TechSpot

[Not curable - Virut] System check virus help!

Inactive
By jfkstunna
Jan 15, 2012
  1. jfkstunna

    jfkstunna TS Rookie Topic Starter Posts: 26

    dude everything your tellin me is not goin to work idk how else to put it.

    all ur advise is just makin my computer worse it was workin alot better b4 i asked for your advise i can tell ya that much. run a buisness off this computer imlosing money by the day and we havent gotten an inch closer to resolving the problem homie
     
  2. jfkstunna

    jfkstunna TS Rookie Topic Starter Posts: 26

    im running malwarebytes i skipped the anti virus scan when im done im goin to shoot you the log
     
  3. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    One more time....calm down or I'll close this topic.
    I've been trying to help you using my FREE TIME.
    If you don't like my advice, let me know.
    There is always an option to call "Geek Squad" and they'll fix it for you for $300 or so.

    Consider this as a final warning.
     
  4. jfkstunna

    jfkstunna TS Rookie Topic Starter Posts: 26

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8303

    Windows 5.1.2600 Service Pack 2 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    1/16/2012 8:24:19 PM
    mbam-log-2012-01-16 (20-24-19).txt

    Scan type: Quick scan
    Objects scanned: 203759
    Time elapsed: 10 minute(s), 11 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 8
    Registry Values Infected: 2
    Registry Data Items Infected: 9
    Folders Infected: 1
    Files Infected: 17

    Memory Processes Infected:
    c:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> 196 -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (PUP.WebHancer) -> Not selected for removal.
    HKEY_CLASSES_ROOT\WhIeHelperObj.WhIeHelperObj.1 (PUP.WebHancer) -> Not selected for removal.
    HKEY_CLASSES_ROOT\WhIeHelperObj.WhIeHelperObj (PUP.WebHancer) -> Not selected for removal.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C900B400-CDFE-11D3-976A-00E02913A9E0} (PUP.WebHancer) -> Not selected for removal.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C900B400-CDFE-11D3-976A-00E02913A9E0} (PUP.WebHancer) -> Not selected for removal.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0} (PUP.WebHancer) -> Not selected for removal.
    HKEY_CLASSES_ROOT\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0} (PUP.WebHancer) -> Not selected for removal.
    HKEY_CLASSES_ROOT\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0} (PUP.WebHancer) -> Not selected for removal.

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\homep (Worm.SFDC) -> Value: homep -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\webHancer Agent (PUP.WebHancer) -> Value: webHancer Agent -> Not selected for removal.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    c:\program files\webhancer\Programs (PUP.WebHancer) -> Not selected for removal.

    Files Infected:
    c:\program files\webhancer\Programs\whiehlpr.dll (PUP.WebHancer) -> Not selected for removal.
    c:\WINDOWS\webhdll.dll (PUP.WebHancer) -> Not selected for removal.
    c:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\homep.exe (Worm.SFDC) -> Quarantined and deleted successfully.
    c:\documents and settings\administrator\puoiw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\WINDOWS\whAgent.inf (PUP.WebHancer) -> Not selected for removal.
    c:\WINDOWS\whinstaller.ini (PUP.WebHancer) -> Not selected for removal.
    c:\program files\webhancer\Programs\whAgent.exe (PUP.WebHancer) -> Not selected for removal.
    c:\program files\webhancer\Programs\license.txt (PUP.WebHancer) -> Not selected for removal.
    c:\program files\webhancer\Programs\regwebh.dll (PUP.WebHancer) -> Not selected for removal.
    c:\program files\webhancer\Programs\sporder.dll (PUP.WebHancer) -> Not selected for removal.
    c:\program files\webhancer\Programs\wbhshare.dll (PUP.WebHancer) -> Not selected for removal.
    c:\program files\webhancer\Programs\whAgent.ini (PUP.WebHancer) -> Not selected for removal.
    c:\program files\webhancer\Programs\whiedc.dll (PUP.WebHancer) -> Not selected for removal.
    c:\program files\webhancer\Programs\whiehlpr.ini (PUP.WebHancer) -> Not selected for removal.
    c:\program files\webhancer\Programs\whieshm.dll (PUP.WebHancer) -> Not selected for removal.
     
  5. jfkstunna

    jfkstunna TS Rookie Topic Starter Posts: 26

    my bad just a lil frustrated i never been up against such a mean virus its a lil never wreckin
     
  6. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    Go on.........
    We'll fix it if you stay calm.
     
  7. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    Why some items say "Not selected for removal."?
     
  8. jfkstunna

    jfkstunna TS Rookie Topic Starter Posts: 26

    oh i left unchecked on accident but i erased em they were in quarinteen or w/e
     
  9. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    We'll get back to it later.
    Go on....
     
  10. jfkstunna

    jfkstunna TS Rookie Topic Starter Posts: 26

    ok just ran the gmer (idk if i did it right or not)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-01-16 21:14:32
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3808110AS rev.3.AHH
    Running: lrxk2b2p.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwtyypoc.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  11. jfkstunna

    jfkstunna TS Rookie Topic Starter Posts: 26

    heres the dds log



    DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
    Internet Explorer: 8.0.6001.18702
    Run by Administrator at 21:22:14 on 2012-01-16
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2551.2366 [GMT -6:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\WINDOWS\system32\svchost -k rpcss
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\TEMP\BN9.tmp
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.searchqu.com/406
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: mefeediaTest: {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - c:\program files\mefeediatest\w3itemplateX.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
    BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi371a~1\datamngr\BROWSE~1.DLL
    BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
    BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: WhIeHelperObj Class: {c900b400-cdfe-11d3-976a-00e02913a9e0} - c:\progra~1\webhan~1\programs\whiehlpr.dll
    BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
    TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
    TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: mefeediaTest: {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - c:\program files\mefeediatest\w3itemplateX.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    TB: Norton Internet Security 2006: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
    TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
    EB: {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [tcpudp] c:\windows\BN6.tmp
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11c_ActiveX.exe -update activex
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
    mRun: [LayoutM] KLayMgr.exe
    mRun: [webHancer Agent] "c:\program files\webhancer\programs\whAgent.exe"
    mRun: [DC6_check] "c:\program files\common files\dc6_startupmon.exe"
    mRun: [ERS_check] "c:\program files\common files\ers_startupmon.exe"
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
    mRun: [kblxrhoj] c:\windows\system32\kblxrhoj.exe
    mRun: [LHUnnGkTMirhwy.exe] c:\documents and settings\all users\application data\LHUnnGkTMirhwy.exe
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    dRun: [kblxrhoj] c:\documents and settings\administrator\kblxrhoj.exe
    dRun: [tcpudp] c:\windows\BN9.tmp
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\flipto~1.lnk - c:\program files\fliptoast\fliptoast.exe
    IE: &Search - http://tbedits.televisionfanatic.co...D760-879A-41BB-838A-573F19F37738&n=2011101020
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\IEBHO.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 122.224.6.164 zeus.sunke.info
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\dv6prpfb.default\
    FF - prefs.js: browser.search.selectedEngine - Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
    FF - prefs.js: keyword.URL - hxxp://search.internet-search-results.com/?sid=10101199100&s=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.search.selectedEngine - Search
    FF - user.js: browser.search.order.1 - Search
    FF - user.js: keyword.URL - hxxp://search.internet-search-results.com/?sid=10101199100&s=
    ============= SERVICES / DRIVERS ===============
    .
    R3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2011-11-2 21648]
    S0 wjcpcy;wjcpcy;c:\windows\system32\drivers\wygvotb.sys --> c:\windows\system32\drivers\wygvotb.sys [?]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-16 435032]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-16 314456]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-16 20568]
    S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-16 44768]
    S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2011-11-2 16400]
    S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fbguard.exe [2011-10-18 118784]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-10 136176]
    S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2011-11-2 97808]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys --> c:\windows\system32\drivers\ew_hwusbdev.sys [?]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
    S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fbserver.exe [2011-10-18 3756032]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-10 136176]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
    S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
    S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2011-11-2 21904]
    S3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\drivers\uts_bus.sys [2010-9-23 84352]
    S3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\drivers\uts_mdfl.sys [2010-9-23 14976]
    S3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\drivers\uts_mdm.sys [2010-9-23 110848]
    S3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\uts_serd.sys [2010-9-23 90880]
    .
    =============== Created Last 30 ================
    .
    2012-01-17 03:17:22 -------- d-----w- C:\62bf302e7f51a6a67e9f70
    2012-01-17 03:07:09 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-01-17 03:07:00 41184 ----a-w- c:\windows\avastSS.scr
    2012-01-17 03:06:39 -------- d-----w- c:\program files\AVAST Software
    2012-01-17 03:06:39 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2012-01-17 03:02:16 -------- d-----w- C:\8e0396cf9782e310139902f668de4d
    2012-01-17 01:53:50 196608 ---ha-w- c:\windows\BN2.tmp
    2012-01-17 01:43:50 196608 ---ha-w- c:\windows\BN9.tmp
    2012-01-16 04:59:25 -------- d-----w- C:\Recovered Files
    2012-01-15 04:58:14 215552 ---ha-w- c:\windows\BN8.tmp
    2012-01-15 04:31:02 215552 ---ha-w- c:\windows\BN7.tmp
    2012-01-15 04:24:49 215552 ---ha-w- c:\windows\BN6.tmp
    2012-01-15 04:21:30 215552 ---ha-w- c:\windows\BN5.tmp
    2012-01-15 04:16:15 -------- d--h--w- c:\documents and settings\administrator\local settings\application data\Help
    2012-01-15 04:13:09 215552 ---ha-w- c:\windows\BN4.tmp
    2012-01-15 04:06:35 357632 ---ha-w- c:\documents and settings\all users\application data\I3NvjJDZntUHz0.exe
    2012-01-15 04:03:27 215552 ---ha-w- c:\windows\BNEF.tmp
    2012-01-15 04:03:03 -------- d--h--w- c:\documents and settings\all users\application data\WSTB
    2012-01-15 04:03:01 453376 ---ha-w- c:\documents and settings\all users\application data\LHUnnGkTMirhwy.exe
    2012-01-15 04:02:59 60928 ---ha-w- c:\windows\system32\kblxrhoj.exe
    2012-01-15 04:02:59 60928 ---ha-w- c:\documents and settings\administrator\kblxrhoj.exe
    2012-01-11 22:58:46 -------- d--h--w- c:\documents and settings\administrator\application data\com.w3i.FlipToast
    2012-01-11 22:58:37 -------- d--h--w- c:\program files\fliptoast
    2012-01-11 22:58:11 -------- d--h--w- c:\documents and settings\administrator\application data\w3itemplate
    2012-01-11 22:58:00 -------- d--h--w- c:\documents and settings\administrator\local settings\application data\Adobe
    2012-01-11 22:57:59 -------- d--h--w- c:\documents and settings\administrator\application data\mefeediatest
    2012-01-11 22:57:48 -------- d--h--w- c:\program files\mefeediatest
    2012-01-11 22:57:14 -------- d--h--w- c:\program files\ChicaLogic
    2012-01-11 22:57:06 -------- d--h--w- c:\documents and settings\all users\application data\Norton
    2012-01-11 22:57:02 -------- d--h--w- c:\documents and settings\all users\application data\NortonInstaller
    2012-01-09 06:20:28 626688 ---ha-w- c:\program files\mozilla firefox\msvcr80.dll
    2012-01-09 06:20:28 548864 ---ha-w- c:\program files\mozilla firefox\msvcp80.dll
    2012-01-09 06:20:28 479232 ---ha-w- c:\program files\mozilla firefox\msvcm80.dll
    2012-01-09 06:20:28 43992 ---ha-w- c:\program files\mozilla firefox\mozutils.dll
    2012-01-07 01:45:37 -------- d--h--w- c:\documents and settings\administrator\application data\Waves Audio
    2012-01-07 01:45:32 -------- d--h--w- c:\documents and settings\all users\application data\Waves Audio
    2012-01-07 01:41:45 -------- d--h--w- c:\program files\Steinberg
    2012-01-07 01:41:45 -------- d--h--w- c:\program files\common files\VST3
    2012-01-07 01:38:52 -------- d--h--w- c:\program files\Waves
    2012-01-02 23:34:35 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
    2012-01-02 23:34:35 -------- d--h--w- c:\program files\Free Offers from Freeze.com
    2012-01-02 23:34:10 -------- d--h--w- c:\documents and settings\all users\application data\WeCareReminder
    2011-12-22 02:21:23 -------- d--h--w- c:\documents and settings\administrator\local settings\application data\WinZip
    .
    ==================== Find3M ====================
    .
    2011-12-11 02:41:58 406528 ---ha-w- c:\windows\system32\ReWire.dll
    2011-12-11 02:41:58 338432 ---ha-w- c:\windows\system32\REX Shared Library.dll
    2011-11-15 03:20:44 77824 --sh--r- c:\documents and settings\administrator\puoiw.scr
    2011-11-14 22:25:19 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-12 00:25:53 1053696 ---ha-w- c:\windows\explorer.exe
    2011-10-24 19:29:02 94208 ---ha-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 19:29:02 69632 ---ha-w- c:\windows\system32\QuickTime.qts
    .
    ============= FINISH: 21:23:27.32 ===============
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    I still need Attach.txt part of DDS.

    Next....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  13. jfkstunna

    jfkstunna TS Rookie Topic Starter Posts: 26

    my bad heres the attach log


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/7/2006 5:36:11 PM
    System Uptime: 1/16/2012 8:33:13 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 09F8h
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | XU1 PROCESSOR | 2990/800mhz
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | XU1 PROCESSOR 2 | 2990/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 75 GiB total, 27.365 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP411: 10/15/2011 3:53:06 PM - System Checkpoint
    RP412: 10/17/2011 5:16:37 PM - System Checkpoint
    RP413: 10/18/2011 10:26:37 PM - System Checkpoint
    RP414: 10/19/2011 11:18:31 PM - System Checkpoint
    RP415: 10/21/2011 1:31:15 AM - System Checkpoint
    RP416: 10/25/2011 9:41:28 AM - System Checkpoint
    RP417: 10/26/2011 10:35:25 AM - System Checkpoint
    RP418: 10/29/2011 6:53:55 PM - System Checkpoint
    RP419: 11/1/2011 6:41:57 PM - Installed Pro Tools LE
    RP420: 11/1/2011 6:44:35 PM - Installed Digidesign Audio Drivers
    RP421: 11/2/2011 5:56:29 PM - Installed Free DigiRack Plug-Ins
    RP422: 11/2/2011 6:34:04 PM - Installed Pro Tools Creative Collection
    RP423: 11/2/2011 6:49:27 PM - Installed Pro Tools LE
    RP424: 11/2/2011 7:15:01 PM - Unsigned driver install
    RP425: 11/2/2011 7:19:42 PM - Installed Pro Tools LE
    RP426: 11/2/2011 7:20:28 PM - Installed Digidesign Audio Drivers
    RP427: 11/2/2011 7:24:04 PM - Installed Free DigiRack Plug-Ins
    RP428: 11/2/2011 7:30:29 PM - Installed QuickTime
    RP429: 11/3/2011 3:00:15 AM - Software Distribution Service 3.0
    RP430: 11/4/2011 5:44:37 PM - System Checkpoint
    RP431: 11/5/2011 10:24:23 PM - System Checkpoint
    RP432: 11/7/2011 3:07:31 AM - System Checkpoint
    RP433: 11/8/2011 3:24:11 AM - System Checkpoint
    RP434: 11/9/2011 9:31:19 AM - System Checkpoint
    RP435: 11/10/2011 7:05:31 PM - System Checkpoint
    RP436: 11/11/2011 5:25:54 PM - Software Distribution Service 3.0
    RP437: 11/11/2011 8:32:57 PM - Restore Operation
    RP438: 11/11/2011 8:45:24 PM - Installed WinZip 16.0
    RP439: 11/12/2011 3:00:15 AM - Software Distribution Service 3.0
    RP440: 11/13/2011 3:46:28 AM - System Checkpoint
    RP441: 11/14/2011 11:08:34 PM - System Checkpoint
    RP442: 11/15/2011 11:34:23 PM - System Checkpoint
    RP443: 11/17/2011 8:35:33 PM - System Checkpoint
    RP444: 11/18/2011 8:46:29 PM - System Checkpoint
    RP445: 11/19/2011 8:02:58 PM - Restore Operation
    RP446: 11/21/2011 12:12:31 AM - System Checkpoint
    RP447: 11/24/2011 2:02:00 AM - System Checkpoint
    RP448: 11/25/2011 3:30:04 AM - System Checkpoint
    RP449: 11/26/2011 4:39:37 PM - System Checkpoint
    RP450: 11/29/2011 11:12:12 PM - System Checkpoint
    RP451: 12/1/2011 5:57:07 PM - Restore Operation
    RP452: 12/2/2011 7:29:50 PM - System Checkpoint
    RP453: 12/3/2011 9:25:04 PM - System Checkpoint
    RP454: 12/4/2011 10:30:59 PM - System Checkpoint
    RP455: 12/6/2011 7:48:17 PM - System Checkpoint
    RP456: 12/8/2011 1:08:18 AM - System Checkpoint
    RP457: 12/11/2011 7:43:53 PM - System Checkpoint
    RP458: 12/12/2011 1:26:48 AM - Software Distribution Service 3.0
    RP459: 12/12/2011 5:59:37 AM - Printer Driver Microsoft XPS Document Writer Installed
    RP460: 12/13/2011 3:00:17 AM - Software Distribution Service 3.0
    RP461: 12/14/2011 3:00:15 AM - Software Distribution Service 3.0
    RP462: 12/15/2011 5:43:07 PM - Software Distribution Service 3.0
    RP463: 12/16/2011 3:00:15 AM - Software Distribution Service 3.0
    RP464: 12/17/2011 4:05:40 AM - System Checkpoint
    RP465: 12/18/2011 3:00:14 AM - Software Distribution Service 3.0
    RP466: 12/19/2011 5:44:19 AM - System Checkpoint
    RP467: 12/21/2011 12:23:55 AM - System Checkpoint
    RP468: 12/21/2011 8:20:35 PM - Removed WinZip 16.0
    RP469: 12/21/2011 8:20:49 PM - Installed WinZip 16.0
    RP470: 12/22/2011 11:23:57 PM - System Checkpoint
    RP471: 12/24/2011 11:53:07 PM - System Checkpoint
    RP472: 12/25/2011 11:57:50 PM - System Checkpoint
    RP473: 12/27/2011 1:37:17 AM - System Checkpoint
    RP474: 12/28/2011 6:08:31 PM - System Checkpoint
    RP475: 12/30/2011 9:37:18 PM - System Checkpoint
    RP476: 1/2/2012 5:40:40 PM - Removed InstallIQ Updater
    RP477: 1/2/2012 5:45:37 PM - Removed Security Update for CAPICOM (KB931906)
    RP478: 1/3/2012 9:14:31 PM - System Checkpoint
    RP479: 1/5/2012 11:21:23 PM - System Checkpoint
    RP480: 1/6/2012 7:43:40 PM - Removed Microsoft Visual C++ 2005 Redistributable
    RP481: 1/6/2012 7:44:07 PM - Installed Microsoft Visual C++ 2005 Redistributable
    RP482: 1/9/2012 1:35:19 AM - System Checkpoint
    RP483: 1/10/2012 7:14:16 PM - System Checkpoint
    RP484: 1/11/2012 2:20:58 PM - Software Distribution Service 3.0
    RP485: 1/12/2012 9:45:12 PM - System Checkpoint
    RP486: 1/14/2012 10:43:30 PM - Removed FlipToast
    RP487: 1/14/2012 10:50:34 PM - Restore Operation
    RP488: 1/14/2012 10:52:19 PM - Restore Operation
    RP489: 1/14/2012 10:55:18 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Apple Application Support
    Apple Software Update
    ASPCA TriMini Reminder by We-Care.com v5.0.5.1
    avast! Free Antivirus
    Bonjour
    Chica Password Manager 1.10.0.6
    Cowabanga by OIN
    Digidesign Audio Drivers 8.0
    Digidesign Pro Tools LE 8.0
    Firebird 2.5.0.26074 (Win32)
    Free DigiRack Plug-Ins 8.0
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB909394)
    Hotfix for Windows XP (KB914440)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB935448)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB981793)
    HP Help and Support 4.0
    Intel(R) Graphics Media Accelerator Driver
    Interlok driver setup x32
    Keyboard Layout Management Application
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MeFeedia
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSI to redistribute MS VS2005 CRT libraries
    MSXML 6 Service Pack 2 (KB973686)
    PhotoScape
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Reason 5.0
    SAM Broadcaster v4
    SAMSUNG USB Driver for Mobile Phones
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917422)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920214)
    Security Update for Windows XP (KB920670)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921398)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB922616)
    Security Update for Windows XP (KB922760)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923694)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925454)
    Security Update for Windows XP (KB925486)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928090)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB929969)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931768)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939653)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981350)
    Security Update for Windows XP (KB982381)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB904942)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911164)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB929338)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB932823-v3)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    UTStarcom USB Modem Software
    Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC_AR)
    Waves Complete VST RTAS TDM v7.1.16
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows iLivid Toolbar
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Hotfix - KB815304
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885270
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB886199
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    WinZip 16.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/16/2012 9:09:07 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. .
    1/16/2012 9:09:07 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\AvastUI.exe. Reference error message: The operation completed successfully. .
    1/16/2012 9:09:07 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
    1/16/2012 9:07:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    1/16/2012 7:44:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
    1/16/2012 7:43:13 PM, error: Dhcp [1002] - The IP address lease 192.168.0.11 for the Network Card with network address 0018717DDBB3 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
    1/15/2012 10:45:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    1/15/2012 10:29:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
    1/15/2012 10:29:59 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    1/15/2012 10:29:59 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/15/2012 10:29:59 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/15/2012 10:29:59 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    1/15/2012 10:29:59 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/15/2012 10:29:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/14/2012 10:59:17 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.
    1/14/2012 10:59:17 PM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The operation completed successfully.
    1/14/2012 10:57:57 PM, error: SRService [104] - The System Restore initialization process failed.
    1/11/2012 7:02:38 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    1/10/2012 5:32:33 PM, error: dalwdmservice [43] -
    .
    ==== End Of File ===========================
     
  14. jfkstunna

    jfkstunna TS Rookie Topic Starter Posts: 26

    the link to aws or w/e isnt workin is it avast?
    because i just installed it on the computer
     
  15. Broni

    Broni Malware Annihilator Posts: 47,691   +268

  16. jfkstunna

    jfkstunna TS Rookie Topic Starter Posts: 26

    aswmbr log

    aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-16 22:12:59
    -----------------------------
    22:12:59.531 OS Version: Windows 5.1.2600 Service Pack 2
    22:12:59.531 Number of processors: 2 586 0x403
    22:12:59.531 ComputerName: HP45411044018 UserName: Administrator
    22:12:59.937 Initialize success
    22:15:06.843 AVAST engine defs: 12011601
    22:15:21.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
    22:15:21.218 Disk 0 Vendor: ST3808110AS 3.AHH Size: 76319MB BusType: 3
    22:15:21.250 Disk 0 MBR read successfully
    22:15:21.265 Disk 0 MBR scan
    22:15:21.296 Disk 0 Windows XP default MBR code
    22:15:21.312 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
    22:15:21.343 Disk 0 scanning sectors +156280320
    22:15:21.421 Disk 0 scanning C:\WINDOWS\system32\drivers
    22:15:31.843 Service scanning
    22:15:35.421 Modules scanning
    22:15:41.109 Disk 0 trace - called modules:
    22:15:41.140 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    22:15:41.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84323908]
    22:15:41.156 3 CLASSPNP.SYS[ba0e905b] -> nt!IofCallDriver -> \Device\0000005d[0x84366948]
    22:15:41.187 5 ACPI.sys[ba05f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x843c1940]
    22:15:41.593 AVAST engine scan C:\WINDOWS
    22:15:43.968 File: C:\WINDOWS\BN2.tmp **INFECTED** Win32:Kryptik-GNH [Trj]
    22:15:44.078 File: C:\WINDOWS\BN4.tmp **INFECTED** Win32:Malware-gen
    22:15:44.187 File: C:\WINDOWS\BN5.tmp **INFECTED** Win32:Malware-gen
    22:15:44.296 File: C:\WINDOWS\BN6.tmp **INFECTED** Win32:Malware-gen
    22:15:44.421 File: C:\WINDOWS\BN7.tmp **INFECTED** Win32:Malware-gen
    22:15:44.531 File: C:\WINDOWS\BN8.tmp **INFECTED** Win32:Malware-gen
    22:15:44.640 File: C:\WINDOWS\BN9.tmp **INFECTED** Win32:Kryptik-GNH [Trj]
    22:15:44.734 File: C:\WINDOWS\BNA.tmp **INFECTED** Win32:Kryptik-GNH [Trj]
    22:15:44.859 File: C:\WINDOWS\BNEF.tmp **INFECTED** Win32:Malware-gen
    22:15:45.203 File: C:\WINDOWS\explorer.exe **INFECTED** Win32:Vitro
    22:15:45.500 File: C:\WINDOWS\hh.exe **INFECTED** Win32:Vitro
    22:15:46.171 File: C:\WINDOWS\IsUninst.exe **INFECTED** Win32:Vitro
    22:15:52.843 File: C:\WINDOWS\KLayMgr.exe **INFECTED** Win32:Vitro
    22:15:53.703 File: C:\WINDOWS\NOTEPAD.EXE **INFECTED** Win32:Vitro
    22:15:54.078 File: C:\WINDOWS\regedit.exe **INFECTED** Win32:Vitro
    22:15:54.609 File: C:\WINDOWS\TASKMAN.EXE **INFECTED** Win32:Vitro
    22:15:54.828 File: C:\WINDOWS\twunk_32.exe **INFECTED** Win32:Vitro
    22:15:54.953 File: C:\WINDOWS\UNWISE.EXE **INFECTED** Win32:Vitro
    22:15:55.375 File: C:\WINDOWS\winhlp32.exe **INFECTED** Win32:Vitro
    22:15:56.218 AVAST engine scan C:\WINDOWS\system32
    22:15:56.937 File: C:\WINDOWS\system32\accwiz.exe **INFECTED** Win32:Vitro
    22:15:57.234 File: C:\WINDOWS\system32\actmovie.exe **INFECTED** Win32:Vitro
    22:15:57.812 File: C:\WINDOWS\system32\ahui.exe **INFECTED** Win32:Vitro
    22:15:57.906 File: C:\WINDOWS\system32\alg.exe **INFECTED** Win32:Vitro
    22:15:58.375 File: C:\WINDOWS\system32\arp.exe **INFECTED** Win32:Vitro
    22:15:58.515 File: C:\WINDOWS\system32\asr_fmt.exe **INFECTED** Win32:Vitro
    22:15:58.593 File: C:\WINDOWS\system32\asr_ldm.exe **INFECTED** Win32:Vitro
    22:15:58.671 File: C:\WINDOWS\system32\asr_pfu.exe **INFECTED** Win32:Vitro
    22:15:58.812 File: C:\WINDOWS\system32\at.exe **INFECTED** Win32:Vitro
    22:15:59.062 File: C:\WINDOWS\system32\atmadm.exe **INFECTED** Win32:Vitro
    22:15:59.296 File: C:\WINDOWS\system32\attrib.exe **INFECTED** Win32:Vitro
    22:15:59.515 File: C:\WINDOWS\system32\auditusr.exe **INFECTED** Win32:Vitro
    22:16:00.328 File: C:\WINDOWS\system32\blastcln.exe **INFECTED** Win32:Vitro
    22:16:00.406 File: C:\WINDOWS\system32\bootcfg.exe **INFECTED** Win32:Vitro
    22:16:00.468 File: C:\WINDOWS\system32\bootok.exe **INFECTED** Win32:Vitro
    22:16:00.578 File: C:\WINDOWS\system32\bootvrfy.exe **INFECTED** Win32:Vitro
    22:16:01.156 File: C:\WINDOWS\system32\cacls.exe **INFECTED** Win32:Vitro
    22:16:01.281 File: C:\WINDOWS\system32\calc.exe **INFECTED** Win32:Vitro
    22:16:02.484 File: C:\WINDOWS\system32\charmap.exe **INFECTED** Win32:Vitro
    22:16:02.593 File: C:\WINDOWS\system32\chkdsk.exe **INFECTED** Win32:Vitro
    22:16:02.656 File: C:\WINDOWS\system32\chkntfs.exe **INFECTED** Win32:Vitro
    22:16:02.843 File: C:\WINDOWS\system32\cidaemon.exe **INFECTED** Win32:Vitro
    22:16:02.984 File: C:\WINDOWS\system32\cipher.exe **INFECTED** Win32:Vitro
    22:16:03.046 File: C:\WINDOWS\system32\cisvc.exe **INFECTED** Win32:Vitro
    22:16:03.125 File: C:\WINDOWS\system32\ckcnv.exe **INFECTED** Win32:Vitro
    22:16:03.406 File: C:\WINDOWS\system32\cleanmgr.exe **INFECTED** Win32:Vitro
    22:16:03.531 File: C:\WINDOWS\system32\cliconfg.exe **INFECTED** Win32:Vitro
    22:16:03.609 File: C:\WINDOWS\system32\clipbrd.exe **INFECTED** Win32:Vitro
    22:16:03.687 File: C:\WINDOWS\system32\clipsrv.exe **INFECTED** Win32:Vitro
    22:16:03.875 File: C:\WINDOWS\system32\cmd.exe **INFECTED** Win32:Vitro
    22:16:04.078 File: C:\WINDOWS\system32\cmdl32.exe **INFECTED** Win32:Vitro
    22:16:04.156 File: C:\WINDOWS\system32\cmmon32.exe **INFECTED** Win32:Vitro
    22:16:04.296 File: C:\WINDOWS\system32\cmstp.exe **INFECTED** Win32:Vitro
    22:16:04.953 File: C:\WINDOWS\system32\comp.exe **INFECTED** Win32:Vitro
    22:16:05.031 File: C:\WINDOWS\system32\compact.exe **INFECTED** Win32:Vitro
    22:16:05.812 File: C:\WINDOWS\system32\conime.exe **INFECTED** Win32:Vitro
    22:16:05.906 File: C:\WINDOWS\system32\control.exe **INFECTED** Win32:Vitro
    22:16:06.000 File: C:\WINDOWS\system32\convert.exe **INFECTED** Win32:Vitro
    22:16:06.578 File: C:\WINDOWS\system32\cscript.exe **INFECTED** Win32:Vitro
    22:16:06.812 File: C:\WINDOWS\system32\ctfmon.exe **INFECTED** Win32:Vitro
    22:16:08.890 File: C:\WINDOWS\system32\dcomcnfg.exe **INFECTED** Win32:Vitro
    22:16:08.984 File: C:\WINDOWS\system32\ddeshare.exe **INFECTED** Win32:Vitro
    22:16:09.187 File: C:\WINDOWS\system32\defrag.exe **INFECTED** Win32:Vitro
    22:16:09.468 File: C:\WINDOWS\system32\dfrgfat.exe **INFECTED** Win32:Vitro
    22:16:09.578 File: C:\WINDOWS\system32\dfrgntfs.exe **INFECTED** Win32:Vitro
    22:16:10.750 File: C:\WINDOWS\system32\diantz.exe **INFECTED** Win32:Vitro
    22:16:11.546 File: C:\WINDOWS\system32\diskpart.exe **INFECTED** Win32:Vitro
    22:16:11.625 File: C:\WINDOWS\system32\diskperf.exe **INFECTED** Win32:Vitro
    22:16:11.765 File: C:\WINDOWS\system32\dllhost.exe **INFECTED** Win32:Vitro
    22:16:11.843 File: C:\WINDOWS\system32\dllhst3g.exe **INFECTED** Win32:Vitro
    22:16:11.953 File: C:\WINDOWS\system32\dmadmin.exe **INFECTED** Win32:Vitro
    22:16:12.312 File: C:\WINDOWS\system32\dmremote.exe **INFECTED** Win32:Vitro
    22:16:13.046 File: C:\WINDOWS\system32\doskey.exe **INFECTED** Win32:Vitro
    22:16:13.187 File: C:\WINDOWS\system32\dplaysvr.exe **INFECTED** Win32:Vitro
    22:16:13.531 File: C:\WINDOWS\system32\dpnsvr.exe **INFECTED** Win32:Vitro
    22:16:13.687 File: C:\WINDOWS\system32\dpvsetup.exe **INFECTED** Win32:Vitro
    22:16:13.859 File: C:\WINDOWS\system32\driverquery.exe **INFECTED** Win32:Vitro
    22:16:14.109 File: C:\WINDOWS\system32\drmupgds.exe **INFECTED** Win32:Vitro
    22:16:14.406 File: C:\WINDOWS\system32\drwtsn32.exe **INFECTED** Win32:Vitro
    22:16:15.046 File: C:\WINDOWS\system32\dumprep.exe **INFECTED** Win32:Vitro
    22:16:15.203 File: C:\WINDOWS\system32\dvdplay.exe **INFECTED** Win32:Vitro
    22:16:15.265 File: C:\WINDOWS\system32\dvdupgrd.exe **INFECTED** Win32:Vitro
    22:16:15.390 File: C:\WINDOWS\system32\dwwin.exe **INFECTED** Win32:Vitro
    22:16:15.734 File: C:\WINDOWS\system32\dxdiag.exe **INFECTED** Win32:Vitro
    22:16:17.015 File: C:\WINDOWS\system32\esentutl.exe **INFECTED** Win32:Vitro
    22:16:17.109 File: C:\WINDOWS\system32\eudcedit.exe **INFECTED** Win32:Vitro
    22:16:17.234 File: C:\WINDOWS\system32\eventcreate.exe **INFECTED** Win32:Vitro
    22:16:17.375 File: C:\WINDOWS\system32\eventtriggers.exe **INFECTED** Win32:Vitro
    22:16:17.453 File: C:\WINDOWS\system32\eventvwr.exe **INFECTED** Win32:Vitro
    22:16:17.656 File: C:\WINDOWS\system32\expand.exe **INFECTED** Win32:Vitro
    22:16:17.875 File: C:\WINDOWS\system32\extrac32.exe **INFECTED** Win32:Vitro
    22:16:18.078 File: C:\WINDOWS\system32\fc.exe **INFECTED** Win32:Vitro
    22:16:18.343 File: C:\WINDOWS\system32\find.exe **INFECTED** Win32:Vitro
    22:16:18.421 File: C:\WINDOWS\system32\findstr.exe **INFECTED** Win32:Vitro
    22:16:18.500 File: C:\WINDOWS\system32\finger.exe **INFECTED** Win32:Vitro
    22:16:18.640 File: C:\WINDOWS\system32\fixmapi.exe **INFECTED** Win32:Vitro
    22:16:18.906 File: C:\WINDOWS\system32\fltmc.exe **INFECTED** Win32:Vitro
    22:16:19.390 File: C:\WINDOWS\system32\fontview.exe **INFECTED** Win32:Vitro
    22:16:19.468 File: C:\WINDOWS\system32\forcedos.exe **INFECTED** Win32:Vitro
    22:16:19.625 File: C:\WINDOWS\system32\freecell.exe **INFECTED** Win32:Vitro
    22:16:19.718 File: C:\WINDOWS\system32\fsquirt.exe **INFECTED** Win32:Vitro
    22:16:19.843 File: C:\WINDOWS\system32\fsutil.exe **INFECTED** Win32:Vitro
    22:16:19.921 File: C:\WINDOWS\system32\ftp.exe **INFECTED** Win32:Vitro
    22:16:20.500 File: C:\WINDOWS\system32\getmac.exe **INFECTED** Win32:Vitro
    22:16:20.859 File: C:\WINDOWS\system32\gpresult.exe **INFECTED** Win32:Vitro
    22:16:20.984 File: C:\WINDOWS\system32\gpupdate.exe **INFECTED** Win32:Vitro
    22:16:21.093 File: C:\WINDOWS\system32\grpconv.exe **INFECTED** Win32:Vitro
    22:16:21.609 File: C:\WINDOWS\system32\hdashcut.exe **INFECTED** Win32:Vitro
    22:16:21.843 File: C:\WINDOWS\system32\help.exe **INFECTED** Win32:Vitro
    22:16:22.343 File: C:\WINDOWS\system32\hkcmd.exe **INFECTED** Win32:Vitro
    22:16:22.640 File: C:\WINDOWS\system32\hostname.exe **INFECTED** Win32:Vitro
    22:16:25.390 File: C:\WINDOWS\system32\ie4uinit.exe **INFECTED** Win32:Vitro
    22:16:26.734 File: C:\WINDOWS\system32\ieudinit.exe **INFECTED** Win32:Vitro
    22:16:26.921 File: C:\WINDOWS\system32\iexpress.exe **INFECTED** Win32:Vitro
    22:16:27.109 File: C:\WINDOWS\system32\igfxcfg.exe **INFECTED** Win32:Vitro
    22:16:27.375 File: C:\WINDOWS\system32\igfxext.exe **INFECTED** Win32:Vitro
    22:16:27.484 File: C:\WINDOWS\system32\igfxpers.exe **INFECTED** Win32:Vitro
    22:16:28.718 File: C:\WINDOWS\system32\igfxsrvc.exe **INFECTED** Win32:Vitro
    22:16:28.828 File: C:\WINDOWS\system32\igfxtray.exe **INFECTED** Win32:Vitro
    22:16:28.937 File: C:\WINDOWS\system32\igfxzoom.exe **INFECTED** Win32:Vitro
    22:16:29.328 File: C:\WINDOWS\system32\imapi.exe **INFECTED** Win32:Vitro
    22:16:30.484 File: C:\WINDOWS\system32\ipconfig.exe **INFECTED** Win32:Vitro
    22:16:30.906 File: C:\WINDOWS\system32\ipsec6.exe **INFECTED** Win32:Vitro
    22:16:31.156 File: C:\WINDOWS\system32\ipv6.exe **INFECTED** Win32:Vitro
    22:16:31.421 File: C:\WINDOWS\system32\ipxroute.exe **INFECTED** Win32:Vitro
    22:16:34.140 File: C:\WINDOWS\system32\kblxrhoj.exe **INFECTED** Win32:Vitro
    22:16:34.843 File: C:\WINDOWS\system32\label.exe **INFECTED** Win32:Vitro
    22:16:35.375 File: C:\WINDOWS\system32\lights.exe **INFECTED** Win32:Vitro
    22:16:35.593 File: C:\WINDOWS\system32\lnkstub.exe **INFECTED** Win32:Vitro
    22:16:35.921 File: C:\WINDOWS\system32\locator.exe **INFECTED** Win32:Vitro
    22:16:36.000 File: C:\WINDOWS\system32\lodctr.exe **INFECTED** Win32:Vitro
    22:16:36.125 File: C:\WINDOWS\system32\logagent.exe **INFECTED** Win32:Vitro
    22:16:36.281 File: C:\WINDOWS\system32\logman.exe **INFECTED** Win32:Vitro
    22:16:36.359 File: C:\WINDOWS\system32\logoff.exe **INFECTED** Win32:Vitro
    22:16:36.468 File: C:\WINDOWS\system32\logon.scr **INFECTED** Win32:Vitro
    22:16:36.578 File: C:\WINDOWS\system32\logonui.exe **INFECTED** Win32:Vitro
    22:16:36.703 File: C:\WINDOWS\system32\lpq.exe **INFECTED** Win32:Vitro
    22:16:36.765 File: C:\WINDOWS\system32\lpr.exe **INFECTED** Win32:Vitro
    22:16:37.203 File: C:\WINDOWS\system32\magnify.exe **INFECTED** Win32:Vitro
    22:16:37.343 File: C:\WINDOWS\system32\makecab.exe **INFECTED** Win32:Vitro
    22:16:37.500 File: C:\WINDOWS\system32\MAPISRVR.EXE **INFECTED** Win32:Vitro
    22:16:39.781 File: C:\WINDOWS\system32\migpwd.exe **INFECTED** Win32:Vitro
    22:16:40.062 File: C:\WINDOWS\system32\mmc.exe **INFECTED** Win32:Vitro
    22:16:40.562 File: C:\WINDOWS\system32\mnmsrvc.exe **INFECTED** Win32:Vitro
    22:16:40.734 File: C:\WINDOWS\system32\mobsync.exe **INFECTED** Win32:Vitro
    22:16:41.015 File: C:\WINDOWS\system32\mountvol.exe **INFECTED** Win32:Vitro
    22:16:41.546 File: C:\WINDOWS\system32\mplay32.exe **INFECTED** Win32:Vitro
    22:16:41.625 File: C:\WINDOWS\system32\mpnotify.exe **INFECTED** Win32:Vitro
    22:16:42.000 File: C:\WINDOWS\system32\mqbkup.exe **INFECTED** Win32:Vitro
    22:16:42.640 File: C:\WINDOWS\system32\mqsvc.exe **INFECTED** Win32:Vitro
    22:16:42.750 File: C:\WINDOWS\system32\mqtgsvc.exe **INFECTED** Win32:Vitro
    22:16:43.031 File: C:\WINDOWS\system32\mrinfo.exe **INFECTED** Win32:Vitro
    22:16:44.703 File: C:\WINDOWS\system32\msdtc.exe **INFECTED** Win32:Vitro
    22:16:45.578 File: C:\WINDOWS\system32\msfeedssync.exe **INFECTED** Win32:Vitro
    22:16:45.796 File: C:\WINDOWS\system32\msg.exe **INFECTED** Win32:Vitro
    22:16:46.203 File: C:\WINDOWS\system32\mshearts.exe **INFECTED** Win32:Vitro
    22:16:46.328 File: C:\WINDOWS\system32\mshta.exe **INFECTED** Win32:Vitro
    22:16:47.250 File: C:\WINDOWS\system32\msiexec.exe **INFECTED** Win32:Vitro
    22:16:48.484 File: C:\WINDOWS\system32\mspaint.exe **INFECTED** Win32:Vitro
    22:16:49.859 File: C:\WINDOWS\system32\msswchx.exe **INFECTED** Win32:Vitro
    22:16:50.203 File: C:\WINDOWS\system32\mstinit.exe **INFECTED** Win32:Vitro
    22:16:50.359 File: C:\WINDOWS\system32\mstsc.exe **INFECTED** Win32:Vitro
    22:16:53.812 File: C:\WINDOWS\system32\narrator.exe **INFECTED** Win32:Vitro
    22:16:53.921 File: C:\WINDOWS\system32\nbtstat.exe **INFECTED** Win32:Vitro
    22:16:54.156 File: C:\WINDOWS\system32\nddeapir.exe **INFECTED** Win32:Vitro
    22:16:54.281 File: C:\WINDOWS\system32\net.exe **INFECTED** Win32:Vitro
    22:16:54.406 File: C:\WINDOWS\system32\net1.exe **INFECTED** Win32:Vitro
    22:16:54.734 File: C:\WINDOWS\system32\netdde.exe **INFECTED** Win32:Vitro
    22:16:55.406 File: C:\WINDOWS\system32\netsetup.exe **INFECTED** Win32:Vitro
    22:16:55.531 File: C:\WINDOWS\system32\netsh.exe **INFECTED** Win32:Vitro
    22:16:55.812 File: C:\WINDOWS\system32\netstat.exe **INFECTED** Win32:Vitro
    22:16:56.390 File: C:\WINDOWS\system32\notepad.exe **INFECTED** Win32:Vitro
    22:16:56.578 File: C:\WINDOWS\system32\nslookup.exe **INFECTED** Win32:Vitro
    22:16:56.718 File: C:\WINDOWS\system32\ntbackup.exe **INFECTED** Win32:Vitro
    22:16:58.015 File: C:\WINDOWS\system32\ntsd.exe **INFECTED** Win32:Vitro
    22:16:58.171 File: C:\WINDOWS\system32\ntvdm.exe **INFECTED** Win32:Vitro
    22:16:58.562 File: C:\WINDOWS\system32\nwscript.exe **INFECTED** Win32:Vitro
    22:16:59.046 File: C:\WINDOWS\system32\odbcad32.exe **INFECTED** Win32:Vitro
    22:16:59.203 File: C:\WINDOWS\system32\odbcconf.exe **INFECTED** Win32:Vitro
    22:17:00.468 File: C:\WINDOWS\system32\openfiles.exe **INFECTED** Win32:Vitro
    22:17:00.687 File: C:\WINDOWS\system32\osk.exe **INFECTED** Win32:Vitro
    22:17:00.812 File: C:\WINDOWS\system32\osuninst.exe **INFECTED** Win32:Vitro
    22:17:01.109 File: C:\WINDOWS\system32\packager.exe **INFECTED** Win32:Vitro
    22:17:01.250 File: C:\WINDOWS\system32\pathping.exe **INFECTED** Win32:Vitro
    22:17:01.531 File: C:\WINDOWS\system32\pentnt.exe **INFECTED** Win32:Vitro
    22:17:01.703 File: C:\WINDOWS\system32\perfmon.exe **INFECTED** Win32:Vitro
    22:17:02.218 File: C:\WINDOWS\system32\ping.exe **INFECTED** Win32:Vitro
    22:17:02.312 File: C:\WINDOWS\system32\ping6.exe **INFECTED** Win32:Vitro
    22:17:03.187 File: C:\WINDOWS\system32\powercfg.exe **INFECTED** Win32:Vitro
    22:17:03.796 File: C:\WINDOWS\system32\print.exe **INFECTED** Win32:Vitro
    22:17:04.109 File: C:\WINDOWS\system32\progman.exe **INFECTED** Win32:Vitro
    22:17:04.218 File: C:\WINDOWS\system32\proquota.exe **INFECTED** Win32:Vitro
    22:17:04.281 File: C:\WINDOWS\system32\proxycfg.exe **INFECTED** Win32:Vitro
    22:17:04.671 File: C:\WINDOWS\system32\qappsrv.exe **INFECTED** Win32:Vitro
    22:17:05.312 File: C:\WINDOWS\system32\qprocess.exe **INFECTED** Win32:Vitro
    22:17:06.140 File: C:\WINDOWS\system32\qwinsta.exe **INFECTED** Win32:Vitro
    22:17:06.421 File: C:\WINDOWS\system32\rasautou.exe **INFECTED** Win32:Vitro
    22:17:06.593 File: C:\WINDOWS\system32\rasdial.exe **INFECTED** Win32:Vitro
    22:17:07.000 File: C:\WINDOWS\system32\rasphone.exe **INFECTED** Win32:Vitro
    22:17:07.296 File: C:\WINDOWS\system32\rcimlby.exe **INFECTED** Win32:Vitro
    22:17:07.359 File: C:\WINDOWS\system32\rcp.exe **INFECTED** Win32:Vitro
    22:17:07.609 File: C:\WINDOWS\system32\rdpclip.exe **INFECTED** Win32:Vitro
    22:17:07.812 File: C:\WINDOWS\system32\rdsaddin.exe **INFECTED** Win32:Vitro
    22:17:07.906 File: C:\WINDOWS\system32\rdshost.exe **INFECTED** Win32:Vitro
    22:17:07.968 File: C:\WINDOWS\system32\recover.exe **INFECTED** Win32:Vitro
    22:17:08.109 File: C:\WINDOWS\system32\reg.exe **INFECTED** Win32:Vitro
    22:17:08.218 File: C:\WINDOWS\system32\regedt32.exe **INFECTED** Win32:Vitro
    22:17:08.296 File: C:\WINDOWS\system32\regini.exe **INFECTED** Win32:Vitro
    22:17:08.468 File: C:\WINDOWS\system32\regsvr32.exe **INFECTED** Win32:Vitro
    22:17:08.546 File: C:\WINDOWS\system32\regwiz.exe **INFECTED** Win32:Vitro
    22:17:08.734 File: C:\WINDOWS\system32\relog.exe **INFECTED** Win32:Vitro
    22:17:08.984 File: C:\WINDOWS\system32\replace.exe **INFECTED** Win32:Vitro
    22:17:09.046 File: C:\WINDOWS\system32\reset.exe **INFECTED** Win32:Vitro
    22:17:09.390 File: C:\WINDOWS\system32\rexec.exe **INFECTED** Win32:Vitro
    22:17:09.875 File: C:\WINDOWS\system32\route.exe **INFECTED** Win32:Vitro
    22:17:09.953 File: C:\WINDOWS\system32\routemon.exe **INFECTED** Win32:Vitro
    22:17:10.375 File: C:\WINDOWS\system32\rsh.exe **INFECTED** Win32:Vitro
    22:17:10.484 File: C:\WINDOWS\system32\rsm.exe **INFECTED** Win32:Vitro
    22:17:10.593 File: C:\WINDOWS\system32\rsmsink.exe **INFECTED** Win32:Vitro
    22:17:10.687 File: C:\WINDOWS\system32\rsmui.exe **INFECTED** Win32:Vitro
    22:17:10.781 File: C:\WINDOWS\system32\rsnotify.exe **INFECTED** Win32:Vitro
    22:17:10.921 File: C:\WINDOWS\system32\rsopprov.exe **INFECTED** Win32:Fiasco
    22:17:11.046 File: C:\WINDOWS\system32\rsvp.exe **INFECTED** Win32:Vitro
    22:17:11.234 File: C:\WINDOWS\system32\rtcshare.exe **INFECTED** Win32:Vitro
    22:17:11.546 File: C:\WINDOWS\system32\runas.exe **INFECTED** Win32:Vitro
    22:17:11.656 File: C:\WINDOWS\system32\rundll32.exe **INFECTED** Win32:Vitro
    22:17:11.750 File: C:\WINDOWS\system32\runonce.exe **INFECTED** Win32:Vitro
    22:17:11.843 File: C:\WINDOWS\system32\rwinsta.exe **INFECTED** Win32:Vitro
    22:17:12.156 File: C:\WINDOWS\system32\savedump.exe **INFECTED** Win32:Vitro
    22:17:12.359 File: C:\WINDOWS\system32\sc.exe **INFECTED** Win32:Vitro
    22:17:12.500 File: C:\WINDOWS\system32\scardsvr.exe **INFECTED** Win32:Vitro
    22:17:12.906 File: C:\WINDOWS\system32\schtasks.exe **INFECTED** Win32:Vitro
    22:17:13.062 File: C:\WINDOWS\system32\scrnsave.scr **INFECTED** Win32:Vitro
    22:17:13.250 File: C:\WINDOWS\system32\sdbinst.exe **INFECTED** Win32:Vitro
    22:17:13.390 File: C:\WINDOWS\system32\secedit.exe **INFECTED** Win32:Vitro
    22:17:13.890 File: C:\WINDOWS\system32\sessmgr.exe **INFECTED** Win32:Vitro
    22:17:13.984 File: C:\WINDOWS\system32\sethc.exe **INFECTED** Win32:Vitro
    22:17:14.078 File: C:\WINDOWS\system32\setup.exe **INFECTED** Win32:Vitro
    22:17:14.437 File: C:\WINDOWS\system32\sfc.exe **INFECTED** Win32:Vitro
    22:17:14.843 File: C:\WINDOWS\system32\shadow.exe **INFECTED** Win32:Vitro
    22:17:15.828 File: C:\WINDOWS\system32\shmgrate.exe **INFECTED** Win32:Vitro
    22:17:15.937 File: C:\WINDOWS\system32\shrpubw.exe **INFECTED** Win32:Vitro
    22:17:16.156 File: C:\WINDOWS\system32\shutdown.exe **INFECTED** Win32:Vitro
    22:17:16.265 File: C:\WINDOWS\system32\sigverif.exe **INFECTED** Win32:Vitro
    22:17:16.406 File: C:\WINDOWS\system32\skeys.exe **INFECTED** Win32:Vitro
    22:17:16.625 File: C:\WINDOWS\system32\smbinst.exe **INFECTED** Win32:Vitro
    22:17:16.796 File: C:\WINDOWS\system32\smlogsvc.exe **INFECTED** Win32:Vitro
    22:17:16.937 File: C:\WINDOWS\system32\sndrec32.exe **INFECTED** Win32:Vitro
    22:17:17.031 File: C:\WINDOWS\system32\sndvol32.exe **INFECTED** Win32:Vitro
    22:17:17.234 File: C:\WINDOWS\system32\sol.exe **INFECTED** Win32:Vitro
    22:17:17.312 File: C:\WINDOWS\system32\sort.exe **INFECTED** Win32:Vitro
    22:17:17.515 File: C:\WINDOWS\system32\spider.exe **INFECTED** Win32:Vitro
    22:17:17.609 File: C:\WINDOWS\system32\spiisupd.exe **INFECTED** Win32:Vitro
    22:17:17.859 File: C:\WINDOWS\system32\spnpinst.exe **INFECTED** Win32:Vitro
    22:17:18.093 File: C:\WINDOWS\system32\spoolsv.exe **INFECTED** Win32:Vitro
    22:17:18.859 File: C:\WINDOWS\system32\ss3dfo.scr **INFECTED** Win32:Vitro
    22:17:18.921 File: C:\WINDOWS\system32\ssbezier.scr **INFECTED** Win32:Vitro
    22:17:19.093 File: C:\WINDOWS\system32\ssflwbox.scr **INFECTED** Win32:Vitro
    22:17:19.156 File: C:\WINDOWS\system32\ssmarque.scr **INFECTED** Win32:Vitro
    22:17:19.250 File: C:\WINDOWS\system32\ssmypics.scr **INFECTED** Win32:Vitro
    22:17:19.343 File: C:\WINDOWS\system32\ssmyst.scr **INFECTED** Win32:Vitro
    22:17:19.468 File: C:\WINDOWS\system32\sspipes.scr **INFECTED** Win32:Vitro
    22:17:19.593 File: C:\WINDOWS\system32\ssstars.scr **INFECTED** Win32:Vitro
    22:17:19.703 File: C:\WINDOWS\system32\sstext3d.scr **INFECTED** Win32:Vitro
    22:17:19.906 File: C:\WINDOWS\system32\stimon.exe **INFECTED** Win32:Vitro
    22:17:20.312 File: C:\WINDOWS\system32\subst.exe **INFECTED** Win32:Vitro
    22:17:20.640 File: C:\WINDOWS\system32\syncapp.exe **INFECTED** Win32:Vitro
    22:17:20.906 File: C:\WINDOWS\system32\syskey.exe **INFECTED** Win32:Vitro
    22:17:21.078 File: C:\WINDOWS\system32\sysocmgr.exe **INFECTED** Win32:Vitro
    22:17:21.390 File: C:\WINDOWS\system32\systeminfo.exe **INFECTED** Win32:Vitro
    22:17:21.453 File: C:\WINDOWS\system32\systray.exe **INFECTED** Win32:Vitro
    22:17:21.953 File: C:\WINDOWS\system32\taskkill.exe **INFECTED** Win32:Vitro
    22:17:22.015 File: C:\WINDOWS\system32\tasklist.exe **INFECTED** Win32:Vitro
    22:17:22.109 File: C:\WINDOWS\system32\taskman.exe **INFECTED** Win32:Vitro
    22:17:22.203 File: C:\WINDOWS\system32\taskmgr.exe **INFECTED** Win32:Vitro
    22:17:22.265 File: C:\WINDOWS\system32\tcmsetup.exe **INFECTED** Win32:Vitro
    22:17:22.453 File: C:\WINDOWS\system32\tcpsvcs.exe **INFECTED** Win32:Vitro
    22:17:22.687 File: C:\WINDOWS\system32\telnet.exe **INFECTED** Win32:Vitro
    22:17:22.968 File: C:\WINDOWS\system32\tftp.exe **INFECTED** Win32:Vitro
    22:17:23.218 File: C:\WINDOWS\system32\tlntadmn.exe **INFECTED** Win32:Vitro
    22:17:23.343 File: C:\WINDOWS\system32\tlntsess.exe **INFECTED** Win32:Vitro
    22:17:23.484 File: C:\WINDOWS\system32\tlntsvr.exe **INFECTED** Win32:Vitro
    22:17:23.609 File: C:\WINDOWS\system32\tourstart.exe **INFECTED** Win32:Vitro
    22:17:23.734 File: C:\WINDOWS\system32\tracerpt.exe **INFECTED** Win32:Vitro
    22:17:23.828 File: C:\WINDOWS\system32\tracert.exe **INFECTED** Win32:Vitro
    22:17:23.890 File: C:\WINDOWS\system32\tracert6.exe **INFECTED** Win32:Vitro
    22:17:24.281 File: C:\WINDOWS\system32\tscon.exe **INFECTED** Win32:Vitro
    22:17:24.359 File: C:\WINDOWS\system32\tscupgrd.exe **INFECTED** Win32:Vitro
    22:17:24.531 File: C:\WINDOWS\system32\tsdiscon.exe **INFECTED** Win32:Vitro
    22:17:24.593 File: C:\WINDOWS\system32\tskill.exe **INFECTED** Win32:Vitro
    22:17:24.718 File: C:\WINDOWS\system32\tsshutdn.exe **INFECTED** Win32:Vitro
    22:17:24.984 File: C:\WINDOWS\system32\typeperf.exe **INFECTED** Win32:Vitro
    22:17:25.109 File: C:\WINDOWS\system32\tzchange.exe **INFECTED** Win32:Vitro
    22:17:25.812 File: C:\WINDOWS\system32\unlodctr.exe **INFECTED** Win32:Vitro
    22:17:25.984 File: C:\WINDOWS\system32\upnpcont.exe **INFECTED** Win32:Vitro
    22:17:26.203 File: C:\WINDOWS\system32\ups.exe **INFECTED** Win32:Vitro
    22:17:26.859 File: C:\WINDOWS\system32\userinit.exe **INFECTED** Win32:Vitro
    22:17:27.234 File: C:\WINDOWS\system32\usrmlnka.exe **INFECTED** Win32:Vitro
    22:17:27.359 File: C:\WINDOWS\system32\usrprbda.exe **INFECTED** Win32:Vitro
    22:17:27.515 File: C:\WINDOWS\system32\usrshuta.exe **INFECTED** Win32:Vitro
    22:17:27.781 File: C:\WINDOWS\system32\utilman.exe **INFECTED** Win32:Vitro
    22:17:27.875 File: C:\WINDOWS\system32\uwdf.exe **INFECTED** Win32:Vitro
    22:17:28.484 File: C:\WINDOWS\system32\verclsid.exe **INFECTED** Win32:Vitro
    22:17:28.578 File: C:\WINDOWS\system32\verifier.exe **INFECTED** Win32:Vitro
    22:17:28.906 File: C:\WINDOWS\system32\vssadmin.exe **INFECTED** Win32:Vitro
    22:17:29.078 File: C:\WINDOWS\system32\vssvc.exe **INFECTED** Win32:Vitro
    22:17:29.296 File: C:\WINDOWS\system32\w32tm.exe **INFECTED** Win32:Vitro
    22:17:29.843 File: C:\WINDOWS\system32\wdfmgr.exe **INFECTED** Win32:Vitro
    22:17:30.296 File: C:\WINDOWS\system32\wextract.exe **INFECTED** Win32:Vitro
    22:17:30.593 File: C:\WINDOWS\system32\wiaacmgr.exe **INFECTED** Win32:Vitro
    22:17:31.984 File: C:\WINDOWS\system32\WinFXDocObj.exe **INFECTED** Win32:Vitro
    22:17:32.093 File: C:\WINDOWS\system32\winhlp32.exe **INFECTED** Win32:Vitro
    22:17:32.562 File: C:\WINDOWS\system32\winmine.exe **INFECTED** Win32:Vitro
    22:17:32.796 File: C:\WINDOWS\system32\winmsd.exe **INFECTED** Win32:Vitro
    22:17:33.406 File: C:\WINDOWS\system32\winver.exe **INFECTED** Win32:Vitro
    22:17:38.359 File: C:\WINDOWS\system32\wpabaln.exe **INFECTED** Win32:Vitro
    22:17:39.015 File: C:\WINDOWS\system32\wpdshextautoplay.exe **INFECTED** Win32:Vitro
    22:17:39.421 File: C:\WINDOWS\system32\wpnpinst.exe **INFECTED** Win32:Vitro
    22:17:39.500 File: C:\WINDOWS\system32\write.exe **INFECTED** Win32:Vitro
    22:17:39.671 File: C:\WINDOWS\system32\wscntfy.exe **INFECTED** Win32:Vitro
    22:17:39.781 File: C:\WINDOWS\system32\wscript.exe **INFECTED** Win32:Vitro
    22:17:41.765 File: C:\WINDOWS\system32\WudfHost.exe **INFECTED** Win32:Vitro
    22:17:42.015 File: C:\WINDOWS\system32\wupdmgr.exe **INFECTED** Win32:Vitro
    22:17:42.578 File: C:\WINDOWS\system32\xcopy.exe **INFECTED** Win32:Vitro
    22:17:44.781 AVAST engine scan C:\WINDOWS\system32\drivers
    22:17:57.093 AVAST engine scan C:\Documents and Settings\Administrator
    22:18:52.968 File: C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{47676630-682F-4932-8BC7-A558F6E7A1B0}\ARPPRODUCTICON.exe **INFECTED** Win32:Vitro
    22:21:06.546 File: C:\Documents and Settings\Administrator\Application Data\Verizon\PCRC_ar\CommunicationManager_Android.exe **INFECTED** Win32:Vitro
    22:21:06.750 File: C:\Documents and Settings\Administrator\Application Data\Verizon\PCRC_ar\ToolLauncher.exe **INFECTED** Win32:Vitro
    22:23:41.453 File: C:\Documents and Settings\Administrator\Desktop\boot_cleaner.exe **INFECTED** Win32:Vitro
    22:23:52.734 File: C:\Documents and Settings\Administrator\Desktop\lrxk2b2p.exe **INFECTED** Win32:Vitro
    22:23:53.656 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\COMPRESSION UTILITIES\7-ZIP\7Z.EXE **INFECTED** Win32:Vitro
    22:23:57.281 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\DIAGNOSTIC\UNKNOWNDEVICES\UNKNOWNDEVICES.EXE **INFECTED** Win32:Vitro
    22:23:57.546 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\DIAGNOSTIC\UNKNOWNDEVICES\V1.2\UNKNOWNDEVICES.EXE **INFECTED** Win32:Vitro
    22:23:58.000 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\DIAGNOSTIC\WD DIAGNOSTICS\WINDLG.EXE **INFECTED** Win32:Vitro
    22:24:21.203 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\ISOLINUX\SYSLINUX.EXE **INFECTED** Win32:Vitro
    22:24:24.781 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\PRODUCT FIXES\SYMANTEC\CLEANDOWNLOAD.EXE **INFECTED** Win32:Vitro
    22:24:25.390 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\PRODUCT FIXES\SYMANTEC\FOR OLDER VERSIONS\RNAV2003.EXE **INFECTED** Win32:Vitro
    22:24:25.515 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\PRODUCT FIXES\SYMANTEC\FOR OLDER VERSIONS\RNIS UPGRADE.EXE **INFECTED** Win32:Vitro
    22:24:26.265 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\ATRIBUNE\ATF-CLEANER.EXE **INFECTED** Win32:Vitro
    22:24:26.359 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\ATRIBUNE\LOOK2ME-DESTROYER.EXE **INFECTED** Win32:Vitro
    22:24:28.031 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\CWSHREDDER\CWSHREDDER.EXE **INFECTED** Win32:Vitro
    22:24:28.156 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\MALWAREBYTES\ABOUTBUSTER\ABOUTBUSTER.EXE **INFECTED** Win32:Vitro
    22:24:28.296 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\MALWAREBYTES\E2TAKEOUT\E2TAKEOUT.EXE **INFECTED** Win32:Vitro
    22:24:28.515 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\MALWAREBYTES\QOOFIX\QOOFIX.EXE **INFECTED** Win32:Vitro
    22:24:28.656 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\MERIJN TOOLS\ADS SPY\ADSSPY.EXE **INFECTED** Win32:Vitro
    22:24:28.765 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\MERIJN TOOLS\BUGOFF\BUGOFF.EXE **INFECTED** Win32:Vitro
    22:24:28.875 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\MERIJN TOOLS\ITTY BITTY PROCESS MANAGER\IBPROCMAN.EXE **INFECTED** Win32:Vitro
    22:24:29.328 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\MERIJN TOOLS\KAZAABEGONE\KAZAABEGONE.EXE **INFECTED** Win32:Vitro
    22:24:29.734 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\MERIJN TOOLS\KILL2ME\KILL2ME.EXE **INFECTED** Win32:Vitro
    22:24:29.859 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\MERIJN TOOLS\STARTUPLIST\STARTUPLIST.EXE **INFECTED** Win32:Vitro
    22:24:29.984 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\OTHER\DESKBANDS.EXE **INFECTED** Win32:Vitro
    22:24:30.609 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MRI.EXE **INFECTED** Win32:Malware-gen
    22:24:33.343 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\WEB BROWSERS\OPERA\OPERA.EXE **INFECTED** Win32:Vitro
    22:24:34.218 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\WEB BROWSERS\OPERA\PROGRAM\PLUGINS\NETSCAPE.EXE **INFECTED** Win32:Vitro
    22:24:37.625 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\WINDOWS TOOLS\MISC\CMOSPWD\WINDOWS\CMOSPWD_WIN.EXE **INFECTED** Win32:Vitro
    22:24:38.234 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\WINDOWS TOOLS\WINDOWS APPS AND FILES\MSCONFIG\MSCONFIG (WIN2K).EXE **INFECTED** Win32:Vitro
    22:24:38.343 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\WINDOWS TOOLS\WINDOWS APPS AND FILES\MSCONFIG\MSCONFIG (WIN95).EXE **INFECTED** Win32:Vitro
    22:24:39.390 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\WINDOWS TOOLS\WINDOWS FIXES\DAF\DIAL-A-FIX.EXE **INFECTED** Win32:Vitro
    22:24:39.484 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\WINDOWS TOOLS\WINDOWS FIXES\DAF\SECEDIT.EXE **INFECTED** Win32:Vitro
    22:25:13.656 File: C:\Documents and Settings\Administrator\kblxrhoj.exe **INFECTED** Win32:Vitro
    22:40:19.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
    22:40:19.750 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
     
  17. jfkstunna

    jfkstunna TS Rookie Topic Starter Posts: 26

    bootkit log

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  18. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  19. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    Scratch that....
    I should have taken better look.

    I'm afraid I have very bad news.

    You are infected with a polymorphic file infector - Virut (called by Avast - Win32:Vitro). This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

    Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain following files:
    *.exe
    *.scr
    *.htm
    *.html
    *.xml
    *.zip
    *.rar
    *.doc
    *.jpg
    *.pdf

    Backup all your documents and important items only.
    DO NOT backup any files mentioned above.

    I suggest you do the following immediately:

    * Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
    * From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
    * DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

    For more information on Virut, and why you need to reformat, have a read of miekiemoes blog here.

    To find out how to carry out an XP Reformat and Reinstall, please see this page. If you are using Vista, then check this page instead.

    Once you have reformatted and reinstalled Windows, have a look at this page for some useful tips on staying clean, along with links to some freeware to help.

    To find out more information about how you may have got infected in the first place, you can read this article.

    I am sorry I cannot give any better news.
     
  20. jfkstunna

    jfkstunna TS Rookie Topic Starter Posts: 26

    wow talk about bad news lol well...i'll get to it tomorrow afternoon if i have any more questions i'll be sure to hit you back so if u can leave this post open for me so i may contact you
     
  21. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    Sorry about it :(

    I don't close topics so you can post back anytime.
     
  22. jfkstunna

    jfkstunna TS Rookie Topic Starter Posts: 26

    hey buddy its me again

    i have a question is there any place i can download the XP reinstall CD or anything of that nature because i dont have mine anymore???
     
  23. Broni

    Broni Malware Annihilator Posts: 47,691   +268

    Nope.
    You can either call your computer manufacturer to order recovery disk (cheaper), or buy Windows disk (more expensive).
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.