Inactive [Not curable - Virut] System check virus help!

dude everything your tellin me is not goin to work idk how else to put it.

all ur advise is just makin my computer worse it was workin alot better b4 i asked for your advise i can tell ya that much. run a buisness off this computer imlosing money by the day and we havent gotten an inch closer to resolving the problem homie
 
One more time....calm down or I'll close this topic.
I've been trying to help you using my FREE TIME.
If you don't like my advice, let me know.
There is always an option to call "Geek Squad" and they'll fix it for you for $300 or so.

Consider this as a final warning.
 
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8303

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

1/16/2012 8:24:19 PM
mbam-log-2012-01-16 (20-24-19).txt

Scan type: Quick scan
Objects scanned: 203759
Time elapsed: 10 minute(s), 11 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 2
Registry Data Items Infected: 9
Folders Infected: 1
Files Infected: 17

Memory Processes Infected:
c:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> 196 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{c900b400-cdfe-11d3-976a-00e02913a9e0} (PUP.WebHancer) -> Not selected for removal.
HKEY_CLASSES_ROOT\WhIeHelperObj.WhIeHelperObj.1 (PUP.WebHancer) -> Not selected for removal.
HKEY_CLASSES_ROOT\WhIeHelperObj.WhIeHelperObj (PUP.WebHancer) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C900B400-CDFE-11D3-976A-00E02913A9E0} (PUP.WebHancer) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C900B400-CDFE-11D3-976A-00E02913A9E0} (PUP.WebHancer) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0} (PUP.WebHancer) -> Not selected for removal.
HKEY_CLASSES_ROOT\TypeLib\{C8CB3870-CDFE-11D3-976A-00E02913A9E0} (PUP.WebHancer) -> Not selected for removal.
HKEY_CLASSES_ROOT\Interface\{C89435B0-CDFE-11D3-976A-00E02913A9E0} (PUP.WebHancer) -> Not selected for removal.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\homep (Worm.SFDC) -> Value: homep -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\webHancer Agent (PUP.WebHancer) -> Value: webHancer Agent -> Not selected for removal.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
c:\program files\webhancer\Programs (PUP.WebHancer) -> Not selected for removal.

Files Infected:
c:\program files\webhancer\Programs\whiehlpr.dll (PUP.WebHancer) -> Not selected for removal.
c:\WINDOWS\webhdll.dll (PUP.WebHancer) -> Not selected for removal.
c:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\BN9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\homep.exe (Worm.SFDC) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\puoiw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\whAgent.inf (PUP.WebHancer) -> Not selected for removal.
c:\WINDOWS\whinstaller.ini (PUP.WebHancer) -> Not selected for removal.
c:\program files\webhancer\Programs\whAgent.exe (PUP.WebHancer) -> Not selected for removal.
c:\program files\webhancer\Programs\license.txt (PUP.WebHancer) -> Not selected for removal.
c:\program files\webhancer\Programs\regwebh.dll (PUP.WebHancer) -> Not selected for removal.
c:\program files\webhancer\Programs\sporder.dll (PUP.WebHancer) -> Not selected for removal.
c:\program files\webhancer\Programs\wbhshare.dll (PUP.WebHancer) -> Not selected for removal.
c:\program files\webhancer\Programs\whAgent.ini (PUP.WebHancer) -> Not selected for removal.
c:\program files\webhancer\Programs\whiedc.dll (PUP.WebHancer) -> Not selected for removal.
c:\program files\webhancer\Programs\whiehlpr.ini (PUP.WebHancer) -> Not selected for removal.
c:\program files\webhancer\Programs\whieshm.dll (PUP.WebHancer) -> Not selected for removal.
 
ok just ran the gmer (idk if i did it right or not)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-01-16 21:14:32
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3808110AS rev.3.AHH
Running: lrxk2b2p.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwtyypoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
heres the dds log



DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702
Run by Administrator at 21:22:14 on 2012-01-16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2551.2366 [GMT -6:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\TEMP\BN9.tmp
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.searchqu.com/406
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: mefeediaTest: {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - c:\program files\mefeediatest\w3itemplateX.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wi371a~1\datamngr\BROWSE~1.DLL
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: WhIeHelperObj Class: {c900b400-cdfe-11d3-976a-00e02913a9e0} - c:\progra~1\webhan~1\programs\whiehlpr.dll
BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\datamngr\toolbar\searchqudtx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: mefeediaTest: {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - c:\program files\mefeediatest\w3itemplateX.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: Norton Internet Security 2006: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
EB: {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [tcpudp] c:\windows\BN6.tmp
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11c_ActiveX.exe -update activex
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [LayoutM] KLayMgr.exe
mRun: [webHancer Agent] "c:\program files\webhancer\programs\whAgent.exe"
mRun: [DC6_check] "c:\program files\common files\dc6_startupmon.exe"
mRun: [ERS_check] "c:\program files\common files\ers_startupmon.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [DigidesignMMERefresh] c:\program files\digidesign\drivers\MMERefresh.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DATAMNGR] c:\progra~1\wi371a~1\datamngr\DATAMN~1.EXE
mRun: [kblxrhoj] c:\windows\system32\kblxrhoj.exe
mRun: [LHUnnGkTMirhwy.exe] c:\documents and settings\all users\application data\LHUnnGkTMirhwy.exe
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [kblxrhoj] c:\documents and settings\administrator\kblxrhoj.exe
dRun: [tcpudp] c:\windows\BN9.tmp
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\flipto~1.lnk - c:\program files\fliptoast\fliptoast.exe
IE: &Search - http://tbedits.televisionfanatic.co...D760-879A-41BB-838A-573F19F37738&n=2011101020
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\IEBHO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 122.224.6.164 zeus.sunke.info
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\dv6prpfb.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/406
FF - prefs.js: keyword.URL - hxxp://search.internet-search-results.com/?sid=10101199100&s=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Search
FF - user.js: browser.search.order.1 - Search
FF - user.js: keyword.URL - hxxp://search.internet-search-results.com/?sid=10101199100&s=
============= SERVICES / DRIVERS ===============
.
R3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2011-11-2 21648]
S0 wjcpcy;wjcpcy;c:\windows\system32\drivers\wygvotb.sys --> c:\windows\system32\drivers\wygvotb.sys [?]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-16 435032]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-1-16 314456]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-1-16 20568]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-1-16 44768]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2011-11-2 16400]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fbguard.exe [2011-10-18 118784]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-10-10 136176]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2011-11-2 97808]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys --> c:\windows\system32\drivers\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fbserver.exe [2011-10-18 3756032]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-10-10 136176]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2011-11-2 21904]
S3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\drivers\uts_bus.sys [2010-9-23 84352]
S3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\drivers\uts_mdfl.sys [2010-9-23 14976]
S3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\drivers\uts_mdm.sys [2010-9-23 110848]
S3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\uts_serd.sys [2010-9-23 90880]
.
=============== Created Last 30 ================
.
2012-01-17 03:17:22 -------- d-----w- C:\62bf302e7f51a6a67e9f70
2012-01-17 03:07:09 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-17 03:07:00 41184 ----a-w- c:\windows\avastSS.scr
2012-01-17 03:06:39 -------- d-----w- c:\program files\AVAST Software
2012-01-17 03:06:39 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-01-17 03:02:16 -------- d-----w- C:\8e0396cf9782e310139902f668de4d
2012-01-17 01:53:50 196608 ---ha-w- c:\windows\BN2.tmp
2012-01-17 01:43:50 196608 ---ha-w- c:\windows\BN9.tmp
2012-01-16 04:59:25 -------- d-----w- C:\Recovered Files
2012-01-15 04:58:14 215552 ---ha-w- c:\windows\BN8.tmp
2012-01-15 04:31:02 215552 ---ha-w- c:\windows\BN7.tmp
2012-01-15 04:24:49 215552 ---ha-w- c:\windows\BN6.tmp
2012-01-15 04:21:30 215552 ---ha-w- c:\windows\BN5.tmp
2012-01-15 04:16:15 -------- d--h--w- c:\documents and settings\administrator\local settings\application data\Help
2012-01-15 04:13:09 215552 ---ha-w- c:\windows\BN4.tmp
2012-01-15 04:06:35 357632 ---ha-w- c:\documents and settings\all users\application data\I3NvjJDZntUHz0.exe
2012-01-15 04:03:27 215552 ---ha-w- c:\windows\BNEF.tmp
2012-01-15 04:03:03 -------- d--h--w- c:\documents and settings\all users\application data\WSTB
2012-01-15 04:03:01 453376 ---ha-w- c:\documents and settings\all users\application data\LHUnnGkTMirhwy.exe
2012-01-15 04:02:59 60928 ---ha-w- c:\windows\system32\kblxrhoj.exe
2012-01-15 04:02:59 60928 ---ha-w- c:\documents and settings\administrator\kblxrhoj.exe
2012-01-11 22:58:46 -------- d--h--w- c:\documents and settings\administrator\application data\com.w3i.FlipToast
2012-01-11 22:58:37 -------- d--h--w- c:\program files\fliptoast
2012-01-11 22:58:11 -------- d--h--w- c:\documents and settings\administrator\application data\w3itemplate
2012-01-11 22:58:00 -------- d--h--w- c:\documents and settings\administrator\local settings\application data\Adobe
2012-01-11 22:57:59 -------- d--h--w- c:\documents and settings\administrator\application data\mefeediatest
2012-01-11 22:57:48 -------- d--h--w- c:\program files\mefeediatest
2012-01-11 22:57:14 -------- d--h--w- c:\program files\ChicaLogic
2012-01-11 22:57:06 -------- d--h--w- c:\documents and settings\all users\application data\Norton
2012-01-11 22:57:02 -------- d--h--w- c:\documents and settings\all users\application data\NortonInstaller
2012-01-09 06:20:28 626688 ---ha-w- c:\program files\mozilla firefox\msvcr80.dll
2012-01-09 06:20:28 548864 ---ha-w- c:\program files\mozilla firefox\msvcp80.dll
2012-01-09 06:20:28 479232 ---ha-w- c:\program files\mozilla firefox\msvcm80.dll
2012-01-09 06:20:28 43992 ---ha-w- c:\program files\mozilla firefox\mozutils.dll
2012-01-07 01:45:37 -------- d--h--w- c:\documents and settings\administrator\application data\Waves Audio
2012-01-07 01:45:32 -------- d--h--w- c:\documents and settings\all users\application data\Waves Audio
2012-01-07 01:41:45 -------- d--h--w- c:\program files\Steinberg
2012-01-07 01:41:45 -------- d--h--w- c:\program files\common files\VST3
2012-01-07 01:38:52 -------- d--h--w- c:\program files\Waves
2012-01-02 23:34:35 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-01-02 23:34:35 -------- d--h--w- c:\program files\Free Offers from Freeze.com
2012-01-02 23:34:10 -------- d--h--w- c:\documents and settings\all users\application data\WeCareReminder
2011-12-22 02:21:23 -------- d--h--w- c:\documents and settings\administrator\local settings\application data\WinZip
.
==================== Find3M ====================
.
2011-12-11 02:41:58 406528 ---ha-w- c:\windows\system32\ReWire.dll
2011-12-11 02:41:58 338432 ---ha-w- c:\windows\system32\REX Shared Library.dll
2011-11-15 03:20:44 77824 --sh--r- c:\documents and settings\administrator\puoiw.scr
2011-11-14 22:25:19 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-12 00:25:53 1053696 ---ha-w- c:\windows\explorer.exe
2011-10-24 19:29:02 94208 ---ha-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ---ha-w- c:\windows\system32\QuickTime.qts
.
============= FINISH: 21:23:27.32 ===============
 
I still need Attach.txt part of DDS.

Next....

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

============================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
my bad heres the attach log


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/7/2006 5:36:11 PM
System Uptime: 1/16/2012 8:33:13 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 09F8h
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | XU1 PROCESSOR | 2990/800mhz
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | XU1 PROCESSOR 2 | 2990/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 27.365 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP411: 10/15/2011 3:53:06 PM - System Checkpoint
RP412: 10/17/2011 5:16:37 PM - System Checkpoint
RP413: 10/18/2011 10:26:37 PM - System Checkpoint
RP414: 10/19/2011 11:18:31 PM - System Checkpoint
RP415: 10/21/2011 1:31:15 AM - System Checkpoint
RP416: 10/25/2011 9:41:28 AM - System Checkpoint
RP417: 10/26/2011 10:35:25 AM - System Checkpoint
RP418: 10/29/2011 6:53:55 PM - System Checkpoint
RP419: 11/1/2011 6:41:57 PM - Installed Pro Tools LE
RP420: 11/1/2011 6:44:35 PM - Installed Digidesign Audio Drivers
RP421: 11/2/2011 5:56:29 PM - Installed Free DigiRack Plug-Ins
RP422: 11/2/2011 6:34:04 PM - Installed Pro Tools Creative Collection
RP423: 11/2/2011 6:49:27 PM - Installed Pro Tools LE
RP424: 11/2/2011 7:15:01 PM - Unsigned driver install
RP425: 11/2/2011 7:19:42 PM - Installed Pro Tools LE
RP426: 11/2/2011 7:20:28 PM - Installed Digidesign Audio Drivers
RP427: 11/2/2011 7:24:04 PM - Installed Free DigiRack Plug-Ins
RP428: 11/2/2011 7:30:29 PM - Installed QuickTime
RP429: 11/3/2011 3:00:15 AM - Software Distribution Service 3.0
RP430: 11/4/2011 5:44:37 PM - System Checkpoint
RP431: 11/5/2011 10:24:23 PM - System Checkpoint
RP432: 11/7/2011 3:07:31 AM - System Checkpoint
RP433: 11/8/2011 3:24:11 AM - System Checkpoint
RP434: 11/9/2011 9:31:19 AM - System Checkpoint
RP435: 11/10/2011 7:05:31 PM - System Checkpoint
RP436: 11/11/2011 5:25:54 PM - Software Distribution Service 3.0
RP437: 11/11/2011 8:32:57 PM - Restore Operation
RP438: 11/11/2011 8:45:24 PM - Installed WinZip 16.0
RP439: 11/12/2011 3:00:15 AM - Software Distribution Service 3.0
RP440: 11/13/2011 3:46:28 AM - System Checkpoint
RP441: 11/14/2011 11:08:34 PM - System Checkpoint
RP442: 11/15/2011 11:34:23 PM - System Checkpoint
RP443: 11/17/2011 8:35:33 PM - System Checkpoint
RP444: 11/18/2011 8:46:29 PM - System Checkpoint
RP445: 11/19/2011 8:02:58 PM - Restore Operation
RP446: 11/21/2011 12:12:31 AM - System Checkpoint
RP447: 11/24/2011 2:02:00 AM - System Checkpoint
RP448: 11/25/2011 3:30:04 AM - System Checkpoint
RP449: 11/26/2011 4:39:37 PM - System Checkpoint
RP450: 11/29/2011 11:12:12 PM - System Checkpoint
RP451: 12/1/2011 5:57:07 PM - Restore Operation
RP452: 12/2/2011 7:29:50 PM - System Checkpoint
RP453: 12/3/2011 9:25:04 PM - System Checkpoint
RP454: 12/4/2011 10:30:59 PM - System Checkpoint
RP455: 12/6/2011 7:48:17 PM - System Checkpoint
RP456: 12/8/2011 1:08:18 AM - System Checkpoint
RP457: 12/11/2011 7:43:53 PM - System Checkpoint
RP458: 12/12/2011 1:26:48 AM - Software Distribution Service 3.0
RP459: 12/12/2011 5:59:37 AM - Printer Driver Microsoft XPS Document Writer Installed
RP460: 12/13/2011 3:00:17 AM - Software Distribution Service 3.0
RP461: 12/14/2011 3:00:15 AM - Software Distribution Service 3.0
RP462: 12/15/2011 5:43:07 PM - Software Distribution Service 3.0
RP463: 12/16/2011 3:00:15 AM - Software Distribution Service 3.0
RP464: 12/17/2011 4:05:40 AM - System Checkpoint
RP465: 12/18/2011 3:00:14 AM - Software Distribution Service 3.0
RP466: 12/19/2011 5:44:19 AM - System Checkpoint
RP467: 12/21/2011 12:23:55 AM - System Checkpoint
RP468: 12/21/2011 8:20:35 PM - Removed WinZip 16.0
RP469: 12/21/2011 8:20:49 PM - Installed WinZip 16.0
RP470: 12/22/2011 11:23:57 PM - System Checkpoint
RP471: 12/24/2011 11:53:07 PM - System Checkpoint
RP472: 12/25/2011 11:57:50 PM - System Checkpoint
RP473: 12/27/2011 1:37:17 AM - System Checkpoint
RP474: 12/28/2011 6:08:31 PM - System Checkpoint
RP475: 12/30/2011 9:37:18 PM - System Checkpoint
RP476: 1/2/2012 5:40:40 PM - Removed InstallIQ Updater
RP477: 1/2/2012 5:45:37 PM - Removed Security Update for CAPICOM (KB931906)
RP478: 1/3/2012 9:14:31 PM - System Checkpoint
RP479: 1/5/2012 11:21:23 PM - System Checkpoint
RP480: 1/6/2012 7:43:40 PM - Removed Microsoft Visual C++ 2005 Redistributable
RP481: 1/6/2012 7:44:07 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP482: 1/9/2012 1:35:19 AM - System Checkpoint
RP483: 1/10/2012 7:14:16 PM - System Checkpoint
RP484: 1/11/2012 2:20:58 PM - Software Distribution Service 3.0
RP485: 1/12/2012 9:45:12 PM - System Checkpoint
RP486: 1/14/2012 10:43:30 PM - Removed FlipToast
RP487: 1/14/2012 10:50:34 PM - Restore Operation
RP488: 1/14/2012 10:52:19 PM - Restore Operation
RP489: 1/14/2012 10:55:18 PM - Restore Operation
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Software Update
ASPCA TriMini Reminder by We-Care.com v5.0.5.1
avast! Free Antivirus
Bonjour
Chica Password Manager 1.10.0.6
Cowabanga by OIN
Digidesign Audio Drivers 8.0
Digidesign Pro Tools LE 8.0
Firebird 2.5.0.26074 (Win32)
Free DigiRack Plug-Ins 8.0
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Help and Support 4.0
Intel(R) Graphics Media Accelerator Driver
Interlok driver setup x32
Keyboard Layout Management Application
Malwarebytes' Anti-Malware version 1.51.2.1300
MeFeedia
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 9.0.1 (x86 en-US)
MSI to redistribute MS VS2005 CRT libraries
MSXML 6 Service Pack 2 (KB973686)
PhotoScape
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Reason 5.0
SAM Broadcaster v4
SAMSUNG USB Driver for Mobile Phones
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911164)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
UTStarcom USB Modem Software
Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC_AR)
Waves Complete VST RTAS TDM v7.1.16
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows iLivid Toolbar
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB815304
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885270
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886199
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinZip 16.0
.
==== Event Viewer Messages From Past Week ========
.
1/16/2012 9:09:07 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.MFC. Reference error message: The referenced assembly is not installed on your system. .
1/16/2012 9:09:07 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\AVAST Software\Avast\AvastUI.exe. Reference error message: The operation completed successfully. .
1/16/2012 9:09:07 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.MFC could not be found and Last Error was The referenced assembly is not installed on your system.
1/16/2012 9:07:05 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/16/2012 7:44:51 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm
1/16/2012 7:43:13 PM, error: Dhcp [1002] - The IP address lease 192.168.0.11 for the Network Card with network address 0018717DDBB3 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
1/15/2012 10:45:52 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/15/2012 10:29:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
1/15/2012 10:29:59 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
1/15/2012 10:29:59 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/15/2012 10:29:59 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/15/2012 10:29:59 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
1/15/2012 10:29:59 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/15/2012 10:29:22 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/14/2012 10:59:17 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: Access is denied.
1/14/2012 10:59:17 PM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The operation completed successfully.
1/14/2012 10:57:57 PM, error: SRService [104] - The System Restore initialization process failed.
1/11/2012 7:02:38 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
1/10/2012 5:32:33 PM, error: dalwdmservice [43] -
.
==== End Of File ===========================
 
aswmbr log

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-16 22:12:59
-----------------------------
22:12:59.531 OS Version: Windows 5.1.2600 Service Pack 2
22:12:59.531 Number of processors: 2 586 0x403
22:12:59.531 ComputerName: HP45411044018 UserName: Administrator
22:12:59.937 Initialize success
22:15:06.843 AVAST engine defs: 12011601
22:15:21.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e
22:15:21.218 Disk 0 Vendor: ST3808110AS 3.AHH Size: 76319MB BusType: 3
22:15:21.250 Disk 0 MBR read successfully
22:15:21.265 Disk 0 MBR scan
22:15:21.296 Disk 0 Windows XP default MBR code
22:15:21.312 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
22:15:21.343 Disk 0 scanning sectors +156280320
22:15:21.421 Disk 0 scanning C:\WINDOWS\system32\drivers
22:15:31.843 Service scanning
22:15:35.421 Modules scanning
22:15:41.109 Disk 0 trace - called modules:
22:15:41.140 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:15:41.140 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84323908]
22:15:41.156 3 CLASSPNP.SYS[ba0e905b] -> nt!IofCallDriver -> \Device\0000005d[0x84366948]
22:15:41.187 5 ACPI.sys[ba05f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x843c1940]
22:15:41.593 AVAST engine scan C:\WINDOWS
22:15:43.968 File: C:\WINDOWS\BN2.tmp **INFECTED** Win32:Kryptik-GNH [Trj]
22:15:44.078 File: C:\WINDOWS\BN4.tmp **INFECTED** Win32:Malware-gen
22:15:44.187 File: C:\WINDOWS\BN5.tmp **INFECTED** Win32:Malware-gen
22:15:44.296 File: C:\WINDOWS\BN6.tmp **INFECTED** Win32:Malware-gen
22:15:44.421 File: C:\WINDOWS\BN7.tmp **INFECTED** Win32:Malware-gen
22:15:44.531 File: C:\WINDOWS\BN8.tmp **INFECTED** Win32:Malware-gen
22:15:44.640 File: C:\WINDOWS\BN9.tmp **INFECTED** Win32:Kryptik-GNH [Trj]
22:15:44.734 File: C:\WINDOWS\BNA.tmp **INFECTED** Win32:Kryptik-GNH [Trj]
22:15:44.859 File: C:\WINDOWS\BNEF.tmp **INFECTED** Win32:Malware-gen
22:15:45.203 File: C:\WINDOWS\explorer.exe **INFECTED** Win32:Vitro
22:15:45.500 File: C:\WINDOWS\hh.exe **INFECTED** Win32:Vitro
22:15:46.171 File: C:\WINDOWS\IsUninst.exe **INFECTED** Win32:Vitro
22:15:52.843 File: C:\WINDOWS\KLayMgr.exe **INFECTED** Win32:Vitro
22:15:53.703 File: C:\WINDOWS\NOTEPAD.EXE **INFECTED** Win32:Vitro
22:15:54.078 File: C:\WINDOWS\regedit.exe **INFECTED** Win32:Vitro
22:15:54.609 File: C:\WINDOWS\TASKMAN.EXE **INFECTED** Win32:Vitro
22:15:54.828 File: C:\WINDOWS\twunk_32.exe **INFECTED** Win32:Vitro
22:15:54.953 File: C:\WINDOWS\UNWISE.EXE **INFECTED** Win32:Vitro
22:15:55.375 File: C:\WINDOWS\winhlp32.exe **INFECTED** Win32:Vitro
22:15:56.218 AVAST engine scan C:\WINDOWS\system32
22:15:56.937 File: C:\WINDOWS\system32\accwiz.exe **INFECTED** Win32:Vitro
22:15:57.234 File: C:\WINDOWS\system32\actmovie.exe **INFECTED** Win32:Vitro
22:15:57.812 File: C:\WINDOWS\system32\ahui.exe **INFECTED** Win32:Vitro
22:15:57.906 File: C:\WINDOWS\system32\alg.exe **INFECTED** Win32:Vitro
22:15:58.375 File: C:\WINDOWS\system32\arp.exe **INFECTED** Win32:Vitro
22:15:58.515 File: C:\WINDOWS\system32\asr_fmt.exe **INFECTED** Win32:Vitro
22:15:58.593 File: C:\WINDOWS\system32\asr_ldm.exe **INFECTED** Win32:Vitro
22:15:58.671 File: C:\WINDOWS\system32\asr_pfu.exe **INFECTED** Win32:Vitro
22:15:58.812 File: C:\WINDOWS\system32\at.exe **INFECTED** Win32:Vitro
22:15:59.062 File: C:\WINDOWS\system32\atmadm.exe **INFECTED** Win32:Vitro
22:15:59.296 File: C:\WINDOWS\system32\attrib.exe **INFECTED** Win32:Vitro
22:15:59.515 File: C:\WINDOWS\system32\auditusr.exe **INFECTED** Win32:Vitro
22:16:00.328 File: C:\WINDOWS\system32\blastcln.exe **INFECTED** Win32:Vitro
22:16:00.406 File: C:\WINDOWS\system32\bootcfg.exe **INFECTED** Win32:Vitro
22:16:00.468 File: C:\WINDOWS\system32\bootok.exe **INFECTED** Win32:Vitro
22:16:00.578 File: C:\WINDOWS\system32\bootvrfy.exe **INFECTED** Win32:Vitro
22:16:01.156 File: C:\WINDOWS\system32\cacls.exe **INFECTED** Win32:Vitro
22:16:01.281 File: C:\WINDOWS\system32\calc.exe **INFECTED** Win32:Vitro
22:16:02.484 File: C:\WINDOWS\system32\charmap.exe **INFECTED** Win32:Vitro
22:16:02.593 File: C:\WINDOWS\system32\chkdsk.exe **INFECTED** Win32:Vitro
22:16:02.656 File: C:\WINDOWS\system32\chkntfs.exe **INFECTED** Win32:Vitro
22:16:02.843 File: C:\WINDOWS\system32\cidaemon.exe **INFECTED** Win32:Vitro
22:16:02.984 File: C:\WINDOWS\system32\cipher.exe **INFECTED** Win32:Vitro
22:16:03.046 File: C:\WINDOWS\system32\cisvc.exe **INFECTED** Win32:Vitro
22:16:03.125 File: C:\WINDOWS\system32\ckcnv.exe **INFECTED** Win32:Vitro
22:16:03.406 File: C:\WINDOWS\system32\cleanmgr.exe **INFECTED** Win32:Vitro
22:16:03.531 File: C:\WINDOWS\system32\cliconfg.exe **INFECTED** Win32:Vitro
22:16:03.609 File: C:\WINDOWS\system32\clipbrd.exe **INFECTED** Win32:Vitro
22:16:03.687 File: C:\WINDOWS\system32\clipsrv.exe **INFECTED** Win32:Vitro
22:16:03.875 File: C:\WINDOWS\system32\cmd.exe **INFECTED** Win32:Vitro
22:16:04.078 File: C:\WINDOWS\system32\cmdl32.exe **INFECTED** Win32:Vitro
22:16:04.156 File: C:\WINDOWS\system32\cmmon32.exe **INFECTED** Win32:Vitro
22:16:04.296 File: C:\WINDOWS\system32\cmstp.exe **INFECTED** Win32:Vitro
22:16:04.953 File: C:\WINDOWS\system32\comp.exe **INFECTED** Win32:Vitro
22:16:05.031 File: C:\WINDOWS\system32\compact.exe **INFECTED** Win32:Vitro
22:16:05.812 File: C:\WINDOWS\system32\conime.exe **INFECTED** Win32:Vitro
22:16:05.906 File: C:\WINDOWS\system32\control.exe **INFECTED** Win32:Vitro
22:16:06.000 File: C:\WINDOWS\system32\convert.exe **INFECTED** Win32:Vitro
22:16:06.578 File: C:\WINDOWS\system32\cscript.exe **INFECTED** Win32:Vitro
22:16:06.812 File: C:\WINDOWS\system32\ctfmon.exe **INFECTED** Win32:Vitro
22:16:08.890 File: C:\WINDOWS\system32\dcomcnfg.exe **INFECTED** Win32:Vitro
22:16:08.984 File: C:\WINDOWS\system32\ddeshare.exe **INFECTED** Win32:Vitro
22:16:09.187 File: C:\WINDOWS\system32\defrag.exe **INFECTED** Win32:Vitro
22:16:09.468 File: C:\WINDOWS\system32\dfrgfat.exe **INFECTED** Win32:Vitro
22:16:09.578 File: C:\WINDOWS\system32\dfrgntfs.exe **INFECTED** Win32:Vitro
22:16:10.750 File: C:\WINDOWS\system32\diantz.exe **INFECTED** Win32:Vitro
22:16:11.546 File: C:\WINDOWS\system32\diskpart.exe **INFECTED** Win32:Vitro
22:16:11.625 File: C:\WINDOWS\system32\diskperf.exe **INFECTED** Win32:Vitro
22:16:11.765 File: C:\WINDOWS\system32\dllhost.exe **INFECTED** Win32:Vitro
22:16:11.843 File: C:\WINDOWS\system32\dllhst3g.exe **INFECTED** Win32:Vitro
22:16:11.953 File: C:\WINDOWS\system32\dmadmin.exe **INFECTED** Win32:Vitro
22:16:12.312 File: C:\WINDOWS\system32\dmremote.exe **INFECTED** Win32:Vitro
22:16:13.046 File: C:\WINDOWS\system32\doskey.exe **INFECTED** Win32:Vitro
22:16:13.187 File: C:\WINDOWS\system32\dplaysvr.exe **INFECTED** Win32:Vitro
22:16:13.531 File: C:\WINDOWS\system32\dpnsvr.exe **INFECTED** Win32:Vitro
22:16:13.687 File: C:\WINDOWS\system32\dpvsetup.exe **INFECTED** Win32:Vitro
22:16:13.859 File: C:\WINDOWS\system32\driverquery.exe **INFECTED** Win32:Vitro
22:16:14.109 File: C:\WINDOWS\system32\drmupgds.exe **INFECTED** Win32:Vitro
22:16:14.406 File: C:\WINDOWS\system32\drwtsn32.exe **INFECTED** Win32:Vitro
22:16:15.046 File: C:\WINDOWS\system32\dumprep.exe **INFECTED** Win32:Vitro
22:16:15.203 File: C:\WINDOWS\system32\dvdplay.exe **INFECTED** Win32:Vitro
22:16:15.265 File: C:\WINDOWS\system32\dvdupgrd.exe **INFECTED** Win32:Vitro
22:16:15.390 File: C:\WINDOWS\system32\dwwin.exe **INFECTED** Win32:Vitro
22:16:15.734 File: C:\WINDOWS\system32\dxdiag.exe **INFECTED** Win32:Vitro
22:16:17.015 File: C:\WINDOWS\system32\esentutl.exe **INFECTED** Win32:Vitro
22:16:17.109 File: C:\WINDOWS\system32\eudcedit.exe **INFECTED** Win32:Vitro
22:16:17.234 File: C:\WINDOWS\system32\eventcreate.exe **INFECTED** Win32:Vitro
22:16:17.375 File: C:\WINDOWS\system32\eventtriggers.exe **INFECTED** Win32:Vitro
22:16:17.453 File: C:\WINDOWS\system32\eventvwr.exe **INFECTED** Win32:Vitro
22:16:17.656 File: C:\WINDOWS\system32\expand.exe **INFECTED** Win32:Vitro
22:16:17.875 File: C:\WINDOWS\system32\extrac32.exe **INFECTED** Win32:Vitro
22:16:18.078 File: C:\WINDOWS\system32\fc.exe **INFECTED** Win32:Vitro
22:16:18.343 File: C:\WINDOWS\system32\find.exe **INFECTED** Win32:Vitro
22:16:18.421 File: C:\WINDOWS\system32\findstr.exe **INFECTED** Win32:Vitro
22:16:18.500 File: C:\WINDOWS\system32\finger.exe **INFECTED** Win32:Vitro
22:16:18.640 File: C:\WINDOWS\system32\fixmapi.exe **INFECTED** Win32:Vitro
22:16:18.906 File: C:\WINDOWS\system32\fltmc.exe **INFECTED** Win32:Vitro
22:16:19.390 File: C:\WINDOWS\system32\fontview.exe **INFECTED** Win32:Vitro
22:16:19.468 File: C:\WINDOWS\system32\forcedos.exe **INFECTED** Win32:Vitro
22:16:19.625 File: C:\WINDOWS\system32\freecell.exe **INFECTED** Win32:Vitro
22:16:19.718 File: C:\WINDOWS\system32\fsquirt.exe **INFECTED** Win32:Vitro
22:16:19.843 File: C:\WINDOWS\system32\fsutil.exe **INFECTED** Win32:Vitro
22:16:19.921 File: C:\WINDOWS\system32\ftp.exe **INFECTED** Win32:Vitro
22:16:20.500 File: C:\WINDOWS\system32\getmac.exe **INFECTED** Win32:Vitro
22:16:20.859 File: C:\WINDOWS\system32\gpresult.exe **INFECTED** Win32:Vitro
22:16:20.984 File: C:\WINDOWS\system32\gpupdate.exe **INFECTED** Win32:Vitro
22:16:21.093 File: C:\WINDOWS\system32\grpconv.exe **INFECTED** Win32:Vitro
22:16:21.609 File: C:\WINDOWS\system32\hdashcut.exe **INFECTED** Win32:Vitro
22:16:21.843 File: C:\WINDOWS\system32\help.exe **INFECTED** Win32:Vitro
22:16:22.343 File: C:\WINDOWS\system32\hkcmd.exe **INFECTED** Win32:Vitro
22:16:22.640 File: C:\WINDOWS\system32\hostname.exe **INFECTED** Win32:Vitro
22:16:25.390 File: C:\WINDOWS\system32\ie4uinit.exe **INFECTED** Win32:Vitro
22:16:26.734 File: C:\WINDOWS\system32\ieudinit.exe **INFECTED** Win32:Vitro
22:16:26.921 File: C:\WINDOWS\system32\iexpress.exe **INFECTED** Win32:Vitro
22:16:27.109 File: C:\WINDOWS\system32\igfxcfg.exe **INFECTED** Win32:Vitro
22:16:27.375 File: C:\WINDOWS\system32\igfxext.exe **INFECTED** Win32:Vitro
22:16:27.484 File: C:\WINDOWS\system32\igfxpers.exe **INFECTED** Win32:Vitro
22:16:28.718 File: C:\WINDOWS\system32\igfxsrvc.exe **INFECTED** Win32:Vitro
22:16:28.828 File: C:\WINDOWS\system32\igfxtray.exe **INFECTED** Win32:Vitro
22:16:28.937 File: C:\WINDOWS\system32\igfxzoom.exe **INFECTED** Win32:Vitro
22:16:29.328 File: C:\WINDOWS\system32\imapi.exe **INFECTED** Win32:Vitro
22:16:30.484 File: C:\WINDOWS\system32\ipconfig.exe **INFECTED** Win32:Vitro
22:16:30.906 File: C:\WINDOWS\system32\ipsec6.exe **INFECTED** Win32:Vitro
22:16:31.156 File: C:\WINDOWS\system32\ipv6.exe **INFECTED** Win32:Vitro
22:16:31.421 File: C:\WINDOWS\system32\ipxroute.exe **INFECTED** Win32:Vitro
22:16:34.140 File: C:\WINDOWS\system32\kblxrhoj.exe **INFECTED** Win32:Vitro
22:16:34.843 File: C:\WINDOWS\system32\label.exe **INFECTED** Win32:Vitro
22:16:35.375 File: C:\WINDOWS\system32\lights.exe **INFECTED** Win32:Vitro
22:16:35.593 File: C:\WINDOWS\system32\lnkstub.exe **INFECTED** Win32:Vitro
22:16:35.921 File: C:\WINDOWS\system32\locator.exe **INFECTED** Win32:Vitro
22:16:36.000 File: C:\WINDOWS\system32\lodctr.exe **INFECTED** Win32:Vitro
22:16:36.125 File: C:\WINDOWS\system32\logagent.exe **INFECTED** Win32:Vitro
22:16:36.281 File: C:\WINDOWS\system32\logman.exe **INFECTED** Win32:Vitro
22:16:36.359 File: C:\WINDOWS\system32\logoff.exe **INFECTED** Win32:Vitro
22:16:36.468 File: C:\WINDOWS\system32\logon.scr **INFECTED** Win32:Vitro
22:16:36.578 File: C:\WINDOWS\system32\logonui.exe **INFECTED** Win32:Vitro
22:16:36.703 File: C:\WINDOWS\system32\lpq.exe **INFECTED** Win32:Vitro
22:16:36.765 File: C:\WINDOWS\system32\lpr.exe **INFECTED** Win32:Vitro
22:16:37.203 File: C:\WINDOWS\system32\magnify.exe **INFECTED** Win32:Vitro
22:16:37.343 File: C:\WINDOWS\system32\makecab.exe **INFECTED** Win32:Vitro
22:16:37.500 File: C:\WINDOWS\system32\MAPISRVR.EXE **INFECTED** Win32:Vitro
22:16:39.781 File: C:\WINDOWS\system32\migpwd.exe **INFECTED** Win32:Vitro
22:16:40.062 File: C:\WINDOWS\system32\mmc.exe **INFECTED** Win32:Vitro
22:16:40.562 File: C:\WINDOWS\system32\mnmsrvc.exe **INFECTED** Win32:Vitro
22:16:40.734 File: C:\WINDOWS\system32\mobsync.exe **INFECTED** Win32:Vitro
22:16:41.015 File: C:\WINDOWS\system32\mountvol.exe **INFECTED** Win32:Vitro
22:16:41.546 File: C:\WINDOWS\system32\mplay32.exe **INFECTED** Win32:Vitro
22:16:41.625 File: C:\WINDOWS\system32\mpnotify.exe **INFECTED** Win32:Vitro
22:16:42.000 File: C:\WINDOWS\system32\mqbkup.exe **INFECTED** Win32:Vitro
22:16:42.640 File: C:\WINDOWS\system32\mqsvc.exe **INFECTED** Win32:Vitro
22:16:42.750 File: C:\WINDOWS\system32\mqtgsvc.exe **INFECTED** Win32:Vitro
22:16:43.031 File: C:\WINDOWS\system32\mrinfo.exe **INFECTED** Win32:Vitro
22:16:44.703 File: C:\WINDOWS\system32\msdtc.exe **INFECTED** Win32:Vitro
22:16:45.578 File: C:\WINDOWS\system32\msfeedssync.exe **INFECTED** Win32:Vitro
22:16:45.796 File: C:\WINDOWS\system32\msg.exe **INFECTED** Win32:Vitro
22:16:46.203 File: C:\WINDOWS\system32\mshearts.exe **INFECTED** Win32:Vitro
22:16:46.328 File: C:\WINDOWS\system32\mshta.exe **INFECTED** Win32:Vitro
22:16:47.250 File: C:\WINDOWS\system32\msiexec.exe **INFECTED** Win32:Vitro
22:16:48.484 File: C:\WINDOWS\system32\mspaint.exe **INFECTED** Win32:Vitro
22:16:49.859 File: C:\WINDOWS\system32\msswchx.exe **INFECTED** Win32:Vitro
22:16:50.203 File: C:\WINDOWS\system32\mstinit.exe **INFECTED** Win32:Vitro
22:16:50.359 File: C:\WINDOWS\system32\mstsc.exe **INFECTED** Win32:Vitro
22:16:53.812 File: C:\WINDOWS\system32\narrator.exe **INFECTED** Win32:Vitro
22:16:53.921 File: C:\WINDOWS\system32\nbtstat.exe **INFECTED** Win32:Vitro
22:16:54.156 File: C:\WINDOWS\system32\nddeapir.exe **INFECTED** Win32:Vitro
22:16:54.281 File: C:\WINDOWS\system32\net.exe **INFECTED** Win32:Vitro
22:16:54.406 File: C:\WINDOWS\system32\net1.exe **INFECTED** Win32:Vitro
22:16:54.734 File: C:\WINDOWS\system32\netdde.exe **INFECTED** Win32:Vitro
22:16:55.406 File: C:\WINDOWS\system32\netsetup.exe **INFECTED** Win32:Vitro
22:16:55.531 File: C:\WINDOWS\system32\netsh.exe **INFECTED** Win32:Vitro
22:16:55.812 File: C:\WINDOWS\system32\netstat.exe **INFECTED** Win32:Vitro
22:16:56.390 File: C:\WINDOWS\system32\notepad.exe **INFECTED** Win32:Vitro
22:16:56.578 File: C:\WINDOWS\system32\nslookup.exe **INFECTED** Win32:Vitro
22:16:56.718 File: C:\WINDOWS\system32\ntbackup.exe **INFECTED** Win32:Vitro
22:16:58.015 File: C:\WINDOWS\system32\ntsd.exe **INFECTED** Win32:Vitro
22:16:58.171 File: C:\WINDOWS\system32\ntvdm.exe **INFECTED** Win32:Vitro
22:16:58.562 File: C:\WINDOWS\system32\nwscript.exe **INFECTED** Win32:Vitro
22:16:59.046 File: C:\WINDOWS\system32\odbcad32.exe **INFECTED** Win32:Vitro
22:16:59.203 File: C:\WINDOWS\system32\odbcconf.exe **INFECTED** Win32:Vitro
22:17:00.468 File: C:\WINDOWS\system32\openfiles.exe **INFECTED** Win32:Vitro
22:17:00.687 File: C:\WINDOWS\system32\osk.exe **INFECTED** Win32:Vitro
22:17:00.812 File: C:\WINDOWS\system32\osuninst.exe **INFECTED** Win32:Vitro
22:17:01.109 File: C:\WINDOWS\system32\packager.exe **INFECTED** Win32:Vitro
22:17:01.250 File: C:\WINDOWS\system32\pathping.exe **INFECTED** Win32:Vitro
22:17:01.531 File: C:\WINDOWS\system32\pentnt.exe **INFECTED** Win32:Vitro
22:17:01.703 File: C:\WINDOWS\system32\perfmon.exe **INFECTED** Win32:Vitro
22:17:02.218 File: C:\WINDOWS\system32\ping.exe **INFECTED** Win32:Vitro
22:17:02.312 File: C:\WINDOWS\system32\ping6.exe **INFECTED** Win32:Vitro
22:17:03.187 File: C:\WINDOWS\system32\powercfg.exe **INFECTED** Win32:Vitro
22:17:03.796 File: C:\WINDOWS\system32\print.exe **INFECTED** Win32:Vitro
22:17:04.109 File: C:\WINDOWS\system32\progman.exe **INFECTED** Win32:Vitro
22:17:04.218 File: C:\WINDOWS\system32\proquota.exe **INFECTED** Win32:Vitro
22:17:04.281 File: C:\WINDOWS\system32\proxycfg.exe **INFECTED** Win32:Vitro
22:17:04.671 File: C:\WINDOWS\system32\qappsrv.exe **INFECTED** Win32:Vitro
22:17:05.312 File: C:\WINDOWS\system32\qprocess.exe **INFECTED** Win32:Vitro
22:17:06.140 File: C:\WINDOWS\system32\qwinsta.exe **INFECTED** Win32:Vitro
22:17:06.421 File: C:\WINDOWS\system32\rasautou.exe **INFECTED** Win32:Vitro
22:17:06.593 File: C:\WINDOWS\system32\rasdial.exe **INFECTED** Win32:Vitro
22:17:07.000 File: C:\WINDOWS\system32\rasphone.exe **INFECTED** Win32:Vitro
22:17:07.296 File: C:\WINDOWS\system32\rcimlby.exe **INFECTED** Win32:Vitro
22:17:07.359 File: C:\WINDOWS\system32\rcp.exe **INFECTED** Win32:Vitro
22:17:07.609 File: C:\WINDOWS\system32\rdpclip.exe **INFECTED** Win32:Vitro
22:17:07.812 File: C:\WINDOWS\system32\rdsaddin.exe **INFECTED** Win32:Vitro
22:17:07.906 File: C:\WINDOWS\system32\rdshost.exe **INFECTED** Win32:Vitro
22:17:07.968 File: C:\WINDOWS\system32\recover.exe **INFECTED** Win32:Vitro
22:17:08.109 File: C:\WINDOWS\system32\reg.exe **INFECTED** Win32:Vitro
22:17:08.218 File: C:\WINDOWS\system32\regedt32.exe **INFECTED** Win32:Vitro
22:17:08.296 File: C:\WINDOWS\system32\regini.exe **INFECTED** Win32:Vitro
22:17:08.468 File: C:\WINDOWS\system32\regsvr32.exe **INFECTED** Win32:Vitro
22:17:08.546 File: C:\WINDOWS\system32\regwiz.exe **INFECTED** Win32:Vitro
22:17:08.734 File: C:\WINDOWS\system32\relog.exe **INFECTED** Win32:Vitro
22:17:08.984 File: C:\WINDOWS\system32\replace.exe **INFECTED** Win32:Vitro
22:17:09.046 File: C:\WINDOWS\system32\reset.exe **INFECTED** Win32:Vitro
22:17:09.390 File: C:\WINDOWS\system32\rexec.exe **INFECTED** Win32:Vitro
22:17:09.875 File: C:\WINDOWS\system32\route.exe **INFECTED** Win32:Vitro
22:17:09.953 File: C:\WINDOWS\system32\routemon.exe **INFECTED** Win32:Vitro
22:17:10.375 File: C:\WINDOWS\system32\rsh.exe **INFECTED** Win32:Vitro
22:17:10.484 File: C:\WINDOWS\system32\rsm.exe **INFECTED** Win32:Vitro
22:17:10.593 File: C:\WINDOWS\system32\rsmsink.exe **INFECTED** Win32:Vitro
22:17:10.687 File: C:\WINDOWS\system32\rsmui.exe **INFECTED** Win32:Vitro
22:17:10.781 File: C:\WINDOWS\system32\rsnotify.exe **INFECTED** Win32:Vitro
22:17:10.921 File: C:\WINDOWS\system32\rsopprov.exe **INFECTED** Win32:Fiasco
22:17:11.046 File: C:\WINDOWS\system32\rsvp.exe **INFECTED** Win32:Vitro
22:17:11.234 File: C:\WINDOWS\system32\rtcshare.exe **INFECTED** Win32:Vitro
22:17:11.546 File: C:\WINDOWS\system32\runas.exe **INFECTED** Win32:Vitro
22:17:11.656 File: C:\WINDOWS\system32\rundll32.exe **INFECTED** Win32:Vitro
22:17:11.750 File: C:\WINDOWS\system32\runonce.exe **INFECTED** Win32:Vitro
22:17:11.843 File: C:\WINDOWS\system32\rwinsta.exe **INFECTED** Win32:Vitro
22:17:12.156 File: C:\WINDOWS\system32\savedump.exe **INFECTED** Win32:Vitro
22:17:12.359 File: C:\WINDOWS\system32\sc.exe **INFECTED** Win32:Vitro
22:17:12.500 File: C:\WINDOWS\system32\scardsvr.exe **INFECTED** Win32:Vitro
22:17:12.906 File: C:\WINDOWS\system32\schtasks.exe **INFECTED** Win32:Vitro
22:17:13.062 File: C:\WINDOWS\system32\scrnsave.scr **INFECTED** Win32:Vitro
22:17:13.250 File: C:\WINDOWS\system32\sdbinst.exe **INFECTED** Win32:Vitro
22:17:13.390 File: C:\WINDOWS\system32\secedit.exe **INFECTED** Win32:Vitro
22:17:13.890 File: C:\WINDOWS\system32\sessmgr.exe **INFECTED** Win32:Vitro
22:17:13.984 File: C:\WINDOWS\system32\sethc.exe **INFECTED** Win32:Vitro
22:17:14.078 File: C:\WINDOWS\system32\setup.exe **INFECTED** Win32:Vitro
22:17:14.437 File: C:\WINDOWS\system32\sfc.exe **INFECTED** Win32:Vitro
22:17:14.843 File: C:\WINDOWS\system32\shadow.exe **INFECTED** Win32:Vitro
22:17:15.828 File: C:\WINDOWS\system32\shmgrate.exe **INFECTED** Win32:Vitro
22:17:15.937 File: C:\WINDOWS\system32\shrpubw.exe **INFECTED** Win32:Vitro
22:17:16.156 File: C:\WINDOWS\system32\shutdown.exe **INFECTED** Win32:Vitro
22:17:16.265 File: C:\WINDOWS\system32\sigverif.exe **INFECTED** Win32:Vitro
22:17:16.406 File: C:\WINDOWS\system32\skeys.exe **INFECTED** Win32:Vitro
22:17:16.625 File: C:\WINDOWS\system32\smbinst.exe **INFECTED** Win32:Vitro
22:17:16.796 File: C:\WINDOWS\system32\smlogsvc.exe **INFECTED** Win32:Vitro
22:17:16.937 File: C:\WINDOWS\system32\sndrec32.exe **INFECTED** Win32:Vitro
22:17:17.031 File: C:\WINDOWS\system32\sndvol32.exe **INFECTED** Win32:Vitro
22:17:17.234 File: C:\WINDOWS\system32\sol.exe **INFECTED** Win32:Vitro
22:17:17.312 File: C:\WINDOWS\system32\sort.exe **INFECTED** Win32:Vitro
22:17:17.515 File: C:\WINDOWS\system32\spider.exe **INFECTED** Win32:Vitro
22:17:17.609 File: C:\WINDOWS\system32\spiisupd.exe **INFECTED** Win32:Vitro
22:17:17.859 File: C:\WINDOWS\system32\spnpinst.exe **INFECTED** Win32:Vitro
22:17:18.093 File: C:\WINDOWS\system32\spoolsv.exe **INFECTED** Win32:Vitro
22:17:18.859 File: C:\WINDOWS\system32\ss3dfo.scr **INFECTED** Win32:Vitro
22:17:18.921 File: C:\WINDOWS\system32\ssbezier.scr **INFECTED** Win32:Vitro
22:17:19.093 File: C:\WINDOWS\system32\ssflwbox.scr **INFECTED** Win32:Vitro
22:17:19.156 File: C:\WINDOWS\system32\ssmarque.scr **INFECTED** Win32:Vitro
22:17:19.250 File: C:\WINDOWS\system32\ssmypics.scr **INFECTED** Win32:Vitro
22:17:19.343 File: C:\WINDOWS\system32\ssmyst.scr **INFECTED** Win32:Vitro
22:17:19.468 File: C:\WINDOWS\system32\sspipes.scr **INFECTED** Win32:Vitro
22:17:19.593 File: C:\WINDOWS\system32\ssstars.scr **INFECTED** Win32:Vitro
22:17:19.703 File: C:\WINDOWS\system32\sstext3d.scr **INFECTED** Win32:Vitro
22:17:19.906 File: C:\WINDOWS\system32\stimon.exe **INFECTED** Win32:Vitro
22:17:20.312 File: C:\WINDOWS\system32\subst.exe **INFECTED** Win32:Vitro
22:17:20.640 File: C:\WINDOWS\system32\syncapp.exe **INFECTED** Win32:Vitro
22:17:20.906 File: C:\WINDOWS\system32\syskey.exe **INFECTED** Win32:Vitro
22:17:21.078 File: C:\WINDOWS\system32\sysocmgr.exe **INFECTED** Win32:Vitro
22:17:21.390 File: C:\WINDOWS\system32\systeminfo.exe **INFECTED** Win32:Vitro
22:17:21.453 File: C:\WINDOWS\system32\systray.exe **INFECTED** Win32:Vitro
22:17:21.953 File: C:\WINDOWS\system32\taskkill.exe **INFECTED** Win32:Vitro
22:17:22.015 File: C:\WINDOWS\system32\tasklist.exe **INFECTED** Win32:Vitro
22:17:22.109 File: C:\WINDOWS\system32\taskman.exe **INFECTED** Win32:Vitro
22:17:22.203 File: C:\WINDOWS\system32\taskmgr.exe **INFECTED** Win32:Vitro
22:17:22.265 File: C:\WINDOWS\system32\tcmsetup.exe **INFECTED** Win32:Vitro
22:17:22.453 File: C:\WINDOWS\system32\tcpsvcs.exe **INFECTED** Win32:Vitro
22:17:22.687 File: C:\WINDOWS\system32\telnet.exe **INFECTED** Win32:Vitro
22:17:22.968 File: C:\WINDOWS\system32\tftp.exe **INFECTED** Win32:Vitro
22:17:23.218 File: C:\WINDOWS\system32\tlntadmn.exe **INFECTED** Win32:Vitro
22:17:23.343 File: C:\WINDOWS\system32\tlntsess.exe **INFECTED** Win32:Vitro
22:17:23.484 File: C:\WINDOWS\system32\tlntsvr.exe **INFECTED** Win32:Vitro
22:17:23.609 File: C:\WINDOWS\system32\tourstart.exe **INFECTED** Win32:Vitro
22:17:23.734 File: C:\WINDOWS\system32\tracerpt.exe **INFECTED** Win32:Vitro
22:17:23.828 File: C:\WINDOWS\system32\tracert.exe **INFECTED** Win32:Vitro
22:17:23.890 File: C:\WINDOWS\system32\tracert6.exe **INFECTED** Win32:Vitro
22:17:24.281 File: C:\WINDOWS\system32\tscon.exe **INFECTED** Win32:Vitro
22:17:24.359 File: C:\WINDOWS\system32\tscupgrd.exe **INFECTED** Win32:Vitro
22:17:24.531 File: C:\WINDOWS\system32\tsdiscon.exe **INFECTED** Win32:Vitro
22:17:24.593 File: C:\WINDOWS\system32\tskill.exe **INFECTED** Win32:Vitro
22:17:24.718 File: C:\WINDOWS\system32\tsshutdn.exe **INFECTED** Win32:Vitro
22:17:24.984 File: C:\WINDOWS\system32\typeperf.exe **INFECTED** Win32:Vitro
22:17:25.109 File: C:\WINDOWS\system32\tzchange.exe **INFECTED** Win32:Vitro
22:17:25.812 File: C:\WINDOWS\system32\unlodctr.exe **INFECTED** Win32:Vitro
22:17:25.984 File: C:\WINDOWS\system32\upnpcont.exe **INFECTED** Win32:Vitro
22:17:26.203 File: C:\WINDOWS\system32\ups.exe **INFECTED** Win32:Vitro
22:17:26.859 File: C:\WINDOWS\system32\userinit.exe **INFECTED** Win32:Vitro
22:17:27.234 File: C:\WINDOWS\system32\usrmlnka.exe **INFECTED** Win32:Vitro
22:17:27.359 File: C:\WINDOWS\system32\usrprbda.exe **INFECTED** Win32:Vitro
22:17:27.515 File: C:\WINDOWS\system32\usrshuta.exe **INFECTED** Win32:Vitro
22:17:27.781 File: C:\WINDOWS\system32\utilman.exe **INFECTED** Win32:Vitro
22:17:27.875 File: C:\WINDOWS\system32\uwdf.exe **INFECTED** Win32:Vitro
22:17:28.484 File: C:\WINDOWS\system32\verclsid.exe **INFECTED** Win32:Vitro
22:17:28.578 File: C:\WINDOWS\system32\verifier.exe **INFECTED** Win32:Vitro
22:17:28.906 File: C:\WINDOWS\system32\vssadmin.exe **INFECTED** Win32:Vitro
22:17:29.078 File: C:\WINDOWS\system32\vssvc.exe **INFECTED** Win32:Vitro
22:17:29.296 File: C:\WINDOWS\system32\w32tm.exe **INFECTED** Win32:Vitro
22:17:29.843 File: C:\WINDOWS\system32\wdfmgr.exe **INFECTED** Win32:Vitro
22:17:30.296 File: C:\WINDOWS\system32\wextract.exe **INFECTED** Win32:Vitro
22:17:30.593 File: C:\WINDOWS\system32\wiaacmgr.exe **INFECTED** Win32:Vitro
22:17:31.984 File: C:\WINDOWS\system32\WinFXDocObj.exe **INFECTED** Win32:Vitro
22:17:32.093 File: C:\WINDOWS\system32\winhlp32.exe **INFECTED** Win32:Vitro
22:17:32.562 File: C:\WINDOWS\system32\winmine.exe **INFECTED** Win32:Vitro
22:17:32.796 File: C:\WINDOWS\system32\winmsd.exe **INFECTED** Win32:Vitro
22:17:33.406 File: C:\WINDOWS\system32\winver.exe **INFECTED** Win32:Vitro
22:17:38.359 File: C:\WINDOWS\system32\wpabaln.exe **INFECTED** Win32:Vitro
22:17:39.015 File: C:\WINDOWS\system32\wpdshextautoplay.exe **INFECTED** Win32:Vitro
22:17:39.421 File: C:\WINDOWS\system32\wpnpinst.exe **INFECTED** Win32:Vitro
22:17:39.500 File: C:\WINDOWS\system32\write.exe **INFECTED** Win32:Vitro
22:17:39.671 File: C:\WINDOWS\system32\wscntfy.exe **INFECTED** Win32:Vitro
22:17:39.781 File: C:\WINDOWS\system32\wscript.exe **INFECTED** Win32:Vitro
22:17:41.765 File: C:\WINDOWS\system32\WudfHost.exe **INFECTED** Win32:Vitro
22:17:42.015 File: C:\WINDOWS\system32\wupdmgr.exe **INFECTED** Win32:Vitro
22:17:42.578 File: C:\WINDOWS\system32\xcopy.exe **INFECTED** Win32:Vitro
22:17:44.781 AVAST engine scan C:\WINDOWS\system32\drivers
22:17:57.093 AVAST engine scan C:\Documents and Settings\Administrator
22:18:52.968 File: C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{47676630-682F-4932-8BC7-A558F6E7A1B0}\ARPPRODUCTICON.exe **INFECTED** Win32:Vitro
22:21:06.546 File: C:\Documents and Settings\Administrator\Application Data\Verizon\PCRC_ar\CommunicationManager_Android.exe **INFECTED** Win32:Vitro
22:21:06.750 File: C:\Documents and Settings\Administrator\Application Data\Verizon\PCRC_ar\ToolLauncher.exe **INFECTED** Win32:Vitro
22:23:41.453 File: C:\Documents and Settings\Administrator\Desktop\boot_cleaner.exe **INFECTED** Win32:Vitro
22:23:52.734 File: C:\Documents and Settings\Administrator\Desktop\lrxk2b2p.exe **INFECTED** Win32:Vitro
22:23:53.656 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\COMPRESSION UTILITIES\7-ZIP\7Z.EXE **INFECTED** Win32:Vitro
22:23:57.281 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\DIAGNOSTIC\UNKNOWNDEVICES\UNKNOWNDEVICES.EXE **INFECTED** Win32:Vitro
22:23:57.546 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\DIAGNOSTIC\UNKNOWNDEVICES\V1.2\UNKNOWNDEVICES.EXE **INFECTED** Win32:Vitro
22:23:58.000 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\DIAGNOSTIC\WD DIAGNOSTICS\WINDLG.EXE **INFECTED** Win32:Vitro
22:24:21.203 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\ISOLINUX\SYSLINUX.EXE **INFECTED** Win32:Vitro
22:24:24.781 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\PRODUCT FIXES\SYMANTEC\CLEANDOWNLOAD.EXE **INFECTED** Win32:Vitro
22:24:25.390 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\PRODUCT FIXES\SYMANTEC\FOR OLDER VERSIONS\RNAV2003.EXE **INFECTED** Win32:Vitro
22:24:25.515 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\PRODUCT FIXES\SYMANTEC\FOR OLDER VERSIONS\RNIS UPGRADE.EXE **INFECTED** Win32:Vitro
22:24:26.265 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\ATRIBUNE\ATF-CLEANER.EXE **INFECTED** Win32:Vitro
22:24:26.359 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\ATRIBUNE\LOOK2ME-DESTROYER.EXE **INFECTED** Win32:Vitro
22:24:28.031 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\CWSHREDDER\CWSHREDDER.EXE **INFECTED** Win32:Vitro
22:24:28.156 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\MALWAREBYTES\ABOUTBUSTER\ABOUTBUSTER.EXE **INFECTED** Win32:Vitro
22:24:28.296 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\MALWAREBYTES\E2TAKEOUT\E2TAKEOUT.EXE **INFECTED** Win32:Vitro
22:24:28.515 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\MALWAREBYTES\QOOFIX\QOOFIX.EXE **INFECTED** Win32:Vitro
22:24:28.656 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\MERIJN TOOLS\ADS SPY\ADSSPY.EXE **INFECTED** Win32:Vitro
22:24:28.765 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\MERIJN TOOLS\BUGOFF\BUGOFF.EXE **INFECTED** Win32:Vitro
22:24:28.875 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\MERIJN TOOLS\ITTY BITTY PROCESS MANAGER\IBPROCMAN.EXE **INFECTED** Win32:Vitro
22:24:29.328 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\MERIJN TOOLS\KAZAABEGONE\KAZAABEGONE.EXE **INFECTED** Win32:Vitro
22:24:29.734 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\MERIJN TOOLS\KILL2ME\KILL2ME.EXE **INFECTED** Win32:Vitro
22:24:29.859 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\MERIJN TOOLS\STARTUPLIST\STARTUPLIST.EXE **INFECTED** Win32:Vitro
22:24:29.984 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MALWARE\UTILITIES\OTHER\DESKBANDS.EXE **INFECTED** Win32:Vitro
22:24:30.609 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\MRI.EXE **INFECTED** Win32:Malware-gen
22:24:33.343 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\WEB BROWSERS\OPERA\OPERA.EXE **INFECTED** Win32:Vitro
22:24:34.218 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\WEB BROWSERS\OPERA\PROGRAM\PLUGINS\NETSCAPE.EXE **INFECTED** Win32:Vitro
22:24:37.625 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\WINDOWS TOOLS\MISC\CMOSPWD\WINDOWS\CMOSPWD_WIN.EXE **INFECTED** Win32:Vitro
22:24:38.234 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\WINDOWS TOOLS\WINDOWS APPS AND FILES\MSCONFIG\MSCONFIG (WIN2K).EXE **INFECTED** Win32:Vitro
22:24:38.343 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\WINDOWS TOOLS\WINDOWS APPS AND FILES\MSCONFIG\MSCONFIG (WIN95).EXE **INFECTED** Win32:Vitro
22:24:39.390 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\WINDOWS TOOLS\WINDOWS FIXES\DAF\DIAL-A-FIX.EXE **INFECTED** Win32:Vitro
22:24:39.484 File: C:\Documents and Settings\Administrator\Desktop\MRI5.1.0\WINDOWS TOOLS\WINDOWS FIXES\DAF\SECEDIT.EXE **INFECTED** Win32:Vitro
22:25:13.656 File: C:\Documents and Settings\Administrator\kblxrhoj.exe **INFECTED** Win32:Vitro
22:40:19.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
22:40:19.750 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
 
bootkit log

Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Scratch that....
I should have taken better look.

I'm afraid I have very bad news.

You are infected with a polymorphic file infector - Virut (called by Avast - Win32:Vitro). This infection can and will infect all the machine's executable files .exe, .scr, .rar, .zip, .htm, .html. Because there are a number of bugs in its code, it may create executable files that are corrupted beyond repair resulting in an inoperative machine.

Malware experts say that a Complete Reformat and Reinstall is the only way to clean the infection. This includes All Drives that contain following files:
*.exe
*.scr
*.htm
*.html
*.xml
*.zip
*.rar
*.doc
*.jpg
*.pdf

Backup all your documents and important items only.
DO NOT backup any files mentioned above.

I suggest you do the following immediately:

* Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.
* From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
* DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.

For more information on Virut, and why you need to reformat, have a read of miekiemoes blog here.

To find out how to carry out an XP Reformat and Reinstall, please see this page. If you are using Vista, then check this page instead.

Once you have reformatted and reinstalled Windows, have a look at this page for some useful tips on staying clean, along with links to some freeware to help.

To find out more information about how you may have got infected in the first place, you can read this article.

I am sorry I cannot give any better news.
 
wow talk about bad news lol well...i'll get to it tomorrow afternoon if i have any more questions i'll be sure to hit you back so if u can leave this post open for me so i may contact you
 
hey buddy its me again

i have a question is there any place i can download the XP reinstall CD or anything of that nature because i dont have mine anymore???
 
Nope.
You can either call your computer manufacturer to order recovery disk (cheaper), or buy Windows disk (more expensive).
 
You must log in or register to reply here.

Similar threads

Marlo Walker
Nvidia GPU (GTX 1060 6gb) not detected by system
Replies
1
Views
1K
Marlo Walker
Marlo Walker
W
Which anti virus do you recommend & why?
2
Replies
28
Views
15K
Jblazsek
Jblazsek
S
At loss: Kernel virus or something else
2
Replies
30
Views
8K
Soup Stand
S

Latest posts

Back