Internet Explorer randomly opens to a Google search page. I thought I had disabled IE, as I only use Firefox.

Every time I reboot and start Firefox, a message says FF is not my default browser. I tried it with Safari and the same thing happens.

And when I do search Google and click a link, it tries to take me to some random site. Spybot found nothing so I bought AVG and it found nothing. However, AVG firewall does keep popping up telling me IE is trying to access the internet.

Please, oh great ones, can you help?

DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Terry at 13:54:18 on 2011-07-20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.828 [GMT -4:00]
.
AV: AVG Internet Security Business Edition *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uLocal Page = about:blank
uWindow Title = McCall's Inc Explorer
uSearch Page = about:blank
mStart Page = about:blank
mLocal Page = about:blank
mWindow Title = McCall's Inc Explorer
mSearch Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
mSearchAssistant = about:blank
mCustomizeSearch = about:blank
uURLSearchHooks: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
dURLSearchHooks: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRunOnce: [avg_spchecker] "c:\program files\avg\avg9\notification\SPChecker1.exe" /start
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\terry\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: NoDispAppearancePage = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 208.216.228.227 207.230.75.50
TCP: Interfaces\{45383A36-A472-4D3B-8CC7-47D0102A8317} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{4FDE4A8A-D00B-4DD9-B131-2CA6574A2976} : DHCPNameServer = 208.216.228.227 207.230.75.50
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: ipp - <Clsid value has no data>
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: msdaipp - <Clsid value has no data>
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
IFEO: Your Image File Name Here without a path - ntsd -d
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\terry\application data\mozilla\firefox\profiles\y2cvbfxi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2011-7-18 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2011-7-18 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2011-7-18 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2011-7-18 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2011-7-18 243152]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2011-7-19 921952]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2011-7-19 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2011-7-19 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2011-7-19 5897808]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-7-19 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2011-7-18 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2011-7-18 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2011-7-18 26192]
S1 MpKsl74d7fc77;MpKsl74d7fc77;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{97e5ad83-e8fe-4081-8d09-7603e147e1d0}\mpksl74d7fc77.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{97e5ad83-e8fe-4081-8d09-7603e147e1d0}\MpKsl74d7fc77.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2011-7-18 947528]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-7-19 30104]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2002-2-20 72576]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
.
=============== Created Last 30 ================
.
2011-07-19 19:11:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-07-19 19:11:14 343000 ----a-w- c:\program files\mozilla firefox\nsw10.tmp\nssckbi.dll
2011-07-19 18:09:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2011-07-19 17:54:37 -------- d-----w- c:\windows\SxsCaPendDel
2011-07-19 17:21:57 -------- d--h--w- C:\$AVG
2011-07-19 17:17:21 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2011-07-19 17:17:21 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2011-07-18 21:30:39 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-07-18 18:06:41 -------- d-----w- c:\documents and settings\terry\application data\AVG9
2011-07-18 18:03:14 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2011-07-18 18:03:13 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-18 18:03:13 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-18 18:03:04 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-18 18:02:53 -------- d-----w- c:\windows\system32\drivers\Avg
2011-07-18 18:02:50 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar
2011-07-18 18:02:21 -------- d-----w- c:\program files\AVG
2011-07-18 18:02:19 -------- d-----w- c:\documents and settings\all users\application data\avg9
2011-07-13 01:01:30 3818105 ----a-r- C:\ComboFix.exe
2011-07-12 21:24:52 -------- d-----w- c:\documents and settings\terry\local settings\application data\Apple Computer
2011-07-12 21:23:17 -------- d-----w- c:\documents and settings\terry\local settings\application data\Apple
2011-07-12 20:17:59 -------- d--h--w- c:\windows\PIF
2011-06-29 03:16:50 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-06-29 03:16:50 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-06-28 21:54:39 -------- d-----w- c:\documents and settings\terry\local settings\application data\Temp
2011-06-28 20:31:41 -------- d-----w- c:\documents and settings\terry\application data\Windows Search
2011-06-28 18:30:40 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-28 18:24:33 -------- d-----w- c:\windows\system32\winrm
2011-06-28 18:24:30 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-06-28 18:24:10 -------- d-----w- c:\documents and settings\terry\local settings\application data\Identities
2011-06-28 18:24:06 -------- d-----w- c:\documents and settings\terry\application data\Windows Desktop Search
2011-06-28 18:23:34 -------- d-----w- c:\windows\system32\GroupPolicy
2011-06-28 18:23:34 -------- d-----w- c:\program files\Windows Desktop Search
2011-06-28 18:22:17 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-06-28 18:22:17 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-06-28 18:22:17 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-06-28 18:21:50 -------- d-----w- c:\program files\Windows Media Connect 2
2011-06-28 18:19:21 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-06-28 15:36:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-28 15:11:11 -------- d-----w- c:\documents and settings\terry\local settings\application data\Google
2011-06-28 14:47:10 -------- d-----w- C:\VundoFix Backups
2011-06-24 20:31:01 -------- d-sh--w- c:\documents and settings\terry\IECompatCache
2011-06-20 21:20:25 66048 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPP3Y0.DLL
2011-06-20 21:20:25 45056 ----a-w- c:\windows\system32\HPPAPTS0.DLL
2011-06-20 21:20:25 36864 ----a-w- c:\windows\system32\HPPASNM0.DLL
2011-06-20 21:20:24 36864 ----a-w- c:\windows\system32\HPPAPML0.DLL
2011-06-20 21:20:24 36864 ----a-w- c:\windows\system32\HPPADT40.DLL
2011-06-20 21:20:24 32768 ----a-w- c:\windows\system32\HPPAMON0.DLL
2011-06-20 21:20:24 208896 ----a-w- c:\windows\system32\hppapr01.dll
.
==================== Find3M ====================
.
2011-07-13 00:50:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07:50 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 13:54:44.20 ===============

Hello and welcome to Safer Networking.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

Acknowledged.

Hello Benjie :),

Welcome to Safer Networking. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

Please observe and follow these Forum Rules (http://forums.spybot.info/showthread.php?t=288).
Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
Please read the instructions carefully and follow them closely, in the order they are presented to you.
If you have any doubts or problems during the fix, please stop and ask.
All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
If you do not reply within 3 days, this topic will be closed.
If you are agreeable to the above, then everything should go smoothly :) . We may begin.

--------------------

If you still have Spybot - Search & Destroy, please uninstall it as its real time protection may interfere with our fixes.

Is this a business computer? What do you use it for?

--------------------

I see signs of Combofix on your computer.

While you may see ComboFix being used quite often and without incident, the tool should not be run unsupervised (as stated in the Disclaimer that is first displayed by ComboFix when you run the tool).

Going forward, I highly recommend you heed such instructions.

As stated by the author of ComboFix:

ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there are any rootkits present and how they could affect our tools. Thus, we use preliminary scans like DDS and GMER and their logs to map our strategy for attack.

With these logs, we can determine the infections present and decide whether to deploy ComboFix.

That said, the log it produced contains valuable information. Kindly post the ComboFix log, C:\ComboFix.txt.

--------------------

Please post back:
1. the answers to my questions about your computer
2. ComboFix log

This was an old computer from work that I use at home now. Occasionally I will access our work network.

Not sure about combofix. I can't find it on the pc.

Hello Benjie :),

Please download Malwarebytes' Anti-Malware (MBAM)© from Malwarebytes and save it to your desktop. Click here. (http://www.malwarebytes.org/mbam-download.php)

Run MBAM

Double click on mbam-setup.exe and follow the prompts to install the program.
At the end of installation, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
MBAM will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update mirror, select one of the websites and click on Check for Updates.
Upon completion of update and loading, select the Scanner tab. Click on Perform full scan, then click on Scan.
Leave the default options as it is and click on Start Scan.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
When done, you will be prompted. Click OK, then click on Show Results.
Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

--------------------

Please download TDSSKiller© from Kaspersky and save it to your desktop. Click here. (http://support.kaspersky.com/downloads/utils/tdsskiller.exe)

Alternatively, you may get the zip version (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract the file to the desktop.
Double click on TDSSKiller.exe to execute it.
Press Start scan to begin.
If anything is found, please change all the actions to Skip only. <-- Important, please select Skip only, DO NOT Cure yet.
Then click on Continue at the lower right corner.
You may be prompted to reboot your computer, please consent.
Once complete, a log will be produced at C:\. It will be named TDSSKiller.Version_Date_Time_log.txt, for example, C:\TDSSKiller.2.4.12.0_26.12.2010_23.12.11_log.txt.
Please post the contents of this log.

--------------------

Please download aswMBR and save it to your desktop. Click here. (http://public.avast.com/~gmerek/aswMBR.exe)

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click the aswMBR.exe file to run it.
Click on the Scan button to start. The program will launch a scan.
When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.
Please post the contents of the log in your next reply.

--------------------

Please post back:
1. MBAM report
2. TDSSKiller log
3. aswMBR log

=================================================
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7283

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/26/2011 2:13:32 PM
mbam-log-2011-07-26 (14-13-32).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 217166
Time elapsed: 59 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


========================================================
TDS Killer Log

2011/07/26 14:21:31.0375 2656 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/26 14:21:31.0781 2656 ================================================================================
2011/07/26 14:21:31.0781 2656 SystemInfo:
2011/07/26 14:21:31.0781 2656
2011/07/26 14:21:31.0781 2656 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/26 14:21:31.0781 2656 Product type: Workstation
2011/07/26 14:21:31.0781 2656 ComputerName: TERRY
2011/07/26 14:21:31.0781 2656 UserName: Terry
2011/07/26 14:21:31.0781 2656 Windows directory: C:\WINDOWS
2011/07/26 14:21:31.0781 2656 System windows directory: C:\WINDOWS
2011/07/26 14:21:31.0781 2656 Processor architecture: Intel x86
2011/07/26 14:21:31.0781 2656 Number of processors: 1
2011/07/26 14:21:31.0781 2656 Page size: 0x1000
2011/07/26 14:21:31.0781 2656 Boot type: Normal boot
2011/07/26 14:21:31.0781 2656 ================================================================================
2011/07/26 14:21:33.0921 2656 Initialize success
2011/07/26 14:21:42.0921 2696 ================================================================================
2011/07/26 14:21:42.0921 2696 Scan started
2011/07/26 14:21:42.0921 2696 Mode: Manual;
2011/07/26 14:21:42.0921 2696 ================================================================================
2011/07/26 14:21:43.0984 2696 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/26 14:21:44.0171 2696 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/26 14:21:44.0437 2696 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/26 14:21:44.0640 2696 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/26 14:21:45.0281 2696 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/26 14:21:45.0500 2696 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/26 14:21:45.0750 2696 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/26 14:21:45.0921 2696 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/26 14:21:46.0140 2696 Avgfwdx (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/07/26 14:21:46.0156 2696 Avgfwfd (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/07/26 14:21:46.0343 2696 AVGIDSDriverxpx (97670687f6c8f35e7b611f2ce1f94472) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys
2011/07/26 14:21:46.0562 2696 AVGIDSErHrxpx (277fc6b0f0be23bae7e63f184034b2fe) C:\WINDOWS\system32\Drivers\AVGIDSxx.sys
2011/07/26 14:21:46.0750 2696 AVGIDSFilterxpx (dba65f23b686bdf043bbb54e55c72887) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys
2011/07/26 14:21:46.0859 2696 AVGIDSShimxpx (a552461aab7a36c2465ff19e59af08bf) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys
2011/07/26 14:21:47.0031 2696 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2011/07/26 14:21:47.0171 2696 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2011/07/26 14:21:47.0359 2696 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
2011/07/26 14:21:47.0609 2696 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\System32\Drivers\avgtdix.sys
2011/07/26 14:21:47.0796 2696 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/07/26 14:21:47.0984 2696 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/26 14:21:48.0187 2696 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/26 14:21:48.0406 2696 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/26 14:21:48.0531 2696 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/26 14:21:48.0640 2696 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/26 14:21:48.0718 2696 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/07/26 14:21:48.0953 2696 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/26 14:21:49.0156 2696 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/07/26 14:21:49.0359 2696 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/26 14:21:49.0484 2696 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/26 14:21:49.0578 2696 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/26 14:21:49.0671 2696 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/26 14:21:49.0781 2696 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/26 14:21:49.0937 2696 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/26 14:21:50.0109 2696 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
2011/07/26 14:21:50.0234 2696 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
2011/07/26 14:21:50.0375 2696 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/26 14:21:50.0484 2696 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/26 14:21:50.0562 2696 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/26 14:21:50.0640 2696 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/26 14:21:50.0734 2696 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/26 14:21:50.0828 2696 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/26 14:21:51.0031 2696 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/26 14:21:51.0140 2696 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/07/26 14:21:51.0250 2696 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/26 14:21:51.0421 2696 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/07/26 14:21:51.0515 2696 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/26 14:21:51.0781 2696 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/07/26 14:21:52.0015 2696 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/07/26 14:21:52.0218 2696 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/26 14:21:52.0765 2696 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/26 14:21:53.0015 2696 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/26 14:21:53.0203 2696 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/26 14:21:53.0468 2696 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/26 14:21:53.0640 2696 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/26 14:21:53.0843 2696 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/26 14:21:53.0937 2696 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/26 14:21:54.0281 2696 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/26 14:21:54.0578 2696 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/26 14:21:54.0828 2696 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/26 14:21:55.0046 2696 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/26 14:21:55.0281 2696 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/26 14:21:55.0453 2696 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/26 14:21:55.0656 2696 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/26 14:21:55.0843 2696 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/26 14:21:56.0109 2696 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/07/26 14:21:56.0390 2696 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/26 14:21:56.0531 2696 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/26 14:21:56.0750 2696 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/26 14:21:56.0953 2696 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/07/26 14:21:57.0203 2696 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/26 14:21:57.0468 2696 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/26 14:21:57.0906 2696 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/26 14:21:58.0218 2696 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/26 14:21:58.0453 2696 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/26 14:21:58.0687 2696 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/26 14:21:58.0890 2696 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/26 14:21:59.0156 2696 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/26 14:21:59.0453 2696 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/26 14:21:59.0609 2696 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/26 14:21:59.0859 2696 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/26 14:21:59.0937 2696 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/26 14:22:00.0078 2696 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/26 14:22:00.0453 2696 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/26 14:22:00.0765 2696 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/26 14:22:01.0156 2696 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/26 14:22:01.0421 2696 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/26 14:22:01.0609 2696 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/26 14:22:01.0812 2696 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/26 14:22:02.0031 2696 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/26 14:22:02.0312 2696 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/26 14:22:02.0750 2696 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/26 14:22:03.0343 2696 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/07/26 14:22:03.0765 2696 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/26 14:22:04.0156 2696 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/26 14:22:04.0359 2696 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/26 14:22:04.0593 2696 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/26 14:22:04.0859 2696 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/07/26 14:22:05.0046 2696 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/26 14:22:05.0546 2696 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
2011/07/26 14:22:06.0015 2696 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/26 14:22:06.0546 2696 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/26 14:22:07.0000 2696 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/26 14:22:07.0546 2696 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/26 14:22:07.0656 2696 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/26 14:22:07.0906 2696 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/26 14:22:08.0125 2696 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/26 14:22:08.0250 2696 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/26 14:22:08.0531 2696 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/26 14:22:08.0781 2696 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/26 14:22:08.0953 2696 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/26 14:22:09.0171 2696 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/26 14:22:09.0437 2696 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/26 14:22:09.0609 2696 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/26 14:22:09.0859 2696 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/26 14:22:10.0031 2696 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
2011/07/26 14:22:10.0531 2696 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/26 14:22:10.0718 2696 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/26 14:22:10.0921 2696 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/26 14:22:11.0109 2696 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/26 14:22:11.0312 2696 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/26 14:22:12.0187 2696 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/26 14:22:12.0531 2696 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/26 14:22:12.0843 2696 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/26 14:22:12.0968 2696 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/26 14:22:13.0140 2696 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/26 14:22:13.0500 2696 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/26 14:22:13.0921 2696 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/26 14:22:14.0125 2696 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/26 14:22:14.0343 2696 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/26 14:22:14.0578 2696 USBNET_XP (f2eadc6a8f9bce582af6ba855426a47e) C:\WINDOWS\system32\DRIVERS\netusbxp.sys
2011/07/26 14:22:14.0734 2696 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/26 14:22:14.0953 2696 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/26 14:22:15.0203 2696 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/26 14:22:15.0406 2696 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/26 14:22:15.0609 2696 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/26 14:22:15.0609 2696 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/07/26 14:22:15.0609 2696 VolSnap - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/07/26 14:22:15.0890 2696 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/26 14:22:16.0203 2696 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/26 14:22:16.0468 2696 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/07/26 14:22:16.0796 2696 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/26 14:22:16.0984 2696 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/26 14:22:17.0062 2696 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/26 14:22:17.0234 2696 Boot (0x1200) (5121431bb51c746c8ae27fed0ccf44c6) \Device\Harddisk0\DR0\Partition0
2011/07/26 14:22:17.0296 2696 Boot (0x1200) (3f10c9787e65f18f56bb61abfee7d97a) \Device\Harddisk0\DR0\Partition1
2011/07/26 14:22:17.0296 2696 ================================================================================
2011/07/26 14:22:17.0296 2696 Scan finished
2011/07/26 14:22:17.0296 2696 ================================================================================
2011/07/26 14:22:17.0312 2412 Detected object count: 1
2011/07/26 14:22:17.0312 2412 Actual detected object count: 1
2011/07/26 14:22:55.0328 2412 VolSnap (7c38f81f40d61d1607ddb62fe5817bb9) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/26 14:22:55.0343 2412 Suspicious file (Forged): C:\WINDOWS\system32\drivers\VolSnap.sys. Real md5: 7c38f81f40d61d1607ddb62fe5817bb9, Fake md5: 4c8fcb5cc53aab716d810740fe59d025
2011/07/26 14:22:55.0812 2412 Backup copy found, using it..
2011/07/26 14:22:55.0859 2412 C:\WINDOWS\system32\drivers\VolSnap.sys - will be cured after reboot
2011/07/26 14:22:55.0859 2412 Rootkit.Win32.TDSS.tdl3(VolSnap) - User select action: Cure
2011/07/26 14:23:23.0031 1032 Deinitialize success

========================================================

aswMBR version 0.9.8.977 Copyright(c) 2011 AVAST Software
Run date: 2011-07-26 15:02:26
-----------------------------
15:02:26.859 OS Version: Windows 5.1.2600 Service Pack 3
15:02:26.859 Number of processors: 1 586 0x209
15:02:26.859 ComputerName: TERRY UserName: Terry
15:02:27.343 Initialize success
15:02:52.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
15:02:52.609 Disk 0 Vendor: ST340014A 3.16 Size: 38146MB BusType: 3
15:02:52.625 Disk 0 MBR read successfully
15:02:52.625 Disk 0 MBR scan
15:02:52.625 Disk 0 Windows XP default MBR code
15:02:52.625 Disk 0 scanning sectors +78108030
15:02:52.671 Disk 0 scanning C:\WINDOWS\system32\drivers
15:03:03.234 File: C:\WINDOWS\system32\drivers\volsnap.sys **SUSPICIOUS**
15:03:03.578 Service scanning
15:03:04.828 Modules scanning
15:03:05.687 Module: C:\WINDOWS\System32\Drivers\VolSnap.sys **SUSPICIOUS**
15:03:13.765 Disk 0 trace - called modules:
15:03:13.781 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x898c28f0]<<
15:03:13.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a335ab8]
15:03:13.781 Scan finished successfully
15:03:38.656 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Terry\Desktop\MBR.dat"
15:03:38.671 The log file has been saved successfully to "C:\Documents and Settings\Terry\Desktop\aswMBR.txt"

Hello Benjie :),

Have you rebooted since the last scans? If not, please do so now. Please run TDSSKiller again and post back the latest result.

Oops, sorry about that.

2011/07/26 19:47:46.0250 3204 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/26 19:47:46.0828 3204 ================================================================================
2011/07/26 19:47:46.0828 3204 SystemInfo:
2011/07/26 19:47:46.0828 3204
2011/07/26 19:47:46.0828 3204 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/26 19:47:46.0828 3204 Product type: Workstation
2011/07/26 19:47:46.0828 3204 ComputerName: TERRY
2011/07/26 19:47:46.0828 3204 UserName: Terry
2011/07/26 19:47:46.0828 3204 Windows directory: C:\WINDOWS
2011/07/26 19:47:46.0828 3204 System windows directory: C:\WINDOWS
2011/07/26 19:47:46.0828 3204 Processor architecture: Intel x86
2011/07/26 19:47:46.0828 3204 Number of processors: 1
2011/07/26 19:47:46.0828 3204 Page size: 0x1000
2011/07/26 19:47:46.0828 3204 Boot type: Normal boot
2011/07/26 19:47:46.0828 3204 ================================================================================
2011/07/26 19:47:49.0093 3204 Initialize success
2011/07/26 19:47:52.0328 2488 ================================================================================
2011/07/26 19:47:52.0328 2488 Scan started
2011/07/26 19:47:52.0328 2488 Mode: Manual;
2011/07/26 19:47:52.0328 2488 ================================================================================
2011/07/26 19:47:55.0984 2488 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/26 19:47:56.0468 2488 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/26 19:47:57.0203 2488 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/26 19:47:57.0906 2488 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/07/26 19:48:00.0203 2488 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/26 19:48:00.0328 2488 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/26 19:48:00.0625 2488 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/26 19:48:01.0015 2488 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/26 19:48:01.0328 2488 Avgfwdx (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/07/26 19:48:01.0375 2488 Avgfwfd (fa6336f05695e39995884d0c959c9608) C:\WINDOWS\system32\DRIVERS\avgfwdx.sys
2011/07/26 19:48:01.0609 2488 AVGIDSDriverxpx (97670687f6c8f35e7b611f2ce1f94472) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys
2011/07/26 19:48:01.0921 2488 AVGIDSErHrxpx (277fc6b0f0be23bae7e63f184034b2fe) C:\WINDOWS\system32\Drivers\AVGIDSxx.sys
2011/07/26 19:48:02.0125 2488 AVGIDSFilterxpx (dba65f23b686bdf043bbb54e55c72887) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys
2011/07/26 19:48:02.0296 2488 AVGIDSShimxpx (a552461aab7a36c2465ff19e59af08bf) C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys
2011/07/26 19:48:02.0593 2488 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\WINDOWS\System32\Drivers\avgldx86.sys
2011/07/26 19:48:02.0718 2488 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2011/07/26 19:48:02.0968 2488 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\WINDOWS\system32\Drivers\avgrkx86.sys
2011/07/26 19:48:03.0218 2488 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\WINDOWS\System32\Drivers\avgtdix.sys
2011/07/26 19:48:03.0546 2488 bcm4sbxp (b60f57b4d9cdbc663cc03eb8af7ec34e) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/07/26 19:48:03.0781 2488 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/26 19:48:03.0968 2488 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/26 19:48:04.0187 2488 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/26 19:48:04.0500 2488 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/26 19:48:04.0703 2488 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/26 19:48:04.0859 2488 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/07/26 19:48:05.0453 2488 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/07/26 19:48:05.0859 2488 ctsfm2k (b459ae4afca570088adddbe55eabbc92) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
2011/07/26 19:48:06.0625 2488 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/26 19:48:06.0812 2488 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/26 19:48:06.0968 2488 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/26 19:48:07.0156 2488 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/26 19:48:07.0500 2488 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/26 19:48:07.0828 2488 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/26 19:48:08.0078 2488 emu10k (01f83e1b5dce05f5cb7d99113ca9e890) C:\WINDOWS\system32\drivers\emu10k1m.sys
2011/07/26 19:48:08.0250 2488 emu10k1 (7ffa171cce6a8bfc774862a578ba39a2) C:\WINDOWS\system32\drivers\ctlfacem.sys
2011/07/26 19:48:08.0609 2488 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/26 19:48:08.0875 2488 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/26 19:48:09.0125 2488 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/26 19:48:09.0234 2488 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/26 19:48:09.0390 2488 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/26 19:48:09.0625 2488 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/26 19:48:09.0843 2488 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/26 19:48:10.0140 2488 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/07/26 19:48:10.0531 2488 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/26 19:48:10.0890 2488 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/07/26 19:48:11.0156 2488 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/26 19:48:11.0640 2488 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/07/26 19:48:11.0921 2488 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/07/26 19:48:12.0171 2488 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/26 19:48:12.0781 2488 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/26 19:48:13.0078 2488 ialm (0acebb31989cbf9a5663fe4a33d28d21) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/07/26 19:48:13.0328 2488 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/26 19:48:13.0640 2488 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/26 19:48:13.0984 2488 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/07/26 19:48:14.0140 2488 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/26 19:48:14.0281 2488 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/26 19:48:14.0593 2488 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/26 19:48:14.0875 2488 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/26 19:48:15.0109 2488 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/26 19:48:15.0296 2488 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/26 19:48:15.0640 2488 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/26 19:48:15.0890 2488 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/26 19:48:16.0156 2488 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/26 19:48:16.0421 2488 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/26 19:48:16.0968 2488 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/07/26 19:48:17.0218 2488 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/07/26 19:48:17.0531 2488 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/26 19:48:17.0734 2488 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/26 19:48:17.0953 2488 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/07/26 19:48:18.0187 2488 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/26 19:48:18.0500 2488 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/26 19:48:18.0968 2488 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/26 19:48:19.0265 2488 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/26 19:48:19.0468 2488 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/26 19:48:19.0671 2488 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/26 19:48:19.0859 2488 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/26 19:48:20.0031 2488 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/26 19:48:20.0234 2488 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/26 19:48:20.0406 2488 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/26 19:48:20.0828 2488 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/26 19:48:20.0968 2488 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/26 19:48:21.0109 2488 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/26 19:48:21.0203 2488 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/26 19:48:21.0531 2488 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/26 19:48:21.0703 2488 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/26 19:48:21.0937 2488 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/26 19:48:22.0125 2488 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/26 19:48:22.0421 2488 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/26 19:48:22.0765 2488 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/26 19:48:22.0968 2488 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/26 19:48:23.0171 2488 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/26 19:48:23.0500 2488 ossrv (c720c25b2d0c93dc425155f5b6a707f3) C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
2011/07/26 19:48:23.0703 2488 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/26 19:48:23.0906 2488 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/26 19:48:24.0109 2488 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/26 19:48:24.0265 2488 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/26 19:48:24.0671 2488 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/07/26 19:48:24.0890 2488 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/26 19:48:25.0921 2488 PfModNT (c8a2d6ff660ac601b7bb9a9b16a5c25e) C:\WINDOWS\system32\drivers\PfModNT.sys
2011/07/26 19:48:26.0046 2488 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/26 19:48:26.0171 2488 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/26 19:48:26.0281 2488 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/26 19:48:26.0843 2488 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/26 19:48:26.0984 2488 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/26 19:48:27.0109 2488 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/26 19:48:27.0250 2488 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/26 19:48:27.0437 2488 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/26 19:48:27.0671 2488 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/26 19:48:27.0875 2488 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/26 19:48:28.0109 2488 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/26 19:48:28.0468 2488 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/26 19:48:28.0703 2488 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/26 19:48:28.0812 2488 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/26 19:48:28.0953 2488 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/26 19:48:29.0125 2488 sfman (0b1a5e9cacb5cdd54a2815107bd7c772) C:\WINDOWS\system32\drivers\sfmanm.sys
2011/07/26 19:48:29.0687 2488 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/26 19:48:29.0875 2488 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/26 19:48:30.0062 2488 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/26 19:48:30.0296 2488 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/26 19:48:30.0500 2488 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/26 19:48:31.0109 2488 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/26 19:48:31.0328 2488 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/26 19:48:31.0546 2488 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/26 19:48:31.0781 2488 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/26 19:48:32.0000 2488 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/26 19:48:32.0546 2488 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/26 19:48:32.0796 2488 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/26 19:48:32.0968 2488 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/26 19:48:33.0140 2488 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/26 19:48:33.0390 2488 USBNET_XP (f2eadc6a8f9bce582af6ba855426a47e) C:\WINDOWS\system32\DRIVERS\netusbxp.sys
2011/07/26 19:48:33.0843 2488 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/26 19:48:34.0046 2488 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/26 19:48:34.0265 2488 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/26 19:48:34.0546 2488 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/26 19:48:34.0781 2488 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/26 19:48:35.0109 2488 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/26 19:48:35.0578 2488 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/26 19:48:35.0843 2488 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/07/26 19:48:36.0250 2488 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/26 19:48:36.0562 2488 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/26 19:48:36.0875 2488 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/26 19:48:38.0031 2488 Boot (0x1200) (5121431bb51c746c8ae27fed0ccf44c6) \Device\Harddisk0\DR0\Partition0
2011/07/26 19:48:38.0078 2488 Boot (0x1200) (3f10c9787e65f18f56bb61abfee7d97a) \Device\Harddisk0\DR0\Partition1
2011/07/26 19:48:38.0093 2488 ================================================================================
2011/07/26 19:48:38.0093 2488 Scan finished
2011/07/26 19:48:38.0093 2488 ================================================================================
2011/07/26 19:48:38.0125 2332 Detected object count: 0
2011/07/26 19:48:38.0125 2332 Actual detected object count: 0
2011/07/26 19:48:48.0968 3260 Deinitialize success

Hello Benjie :),

Please delete the ComboFix copy that you have; C:\ComboFix.exe.

Please download ComboFix from one of the links below and save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/sUBs/ComboFix.exe)

Do not mouse click on ComboFix while it is running. That may cause it to stall. ComboFix is a powerful tool and must not be used without supervision.

Install Recovery Console and run ComboFix

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Double click on ComboFix.exe and follow the prompts.
As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. You will be asked to install it if it is not present in your computer. Click Yes to proceed.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, click on Yes to continue scanning for malware.
When finished, a log will be produced as C:\ComboFix.txt. Please post this log in your next reply.
If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
Enable back your security softwares as soon as you completed the ComboFix steps.

A detailed step by step tutorial to run ComboFix can be found here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) if you need help.

--------------------

Please post back:
1. the ComboFix log

While running ComboFix, AVG throws an Identity Protection message from combofix.exe as a PUA (Potentially Unwanted App) threat. Quarantine or Allow?

Hello Benjie :),

Please allow.

In my earlier post:

All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.

ComboFix 11-07-26.03 - Terry 07/26/2011 20:45:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.853 [GMT -4:00]
Running from: c:\documents and settings\Terry\Desktop\ComboFix.exe
AV: AVG Internet Security Business Edition *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\searchindexer.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WSearch
-------\Service_WSearch
.
.
((((((((((((((((((((((((( Files Created from 2011-06-27 to 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-26 16:50 . 2011-07-26 16:50 -------- d-----w- c:\documents and settings\Terry\Application Data\Malwarebytes
2011-07-26 16:50 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 16:50 . 2011-07-26 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-26 16:49 . 2011-07-26 16:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-20 17:05 . 2011-07-20 17:05 -------- d-----w- c:\documents and settings\Benjie.TM\Local Settings\Application Data\Mozilla
2011-07-20 16:56 . 2011-07-20 16:56 -------- d-sh--w- c:\documents and settings\Benjie.TM\PrivacIE
2011-07-20 16:39 . 2011-07-20 16:39 -------- d-----w- c:\documents and settings\Benjie.TM\Local Settings\Application Data\Identities
2011-07-20 16:39 . 2011-07-20 16:39 -------- d-----w- c:\documents and settings\Benjie.TM\Application Data\Windows Desktop Search
2011-07-19 23:20 . 2011-07-19 23:20 -------- d-----w- c:\program files\ERUNT
2011-07-19 18:09 . 2011-07-19 18:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2011-07-19 17:54 . 2011-07-19 17:56 -------- d-----w- c:\windows\SxsCaPendDel
2011-07-19 17:21 . 2011-07-19 18:39 -------- d-----w- C:\$AVG
2011-07-19 17:17 . 2011-07-19 17:17 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2011-07-19 17:17 . 2011-07-19 17:17 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2011-07-19 11:07 . 2011-07-19 11:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-07-18 21:30 . 2011-07-18 21:30 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-07-18 20:08 . 2011-07-18 20:08 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-07-18 18:06 . 2011-07-18 18:06 -------- d-----w- c:\documents and settings\Terry\Application Data\AVG9
2011-07-18 18:03 . 2011-07-19 18:09 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2011-07-18 18:03 . 2011-07-19 18:09 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-18 18:03 . 2011-07-19 18:08 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-18 18:03 . 2011-07-19 18:08 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-18 18:03 . 2011-07-19 18:09 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-07-18 18:02 . 2011-07-26 23:49 -------- d-----w- c:\windows\system32\drivers\Avg
2011-07-18 18:02 . 2011-07-18 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2011-07-18 18:02 . 2011-07-19 18:07 -------- d-----w- c:\program files\AVG
2011-07-18 18:02 . 2011-07-18 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2011-07-13 00:24 . 2011-07-13 00:24 -------- d-----w- c:\program files\Apple Software Update
2011-07-12 21:24 . 2011-07-12 21:24 -------- d-----w- c:\documents and settings\Terry\Application Data\Apple Computer
2011-07-12 21:24 . 2011-07-12 21:24 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\Apple Computer
2011-07-12 21:24 . 2011-07-12 21:24 -------- d-----w- c:\program files\Safari
2011-07-12 21:24 . 2011-07-12 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-07-12 21:23 . 2011-07-12 21:23 -------- d-----w- c:\program files\Common Files\Apple
2011-07-12 21:23 . 2011-07-12 21:23 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\Apple
2011-07-12 21:23 . 2011-07-12 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-07-12 20:17 . 2011-07-12 20:17 -------- d--h--w- c:\windows\PIF
2011-06-29 03:16 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-06-28 21:54 . 2011-06-28 21:54 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\Temp
2011-06-28 20:31 . 2011-06-28 20:31 -------- d-----w- c:\documents and settings\Terry\Application Data\Windows Search
2011-06-28 18:30 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-28 18:24 . 2011-06-28 18:24 -------- d-----w- c:\windows\system32\winrm
2011-06-28 18:24 . 2011-06-28 18:24 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-06-28 18:24 . 2011-06-28 18:24 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\Identities
2011-06-28 18:24 . 2011-06-28 18:24 -------- d-----w- c:\documents and settings\Terry\Application Data\Windows Desktop Search
2011-06-28 18:23 . 2011-07-12 22:25 -------- d-----w- c:\program files\Windows Desktop Search
2011-06-28 18:23 . 2011-06-28 18:23 -------- d-----w- c:\windows\system32\GroupPolicy
2011-06-28 18:22 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-06-28 18:22 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-06-28 18:22 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-06-28 18:21 . 2011-06-28 21:32 -------- d-----w- c:\program files\Windows Media Connect 2
2011-06-28 18:20 . 2011-06-28 18:21 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-06-28 18:19 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-06-28 15:36 . 2011-07-18 20:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-28 15:11 . 2011-06-28 21:38 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\Google
2011-06-28 14:47 . 2011-06-28 14:47 -------- d-----w- C:\VundoFix Backups
2011-06-27 19:37 . 2011-06-27 20:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Thunderbird
2011-06-27 19:37 . 2011-06-27 19:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-26 23:44 . 2004-08-04 12:00 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-07-13 00:50 . 2011-05-06 19:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31 . 2008-01-24 20:58 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2004-08-04 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 04:17 . 2011-07-19 19:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-03-18 12:11 2471240 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2005-10-19 20531]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-07-19 2071904]
.
c:\documents and settings\Terry\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2011-07-19 18:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"PbXLTBUktOat"=c:\documents and settings\All Users\Application Data\PbXLTBUktOat.exe
"Google Update"="c:\documents and settings\Terry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" startup
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"WatchingService"="c:\program files\d-link\d-link d-viewcam\bin\wdsvc.exe" sys_auto_run c:\program files\D-Link\D-Link D-ViewCam\Bin
"hpbdfawep"=c:\program files\HP\Dfawep\bin\hpbdfawep.exe 1
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
.
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [7/18/2011 2:03 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [7/18/2011 2:03 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/18/2011 2:03 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/18/2011 2:03 PM 243152]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/19/2011 2:08 PM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/19/2011 2:09 PM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7/19/2011 2:09 PM 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7/19/2011 2:09 PM 5897808]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/19/2011 1:17 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [7/18/2011 2:02 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [7/18/2011 2:02 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [7/18/2011 2:02 PM 26192]
S1 MpKsl74d7fc77;MpKsl74d7fc77;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97E5AD83-E8FE-4081-8D09-7603E147E1D0}\MpKsl74d7fc77.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97E5AD83-E8FE-4081-8D09-7603E147E1D0}\MpKsl74d7fc77.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [7/18/2011 4:08 PM 947528]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/19/2011 1:17 PM 30104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/26/2011 12:50 PM 41272]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2/20/2002 3:34 AM 72576]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 8:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uLocal Page = about:blank
uStart Page = about:blank
mLocal Page = about:blank
mStart Page = about:blank
mWindow Title = McCall's Inc Explorer
TCP: DhcpNameServer = 208.216.228.227 207.230.75.50
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Terry\Application Data\Mozilla\Firefox\Profiles\y2cvbfxi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-02178118.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-26 21:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2916)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
.
**************************************************************************
.
Completion time: 2011-07-26 21:11:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-27 01:11
.
Pre-Run: 24,434,151,424 bytes free
Post-Run: 24,600,797,184 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 48078EED0042347FB1617CFCA30D982D

Hello Benjie :),

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.

Click here (http://www.eset.com/onlinescan/) to go to ESET Online Scanner page.
Click on Run ESET Online Scanner. A new window will open.
For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
You will be prompted to install an ActiveX Control from ESET. Please install.
At the Computer scan settings section, uncheck (untick) Remove found threats. <-- Important, do not remove anything yet.
Then, check Scan archives.
Now, click on Advanced settings and make sure all these are checked:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Click on Scan to proceed.
When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
Post the contents in your reply.

If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.

--------------------

Please post back:
1. ESET scan result

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=3da67f175ccd9e40b3616b8a2535e757
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-07-27 02:12:17
# local_time=2011-07-27 10:12:17 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=43811
# found=0
# cleaned=0
# scan_time=5716

Hello Benjie :),

Please download MiniRegTool© by farbar and save it to your desktop.

Click here - 32-bit version. (http://download.bleepingcomputer.com/farbar/MiniRegTool.zip)


Extract the file to the desktop using 7-Zip (http://www.7-zip.org/) or a suitable archive utility that handles Zip files.
Double click on MiniRegTool.exe to run it.
Copy and paste the following text into the white box:

HKEY_CURRENT_USER\software\microsoft\windows\currentversion
Please select:
Export Key(s)
Click on the Go button. A log will open.
Please post this log as attachment. It can also be found on the desktop as Result.txt.

On the Reply to Thread page, you will see the Additional Options section below the text box that you use for replying. Click Manage Attachment and a new window will open. Browse... and look for the file, then double click on it. Next, click on Upload. You may close the window when done. Please do not post any other logs as attachment unless I request.

--------------------


Every time I reboot and start Firefox, a message says FF is not my default browser. I tried it with Safari and the same thing happens. You can set those browsers not to check if they are default. For Firefox, go to Tools > Options > Advanced, then uncheck Always check to see if Firefox is the default browser on startup. I do not use Safari, but it should be something similar to disable the checking.

Do you use this program? If not, please uninstall it.
VNC Free Edition 4.1.3

Please run DDS again and post back DDS.txt.

--------------------

Please post back:
1. MiniReg Tool result as attachment
2. new DDS.txt
3. How is the computer behaving now?

While trying to upload result.txt, message states "Upload Failed." Windows reports the file is 5.07MB. Could it be too large?

My problem with FF was that everytime I told it to make it my default browser, after a reboot, it would alway come back and tell me it wasn't my default brower again. Same thing w/ Safari. This doesn't seem to be happening any more though. Something has fixed it.

Oops, just rebooted and started FF again and it does still say FF is not my default browser. Something keeps changing it.

Attached is a zipped result.txt. Is this ok?

DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Terry at 12:32:34 on 2011-07-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.932 [GMT -4:00]
.
AV: AVG Internet Security Business Edition *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uLocal Page = about:blank
mStart Page = about:blank
mLocal Page = about:blank
mWindow Title = McCall's Inc Explorer
uURLSearchHooks: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
dURLSearchHooks: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Client Access Service] "c:\program files\ibm\client access\cwbsvstr.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
StartupFolder: c:\docume~1\terry\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 208.216.228.227 207.230.75.50
TCP: Interfaces\{45383A36-A472-4D3B-8CC7-47D0102A8317} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{4FDE4A8A-D00B-4DD9-B131-2CA6574A2976} : DHCPNameServer = 208.216.228.227 207.230.75.50
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: ipp - <Clsid value has no data>
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: msdaipp - <Clsid value has no data>
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
IFEO: Your Image File Name Here without a path - ntsd -d
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\terry\application data\mozilla\firefox\profiles\y2cvbfxi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2011-7-18 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2011-7-18 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2011-7-18 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2011-7-18 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2011-7-18 243152]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2011-7-19 921952]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2011-7-19 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2011-7-19 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2011-7-19 5897808]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2011-7-19 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2011-7-18 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2011-7-18 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2011-7-18 26192]
S1 MpKsl74d7fc77;MpKsl74d7fc77;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{97e5ad83-e8fe-4081-8d09-7603e147e1d0}\mpksl74d7fc77.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{97e5ad83-e8fe-4081-8d09-7603e147e1d0}\MpKsl74d7fc77.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2011-7-18 947528]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2011-7-19 30104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-26 41272]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2002-2-20 72576]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
.
=============== Created Last 30 ================
.
2011-07-27 12:27:02 -------- d-----w- c:\program files\ESET
2011-07-27 00:44:28 -------- d-sha-r- C:\cmdcons
2011-07-27 00:41:36 208896 ----a-w- c:\windows\MBR.exe
2011-07-27 00:41:29 98816 ----a-w- c:\windows\sed.exe
2011-07-27 00:41:29 256000 ----a-w- c:\windows\PEV.exe
2011-07-26 16:50:20 -------- d-----w- c:\documents and settings\terry\application data\Malwarebytes
2011-07-26 16:50:02 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 16:50:01 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-26 16:49:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-19 19:11:23 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-07-19 19:11:14 343000 ----a-w- c:\program files\mozilla firefox\nsw10.tmp\nssckbi.dll
2011-07-19 18:09:10 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2011-07-19 17:54:37 -------- d-----w- c:\windows\SxsCaPendDel
2011-07-19 17:21:57 -------- d-----w- C:\$AVG
2011-07-19 17:17:21 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2011-07-19 17:17:21 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2011-07-18 21:30:39 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-07-18 18:06:41 -------- d-----w- c:\documents and settings\terry\application data\AVG9
2011-07-18 18:03:14 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2011-07-18 18:03:13 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-18 18:03:13 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-18 18:03:04 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-18 18:02:53 -------- d-----w- c:\windows\system32\drivers\Avg
2011-07-18 18:02:50 -------- d-----w- c:\documents and settings\all users\application data\AVG Security Toolbar
2011-07-18 18:02:21 -------- d-----w- c:\program files\AVG
2011-07-18 18:02:19 -------- d-----w- c:\documents and settings\all users\application data\avg9
2011-07-12 21:24:52 -------- d-----w- c:\documents and settings\terry\local settings\application data\Apple Computer
2011-07-12 21:23:17 -------- d-----w- c:\documents and settings\terry\local settings\application data\Apple
2011-07-12 20:17:59 -------- d--h--w- c:\windows\PIF
2011-06-29 03:16:50 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-06-29 03:16:50 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-06-28 21:54:39 -------- d-----w- c:\documents and settings\terry\local settings\application data\Temp
2011-06-28 20:31:41 -------- d-----w- c:\documents and settings\terry\application data\Windows Search
2011-06-28 18:30:40 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-06-28 18:24:33 -------- d-----w- c:\windows\system32\winrm
2011-06-28 18:24:30 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2011-06-28 18:24:10 -------- d-----w- c:\documents and settings\terry\local settings\application data\Identities
2011-06-28 18:24:06 -------- d-----w- c:\documents and settings\terry\application data\Windows Desktop Search
2011-06-28 18:23:34 -------- d-----w- c:\windows\system32\GroupPolicy
2011-06-28 18:23:34 -------- d-----w- c:\program files\Windows Desktop Search
2011-06-28 18:22:17 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll
2011-06-28 18:22:17 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll
2011-06-28 18:22:17 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll
2011-06-28 18:21:50 -------- d-----w- c:\program files\Windows Media Connect 2
2011-06-28 18:19:21 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-06-28 15:36:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-28 15:11:11 -------- d-----w- c:\documents and settings\terry\local settings\application data\Google
2011-06-28 14:47:10 -------- d-----w- C:\VundoFix Backups
.
==================== Find3M ====================
.
2011-07-26 23:44:44 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-07-13 00:50:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
============= FINISH: 12:32:58.60 ===============

Everything seems to running normal now. I don't detect iexplore.exe running in the task manager any more either. I will keep testing and post results soon.

Hello Benjie :),

Yes, please use the computer a while.

--------------------

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use. Do not mouse click on ComboFix while it is running. That may cause it to stall.

Run ComboFix script

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Open Notepad. Copy and paste the following text into it:

DirLook::
c:\program files\mozilla firefox\nsw10.tmp

FileLook::
c:\program files\mozilla firefox\nsw10.tmp\nssckbi.dll

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PbXLTBUktOat"=-

Save it as CFScript.txt at the desktop. Make sure the Save as type: is All Files (*.*).

http://i582.photobucket.com/albums/ss269/Cat_Byte/images/CFScriptB-4.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix may request an update, please allow it.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, a log will be produced as C:\ComboFix.txt. Copy and paste the contents of the log in your next reply.
If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
Enable back your security softwares as soon as you completed the ComboFix steps.

--------------------

Please post back:
1. the ComboFix log
2. any more problems?

So far, so good. Still no problems detected.




ComboFix 11-07-28.06 - Terry 07/28/2011 20:29:07.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.865 [GMT -4:00]
Running from: c:\documents and settings\Terry\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Terry\Desktop\CFScript.txt
AV: AVG Internet Security Business Edition *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-29 )))))))))))))))))))))))))))))))
.
.
2011-07-27 12:27 . 2011-07-27 12:27 -------- d-----w- c:\program files\ESET
2011-07-26 16:50 . 2011-07-26 16:50 -------- d-----w- c:\documents and settings\Terry\Application Data\Malwarebytes
2011-07-26 16:50 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 16:50 . 2011-07-26 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-26 16:49 . 2011-07-26 16:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-20 17:05 . 2011-07-20 17:05 -------- d-----w- c:\documents and settings\Benjie.TM\Local Settings\Application Data\Mozilla
2011-07-20 16:56 . 2011-07-20 16:56 -------- d-sh--w- c:\documents and settings\Benjie.TM\PrivacIE
2011-07-20 16:39 . 2011-07-20 16:39 -------- d-----w- c:\documents and settings\Benjie.TM\Local Settings\Application Data\Identities
2011-07-20 16:39 . 2011-07-20 16:39 -------- d-----w- c:\documents and settings\Benjie.TM\Application Data\Windows Desktop Search
2011-07-19 23:20 . 2011-07-19 23:20 -------- d-----w- c:\program files\ERUNT
2011-07-19 19:11 . 2011-06-16 04:17 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-07-19 19:11 . 2011-06-16 04:17 343000 ----a-w- c:\program files\Mozilla Firefox\nsw10.tmp\nssckbi.dll
2011-07-19 18:09 . 2011-07-19 18:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2011-07-19 17:54 . 2011-07-19 17:56 -------- d-----w- c:\windows\SxsCaPendDel
2011-07-19 17:21 . 2011-07-19 18:39 -------- d-----w- C:\$AVG
2011-07-19 17:17 . 2011-07-19 17:17 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2011-07-19 17:17 . 2011-07-19 17:17 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2011-07-19 11:07 . 2011-07-19 11:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-07-18 21:30 . 2011-07-18 21:30 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-07-18 20:08 . 2011-07-18 20:08 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-07-18 18:06 . 2011-07-18 18:06 -------- d-----w- c:\documents and settings\Terry\Application Data\AVG9
2011-07-18 18:03 . 2011-07-19 18:09 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2011-07-18 18:03 . 2011-07-19 18:09 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2011-07-18 18:03 . 2011-07-19 18:08 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2011-07-18 18:03 . 2011-07-19 18:08 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-07-18 18:03 . 2011-07-19 18:09 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2011-07-18 18:02 . 2011-07-28 11:48 -------- d-----w- c:\windows\system32\drivers\Avg
2011-07-18 18:02 . 2011-07-18 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2011-07-18 18:02 . 2011-07-19 18:07 -------- d-----w- c:\program files\AVG
2011-07-18 18:02 . 2011-07-18 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2011-07-13 00:24 . 2011-07-13 00:24 -------- d-----w- c:\program files\Apple Software Update
2011-07-12 21:24 . 2011-07-12 21:24 -------- d-----w- c:\documents and settings\Terry\Application Data\Apple Computer
2011-07-12 21:24 . 2011-07-12 21:24 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\Apple Computer
2011-07-12 21:24 . 2011-07-12 21:24 -------- d-----w- c:\program files\Safari
2011-07-12 21:24 . 2011-07-12 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2011-07-12 21:23 . 2011-07-12 21:23 -------- d-----w- c:\program files\Common Files\Apple
2011-07-12 21:23 . 2011-07-12 21:23 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\Apple
2011-07-12 21:23 . 2011-07-12 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-07-12 20:17 . 2011-07-12 20:17 -------- d--h--w- c:\windows\PIF
2011-06-29 03:16 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-26 23:44 . 2004-08-04 12:00 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-07-13 00:50 . 2011-05-06 19:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-02 14:02 . 2004-08-04 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31 . 2008-01-24 20:58 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-16 04:17 . 2011-07-19 19:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\program files\mozilla firefox\nsw10.tmp\nssckbi.dll ---
Company: Mozilla Foundation
File Description: NSS Builtin Trusted Root CAs
File Version: 1.81
Product Name: Network Security Services
Copyright:
Original Filename: nssckbi.dll
File size: 343000
Created time: 2011-07-19 19:11
Modified time: 2011-06-16 04:17
MD5: 6689B655EA803BE040D95B8EA913249F
SHA1: AD87EDDF4BA204D463ACF6D2DA1B78B44ED652A0
.
---- Directory of c:\program files\mozilla firefox\nsw10.tmp ----
.
2011-07-19 19:11 . 2011-06-16 04:17 343000 ----a-w- c:\program files\mozilla firefox\nsw10.tmp\nssckbi.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-27_01.05.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-27 16:09 . 2011-07-27 16:09 221184 c:\windows\ERDNT\AutoBackup\7-27-2011\Users\00000002\UsrClass.dat
+ 2011-07-27 16:09 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\7-27-2011\ERDNT.EXE
+ 2011-07-27 16:09 . 2011-07-27 16:09 6422528 c:\windows\ERDNT\AutoBackup\7-27-2011\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-05-30 15:33 2495816 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2005-10-19 20531]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-07-19 2071904]
.
c:\documents and settings\Terry\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2011-07-19 18:09 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"Google Update"="c:\documents and settings\Terry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" startup
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"WatchingService"="c:\program files\d-link\d-link d-viewcam\bin\wdsvc.exe" sys_auto_run c:\program files\D-Link\D-Link D-ViewCam\Bin
"hpbdfawep"=c:\program files\HP\Dfawep\bin\hpbdfawep.exe 1
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
.
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [7/18/2011 2:03 PM 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [7/18/2011 2:03 PM 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/18/2011 2:03 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/18/2011 2:03 PM 243152]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/19/2011 2:08 PM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/19/2011 2:09 PM 308136]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [7/19/2011 2:09 PM 2331544]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7/19/2011 2:09 PM 5897808]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/19/2011 1:17 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [7/18/2011 2:02 PM 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [7/18/2011 2:02 PM 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [7/18/2011 2:02 PM 26192]
S1 MpKsl74d7fc77;MpKsl74d7fc77;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97E5AD83-E8FE-4081-8D09-7603E147E1D0}\MpKsl74d7fc77.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{97E5AD83-E8FE-4081-8D09-7603E147E1D0}\MpKsl74d7fc77.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [7/18/2011 4:08 PM 1025352]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/19/2011 1:17 PM 30104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/26/2011 12:50 PM 41272]
S3 USBNET_XP;Instant Wireless XP USB Network Adapter ver.2.6 Driver;c:\windows\system32\drivers\netusbxp.sys [2/20/2002 3:34 AM 72576]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 8:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
.
------- Supplementary Scan -------
.
uLocal Page = about:blank
uStart Page = about:blank
mLocal Page = about:blank
mStart Page = about:blank
mWindow Title = McCall's Inc Explorer
TCP: DhcpNameServer = 208.216.228.227 207.230.75.50
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Terry\Application Data\Mozilla\Firefox\Profiles\y2cvbfxi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-28 20:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(156)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-07-28 20:40:58
ComboFix-quarantined-files.txt 2011-07-29 00:40
ComboFix2.txt 2011-07-27 01:11
.
Pre-Run: 24,329,723,904 bytes free
Post-Run: 24,325,582,848 bytes free
.
- - End Of File - - D30806CFC2F3495AF3F504F66158AF42

Hello Benjie :),

Please post C:\Qoobox\ComboFix-quarantined-files.txt.

2011-07-29 00:28:53 . 2011-07-29 00:28:53 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2011-07-27 01:09:54 . 2011-07-27 01:09:54 558 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-02178118.sys.reg.dat
2011-07-27 00:53:47 . 2011-07-27 00:53:47 4,116 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_WSearch.reg.dat
2011-07-27 00:53:47 . 2011-07-27 00:53:47 1,040 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_WSearch.reg.dat
2011-07-27 00:51:41 . 2011-07-29 00:34:35 7,866 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-07-27 00:49:23 . 2011-05-06 17:59:30 905 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\4\OpenOffice.lnk
2011-07-27 00:49:23 . 2011-05-06 16:11:46 724 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\4\Mozilla Firefox.lnk
2011-07-27 00:49:23 . 2008-07-15 20:41:05 785 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\4\iSeries Navigator.lnk
2011-07-27 00:49:23 . 2011-05-06 14:54:21 79 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
2011-07-27 00:49:23 . 2011-06-15 15:36:19 1,729 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\4\Adobe Reader 9.lnk
2011-07-27 00:49:23 . 2008-01-24 21:01:08 84 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
2011-07-27 00:49:23 . 2011-05-06 14:54:22 119 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\2\desktop.ini
2011-07-27 00:49:23 . 2011-05-05 20:10:21 875 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Update Spybot-S&D.lnk
2011-07-27 00:49:23 . 2011-05-05 20:10:21 961 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk
2011-07-27 00:49:23 . 2011-05-05 20:10:21 945 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk
2011-07-27 00:49:23 . 2011-05-05 20:10:21 951 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\Tutorial.lnk
2011-07-27 00:49:23 . 2011-05-05 20:10:21 834 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Spybot - Search & Destroy\File Shredder.lnk
2011-07-27 00:49:23 . 2008-01-24 23:06:19 713 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\VNC Viewer 4\Run VNC Viewer.lnk
2011-07-27 00:49:23 . 2008-01-24 23:06:19 729 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\VNC Viewer 4\Run Listening VNC Viewer.lnk
2011-07-27 00:49:23 . 2008-01-24 23:06:19 723 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\VNC Server 4 (User-Mode)\Run VNC Server.lnk
2011-07-27 00:49:23 . 2008-01-24 23:06:19 725 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\VNC Server 4 (User-Mode)\Configure User-Mode Settings.lnk
2011-07-27 00:49:23 . 2008-01-24 23:06:19 747 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\VNC Server 4 (Service-Mode)\Unregister VNC Service.lnk
2011-07-27 00:49:23 . 2008-01-24 23:06:19 735 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\VNC Server 4 (Service-Mode)\Stop VNC Service.lnk
2011-07-27 00:49:23 . 2008-01-24 23:06:19 737 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\VNC Server 4 (Service-Mode)\Start VNC Service.lnk
2011-07-27 00:49:23 . 2008-01-24 23:06:19 743 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\VNC Server 4 (Service-Mode)\Register VNC Service.lnk
2011-07-27 00:49:23 . 2008-01-24 23:06:19 753 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\RealVNC\VNC Server 4 (Service-Mode)\Configure VNC Service.lnk
2011-07-27 00:49:23 . 2011-05-06 17:59:30 917 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\OpenOffice.org.lnk
2011-07-27 00:49:23 . 2011-05-06 17:59:30 865 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\OpenOffice.org Writer.lnk
2011-07-27 00:49:23 . 2011-05-06 17:59:29 851 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\OpenOffice.org Impress.lnk
2011-07-27 00:49:23 . 2011-05-06 17:59:29 791 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\OpenOffice.org Draw.lnk
2011-07-27 00:49:23 . 2011-05-06 17:59:29 841 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\OpenOffice.org Calc.lnk
2011-07-27 00:49:23 . 2011-05-06 18:00:12 114 ---ha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\OpenOffice.org 3.1\Desktop.ini
2011-07-27 00:49:23 . 2008-02-14 15:13:08 1,680 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Thunderbird\Mozilla Thunderbird.lnk
2011-07-27 00:49:23 . 2008-02-14 15:13:08 1,702 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Thunderbird\Mozilla Thunderbird (Safe Mode).lnk
2011-07-27 00:49:23 . 2008-02-14 15:11:52 1,614 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox.lnk
2011-07-27 00:49:23 . 2008-02-14 15:11:52 1,636 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk
2011-07-27 00:49:23 . 2008-07-15 20:39:55 1,667 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Service\Trace Files.lnk
2011-07-27 00:49:23 . 2008-07-15 20:39:55 1,689 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Service\Start Diagnostic Tools.lnk
2011-07-27 00:49:23 . 2008-07-15 20:39:55 827 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Service\Install Service Pack.lnk
2011-07-27 00:49:23 . 2008-07-15 20:39:55 1,715 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Service\History Log.lnk
2011-07-27 00:49:23 . 2008-07-15 20:39:55 903 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Service\Error and Trace Message Help.lnk
2011-07-27 00:49:23 . 2008-07-15 20:39:55 823 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Service\Check Service Level.lnk
2011-07-27 00:49:23 . 2008-07-15 20:43:35 893 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Emulator\Start or Configure Session.lnk
2011-07-27 00:49:23 . 2008-07-15 20:43:35 900 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Emulator\Trace Facility.lnk
2011-07-27 00:49:23 . 2008-07-15 20:43:35 912 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Emulator\Menu-Bar Customization Utility.lnk
2011-07-27 00:49:23 . 2008-07-15 20:43:35 900 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Emulator\Multiple Sessions.lnk
2011-07-27 00:49:23 . 2008-07-15 20:43:35 912 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Emulator\Convert Macro.lnk
2011-07-27 00:49:23 . 2008-07-15 20:39:55 1,714 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Welcome Wizard.lnk
2011-07-27 00:49:23 . 2008-07-15 20:40:41 865 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\User's Guide.lnk
2011-07-27 00:49:22 . 2008-07-15 20:40:25 1,701 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Start Directory Update.lnk
2011-07-27 00:49:22 . 2008-07-15 20:45:17 797 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Service Pack Read Me.lnk
2011-07-27 00:49:22 . 2008-07-15 20:39:35 1,656 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Selective Setup.lnk
2011-07-27 00:49:22 . 2008-07-15 20:39:35 869 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Read Me.lnk
2011-07-27 00:49:22 . 2008-07-15 20:44:08 650 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\ODBC Administration.lnk
2011-07-27 00:49:22 . 2008-07-15 20:39:55 1,550 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\iSeries Access for Windows Properties.lnk
2011-07-27 00:49:22 . 2008-07-15 20:39:55 1,499 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\iSeries Navigator.lnk
2011-07-27 00:49:22 . 2008-07-15 20:39:35 869 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Internet Information.lnk
2011-07-27 00:49:22 . 2008-07-15 20:40:25 785 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Directory Update.lnk
2011-07-27 00:49:22 . 2008-07-15 20:43:51 1,664 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Data Transfer To iSeries Server.lnk
2011-07-27 00:49:22 . 2008-07-15 20:43:51 1,664 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\Data Transfer From iSeries Server.lnk
2011-07-27 00:49:22 . 2008-07-15 20:42:11 932 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\IBM iSeries Access for Windows\AFP Workbench Viewer.lnk
2011-07-27 00:49:22 . 2008-01-24 21:07:22 1,271 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Dell Accessories\Dell Resource CD.lnk
2011-07-27 00:49:22 . 2008-01-24 22:18:07 1,780 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\Creative Restore Defaults.lnk
2011-07-27 00:49:22 . 2008-01-24 22:18:04 1,838 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\Creative Mixer.lnk
2011-07-27 00:49:22 . 2008-01-24 22:18:00 1,827 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\Creative Diagnostics.lnk
2011-07-27 00:49:22 . 2008-01-24 22:18:00 1,818 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Creative\Sound Blaster Live!\Creative Diagnostics Agent.lnk
2011-07-27 00:49:22 . 2008-01-24 21:01:08 1,602 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
2011-07-27 00:49:22 . 2008-01-24 21:01:08 1,591 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
2011-07-27 00:49:22 . 2008-07-15 20:23:41 1,158 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
2011-07-27 00:49:22 . 2008-07-15 20:23:41 1,107 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
2011-07-27 00:49:22 . 2008-01-24 21:01:08 1,592 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
2011-07-27 00:49:22 . 2008-01-24 21:01:08 1,596 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
2011-07-27 00:49:22 . 2008-01-24 21:01:08 476 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
2011-07-27 00:49:22 . 2008-01-24 21:01:08 1,602 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
2011-07-27 00:49:22 . 2008-01-24 20:58:04 1,582 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
2011-07-27 00:49:22 . 2008-01-24 20:59:32 1,616 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
2011-07-27 00:49:22 . 2008-01-24 20:59:32 1,753 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
2011-07-27 00:49:22 . 2008-01-24 20:59:30 1,070 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
2011-07-27 00:49:22 . 2008-01-24 21:01:08 1,591 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
2011-07-27 00:49:22 . 2008-07-15 23:09:56 1,572 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
2011-07-27 00:49:22 . 2008-01-24 20:59:32 1,532 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
2011-07-27 00:49:22 . 2008-01-24 21:01:08 703 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
2011-07-27 00:49:22 . 2008-01-24 20:57:35 1,521 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
2011-07-27 00:49:22 . 2008-01-24 20:57:35 1,528 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
2011-07-27 00:49:22 . 2008-01-24 20:57:35 1,528 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
2011-07-27 00:49:22 . 2011-05-06 13:29:28 1,656 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
2011-07-27 00:49:22 . 2008-01-24 20:57:35 146 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
2011-07-27 00:49:22 . 2008-01-24 20:56:24 1,646 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
2011-07-27 00:49:22 . 2008-01-24 20:59:27 1,640 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
2011-07-27 00:49:22 . 2008-03-05 18:18:33 1,757 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
2011-07-27 00:49:22 . 2008-01-24 20:57:35 786 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
2011-07-27 00:49:22 . 2011-05-06 13:29:28 516 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
2011-07-27 00:49:22 . 2008-01-24 20:57:35 1,520 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
2011-07-27 00:49:22 . 2008-01-24 20:57:35 90 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
2011-07-27 00:49:22 . 2008-01-24 20:57:35 879 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
2011-07-27 00:49:22 . 2008-01-24 20:57:35 1,515 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
2011-07-27 00:49:22 . 2011-05-06 13:27:17 1,585 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
2011-07-27 00:49:22 . 2008-01-24 20:57:35 1,498 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
2011-07-27 00:49:22 . 2008-01-24 20:57:35 188 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Accessories\desktop.ini
2011-07-27 00:49:22 . 2008-01-24 20:57:35 609 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
2011-07-27 00:49:22 . 2011-06-15 15:36:19 1,804 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 9.lnk
2011-07-27 00:49:22 . 2008-01-24 20:59:35 150 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\desktop.ini
2011-07-27 00:49:22 . 2011-05-06 16:11:46 730 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Programs\Mozilla Firefox.lnk
2011-07-27 00:49:22 . 2011-05-06 16:04:42 1,507 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
2011-07-27 00:49:22 . 2008-01-24 21:01:08 398 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
2011-07-27 00:49:22 . 2011-05-06 13:27:34 1,563 ----a-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
2011-07-27 00:49:22 . 2011-05-06 13:27:34 272 --sha-w- C:\Qoobox\Quarantine\C\DOCUME~1\Terry\LOCALS~1\Temp\smtmp\1\desktop.ini
2011-07-13 01:05:22 . 2011-07-29 00:26:23 255 ----a-w- C:\Qoobox\Quarantine\catchme.log
2008-05-27 02:18:44 . 2008-05-27 02:18:44 439,808 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\searchindexer.exe.vir

Hello Benjie :),

We need to restore some items from ComboFix. When you are done, I will give you some recommendations on security.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use. Do not mouse click on ComboFix while it is running. That may cause it to stall.

Run ComboFix script

Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
If you need help to disable your protection programs see here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html) and here (http://www.bleepingcomputer.com/forums/topic114351.html).
Open Notepad. Copy and paste the following text into it:

DeQuarantine::
C:\Qoobox\Quarantine\C\WINDOWS\system32\searchindexer.exe.vir

Quit::

Save it as CFScript.txt at the desktop. Make sure the Save as type: is All Files (*.*).

http://i582.photobucket.com/albums/ss269/Cat_Byte/images/CFScriptB-4.gif

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix may request an update, please allow it.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, a log will be produced as C:\DeQuarantine.txt. Copy and paste the contents of the log in your next reply.
If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
Enable back your security softwares as soon as you completed the ComboFix steps.

--------------------

For these two files, please rename them and remove the .dat extension:
C:\Qoobox\Quarantine\Registry_backups\Service_WSearch.reg.dat
C:\Qoobox\Quarantine\Registry_backups\Legacy_WSearch.reg.dat

After the rename, you should get:
C:\Qoobox\Quarantine\Registry_backups\Service_WSearch.reg
C:\Qoobox\Quarantine\Registry_backups\Legacy_WSearch.reg

Then, double click on each one of them. You will be prompted about merging information to the registry, please proceed.

--------------------

Please post back:
1. DeQuarantine.txt

C:\Qoobox\Quarantine\C\WINDOWS\system32\searchindexer.exe.vir -> C:\WINDOWS\system32\searchindexer.exe ( 439808 bytes )

Service_WSearch.reg updated ok.

However, received:
"Cannot import C:\Qoobox\Quarantine\Registry_backups\Legacy_WSearch.reg: Error accessing the registry."

Hello Benjie :),

I think we can leave the Legacy key alone. Those files that we restored should be good enough to work. In case you have any more problems, please let me know.

Congratulations, you are All Clear to go.

Now we need to clear out the programs we have been using to clean up your computer. They are not suitable for general malware removal and could cause damage if used inappropriately.

Go to Start > Run.... Copy and paste the following text into the white box:
ComboFix /uninstall
Click OK.
Delete the TDSKiller, aswMBR and MiniRegTool files on your desktop.
Delete any logs on the desktop.

Some tips to help you stay clean and safe:

1. Keep your Windows up to date. Enable Automatic Updates for Windows XP (http://www.bleepingcomputer.com/tutorials/tutorial35.html) to always update the latest security patches from Microsoft, or you can download from the Microsoft website. Otherwise, your computer will be vulnerable to new exploits or malwares.

2. Update your Antivirus program regularly, it is a must for constant protection against viruses. If you do not have one, Microsoft Security Essentials (http://www.microsoft.com/security_essentials/) and Avast (http://www.avast.com/eng/download-avast-home.html) are some great and free antivirus programs that you can try. For paid versions, Avast, ESET NOD32 (http://www.eset.com/products/nod32.php) and Kaspersky (http://www.kaspersky.com/kaspersky_anti-virus) are some good options. Please keep only one AV installed.

3. Install Malwarebytes' Anti-Malware if you haven't and use it occasionally. It is a new and powerful anti-malware tool (http://www.malwarebytes.org/mbam.php), totally free but for real-time protection you will have to pay a small one-time fee.

4. Install WinPatrol, a great protection program (http://www.winpatrol.com/) that helps you monitor for unwanted files or applications. If you choose this, please do not install Spybot.

5. Use a hosts file to block the access of bad sites from your computer. Get yourself a MVPS Hosts (http://www.mvps.org/winhelp2002/hosts.htm) for this purpose.

6. Install Web of Trust (WOT). WOT (http://www.mywot.com/) keeps you from dangerous websites with warnings and blockings.

7. Protect your computer from removable or USB drive infections with Panda USB Vaccine (http://www.pandasecurity.com/homeusers/downloads/usbvaccine/), an effective method to prevent malware from spreading.

8. Keep all your softwares updated. Visit Secunia Software Inspector (http://secunia.com/software_inspector/) to find out if any updates required.

9. Also look up:
Computer Security - a short guide to staying safer online (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=54766)
PC Safety and Security - What Do I Need? By Glaswegian (http://www.techsupportforum.com/security-center/general-computer-security/525915-pc-safety-security-what-do-i-need.html)
How to prevent malware: By miekiemoes (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)
So how did I get infected in the first place? By Tony Klein (http://forums.spybot.info/showthread.php?t=279)
Microsoft Online Safety (http://www.microsoft.com/protect/default.aspx)

Stay safe.

Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)

Thank you so very much for your help. Everything seems to be working perfectly. God bless.

As your problems appear to have been resolved, this topic is now closed.

We are glad to be of help. If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Your donation helps in improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)