clean Windows installation would be the best choice here.

If you don't want to do this, or you can't do it.....

Let's start with re-running Eset and this time mark all found items for deletions.

Keep in mind my initial warning.
 
Status
Not open for further replies.

Similar threads

A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
379
trparky
T
E
Windows 11's latest feature will eliminate reboots for OS updates
Replies
17
Views
331
netman
netman
Shawn Knight
Microsoft adds spellcheck and autocorrect to Notepad
Replies
9
Views
174
arrowflash
A

Latest posts

Back