BleepingComputer.com: trojans gendal dropper, offend etc

Please do help me,
i'm using ASUS netbook, using avira antivirus programme,
i got the problem through a removable hardware.
avira detected multiple trojans in the names of--gendal, dropper.gen, tr/offend.kv
and avira quarantined them, but new viruses/ trojan detections from avira kept popping up
internet explorer seemed to be running in the background
googlechrome error messages kept coming and new chinese game pages kept opening
what i did:
while browsing throuh for instructions on trojan removal, i came across a computing.net blogpage on stepwise instructions:
i turned off system restore,turned off hide files
scanned with avira,spybot-s&d,ad-adware, avg antispyware and followed instructions all in safe mode,
and finally used hijackthis.
i'm pasting trend micro hijackthis registry files and dds files below.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:34:59 PM, on 12/5/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HiJackThis1991.exe
C:\Program Files\Reliance Netconnect+\bin\App.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.reliancenetconnect.co.in/9380101286
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O2 - BHO: uTorrentBar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\prxtbuTor.dll
O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: UDisk Monitor - Unknown owner - C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe

--
End of file - 7442 bytes






DDS log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by admin at 17:11:19 on 2011-12-05
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1149 [GMT 5.5:30]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HiJackThis1991.exe
C:\Program Files\Reliance Netconnect+\bin\App.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\admin\My Documents\Downloads\fhq4pxoo.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.in/
uInternet Connection Wizard,ShellNext = hxxp://www.reliancenetconnect.co.in/9380101286
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
uRun: [Google Update] "c:\documents and settings\admin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{61A02FA4-6749-4188-9BCC-D1365652C416} : NameServer = 220.226.6.104 220.226.100.40
Notify: igfxcui - igfxdev.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-12-5 64512]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2011-12-5 10872]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-10-1 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-1 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-10-1 269480]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-1 66616]
R2 UDisk Monitor;UDisk Monitor;c:\program files\reliance netconnect+\bin\MonServiceUDisk.exe [2011-9-23 512000]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2011-9-3 109960]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
R3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\drivers\rtsuvc.sys [2011-9-3 73088]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2011-9-23 105472]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-9-3 1691480]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2011-9-3 62576]
S3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]
.
=============== Created Last 30 ================
.
2011-12-05 08:27:10 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-05 03:25:07 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-05 03:05:14 -------- d-----w- c:\documents and settings\admin\application data\Grisoft
2011-12-05 03:05:07 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2011-12-05 03:05:05 -------- d-----w- c:\documents and settings\all users\application data\Grisoft
2011-12-05 02:57:58 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-12-05 02:44:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-05 02:44:59 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-12-05 02:41:59 -------- d-----w- c:\documents and settings\admin\local settings\application data\adaware
2011-12-05 02:41:56 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2011-12-05 02:41:53 -------- d-----w- c:\program files\Toolbar Cleaner
2011-12-05 02:41:51 -------- d-----w- c:\documents and settings\admin\application data\adawaretb
2011-12-05 02:41:49 -------- d-----w- c:\program files\adawaretb
2011-12-05 02:41:39 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-05 02:41:15 -------- d-----w- c:\program files\Lavasoft
2011-12-05 02:22:50 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-12-05 02:07:36 388608 ----a-w- c:\program files\HiJackThis1991.exe
2011-12-04 16:47:48 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-12-04 16:47:47 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-12-04 16:47:47 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-12-04 16:02:34 -------- d-----w- C:\sh4ldr
2011-12-04 16:02:34 -------- d-----w- c:\program files\Enigma Software Group
2011-12-04 16:02:10 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP
2011-12-04 16:02:06 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-12-04 15:22:04 20129 ----a-w- c:\documents and settings\admin\application data\133.tmp
2011-12-04 13:53:11 109187 ----a-w- c:\documents and settings\admin\application data\EA.tmp
2011-12-04 08:15:49 152868 ----a-w- c:\documents and settings\admin\application data\Qbrqrg.exe.vir
2011-11-28 10:18:48 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-28 10:18:48 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-12-05 03:30:14 24576 ----a-w- c:\windows\system32\userinit.exe
2011-09-27 12:32:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 17:13:05.00 ===============

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430848 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

• If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  
• A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
  
  • Please do this even if you have previously posted logs for us.
    
  • If you were unable to produce the logs originally please try once more.
    
  • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    
  • If you are unsure about any of these characteristics just post what you can and we will guide you.
  
  
• Please tell us if you have your original Windows CD/DVD available.
  
• Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

• Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • DDS.scr
    
  • DDS.pif
  
  
• Double click on the DDS icon, allow it to run.
  
• A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  
• Notepad will open with the results.
  
• Follow the instructions that pop up for posting the results.
  
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:



As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

i still need help, please.
and i DO NOT have an original WINDOWS DVD/CD.



DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by admin at 18:43:57 on 2011-12-10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1457 [GMT 5.5:30]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Reliance Netconnect+\bin\MonServiceUDisk.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Reliance Netconnect+\bin\App.exe
C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.in/
uInternet Connection Wizard,ShellNext = hxxp://www.reliancenetconnect.co.in/9380101286
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\prxtbuTor.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
uRun: [Google Update] "c:\documents and settings\admin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SpyHunter Security Suite] c:\program files\enigma software group\spyhunter\SpyHunter4.exe
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [!AVG Anti-Spyware] "c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe" /minimized
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{61A02FA4-6749-4188-9BCC-D1365652C416} : NameServer = 220.226.6.104 220.226.100.40
Notify: igfxcui - igfxdev.dll
SEH: CShellExecuteHookImpl Object: {57b86673-276a-48b2-bae7-c6dbb3020eb8} - c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-12-5 64512]
R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver;c:\program files\grisoft\avg anti-spyware 7.5\guard.sys [2007-5-30 11000]
R1 AvgAsCln;AVG Anti-Spyware Clean Driver;c:\windows\system32\drivers\AvgAsCln.sys [2011-12-5 10872]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-10-1 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-1 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-10-1 269480]
R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard;c:\program files\grisoft\avg anti-spyware 7.5\guard.exe [2007-5-30 312880]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-1 66616]
R2 UDisk Monitor;UDisk Monitor;c:\program files\reliance netconnect+\bin\MonServiceUDisk.exe [2011-9-23 512000]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2011-9-3 109960]
R3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\drivers\rtsuvc.sys [2011-9-3 73088]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2011-9-23 105472]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-9-3 1691480]
S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
S3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2011-9-3 62576]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
S3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]
.
=============== Created Last 30 ================
.
2011-12-06 10:42:03 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-12-06 10:42:03 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-12-06 10:41:58 -------- d-----w- c:\program files\Trojan Remover
2011-12-06 10:41:58 -------- d-----w- c:\documents and settings\all users\application data\Simply Super Software
2011-12-06 10:41:58 -------- d-----w- c:\documents and settings\admin\application data\Simply Super Software
2011-12-05 08:27:10 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-05 03:25:07 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-12-05 03:05:14 -------- d-----w- c:\documents and settings\admin\application data\Grisoft
2011-12-05 03:05:07 10872 ----a-w- c:\windows\system32\drivers\AvgAsCln.sys
2011-12-05 03:05:05 -------- d-----w- c:\documents and settings\all users\application data\Grisoft
2011-12-05 02:57:58 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2011-12-05 02:44:59 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-05 02:44:59 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-12-05 02:41:59 -------- d-----w- c:\documents and settings\admin\local settings\application data\adaware
2011-12-05 02:41:56 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2011-12-05 02:41:53 -------- d-----w- c:\program files\Toolbar Cleaner
2011-12-05 02:41:51 -------- d-----w- c:\documents and settings\admin\application data\adawaretb
2011-12-05 02:41:49 -------- d-----w- c:\program files\adawaretb
2011-12-05 02:41:39 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-12-05 02:41:15 -------- d-----w- c:\program files\Lavasoft
2011-12-05 02:22:50 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-12-05 02:07:36 388608 ----a-w- c:\program files\HiJackThis1991.exe
2011-12-04 16:47:48 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-12-04 16:47:47 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-12-04 16:47:47 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-12-04 16:02:34 -------- d-----w- C:\sh4ldr
2011-12-04 16:02:34 -------- d-----w- c:\program files\Enigma Software Group
2011-12-04 16:02:10 -------- d-----w- c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP
2011-12-04 16:02:06 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2011-12-04 15:22:04 20129 ----a-w- c:\documents and settings\admin\application data\133.tmp
2011-12-04 13:53:11 109187 ----a-w- c:\documents and settings\admin\application data\EA.tmp
2011-12-04 08:15:49 152868 ----a-w- c:\documents and settings\admin\application data\Qbrqrg.exe.vir
2011-11-28 10:18:48 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-11-28 10:18:48 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-12-05 03:30:14 24576 ----a-w- c:\windows\system32\userinit.exe
2011-09-27 12:32:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 18:45:15.96 ===============






GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-10 19:10:57
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS543225A7A384 rev.ESBOA60W
Running: n3jx62jk.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\pxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT BA747CB4 ZwClose
SSDT BA747C6E ZwCreateKey
SSDT BA747CBE ZwCreateSection
SSDT BA747C64 ZwCreateThread
SSDT BA747C73 ZwDeleteKey
SSDT BA747C7D ZwDeleteValueKey
SSDT BA747CAF ZwDuplicateObject
SSDT BA747C82 ZwLoadKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess [0xBA7488AC]
SSDT BA747C55 ZwOpenThread
SSDT BA747C8C ZwReplaceKey
SSDT BA747C87 ZwRestoreKey
SSDT BA747CC3 ZwSetContextThread
SSDT BA747C78 ZwSetValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess [0xBA748812]

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\admin\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01580001
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] WS2_32.dll!WSALookupServiceNextW 71AB2E99 6 Bytes JMP 71A60F5A
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] WS2_32.dll!WSALookupServiceEnd 71AB3226 6 Bytes JMP 71A30F5A
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] WS2_32.dll!WSALookupServiceBeginW 71AB3307 6 Bytes JMP 71AF0F5A
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] WS2_32.dll!send 71AB428A 6 Bytes JMP 71A00F5A
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 71970F5A
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] WS2_32.dll!recv 71AB615A 6 Bytes JMP 719D0F5A
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 719A0F5A
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3412] WS2_32.dll!WSAGetOverlappedResult 71AC0D03 6 Bytes JMP 71940F5A
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3520] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\admin\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]

---- EOF - GMER 1.0.15 ----

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

• Do not run any other tool untill instructed to do so!
  
• please Do not Attach logs or put in code boxes.
  
• Tell me about any problems that have occurred during the fix.
  
• Tell me of any other symptoms you may be having as these can help also.
  
• Do not run anything while running a fix.
  
• Do not run any other tool untill instructed to do so!

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

In your next post I need the following


• Log from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now?

Gringo

Sir, combofix requests updation of recovery console, but i do not have the Windows CD, what is to be done?
thrice the computer showed a blue screen saying a serious problem occured and restarted
How do i proceed now,please?

stay connected to internet and combofix will download what it needs


gringo

Sir,

combofix runs for 3 secs and the screen turns dark blue saying 'a problem occured in your computer and the entire page contained some information which appeared just for 2 secs and the machine shut down and restarted, when i ran combofix again, same thing happened, and i was connected to the internet throughout.

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo

Sir,
Yesterday when i ran avira scan,
it detected WORM/Diver.a and the default action was quarantine
in the quarantine, at the end of this post i have copy pasted that log also sir

and with tdsskilller,
No threats found.







13:17:41.0578 3952 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
13:17:41.0656 3952 ============================================================
13:17:41.0656 3952 Current date / time: 2011/12/12 13:17:41.0656
13:17:41.0656 3952 SystemInfo:
13:17:41.0656 3952
13:17:41.0656 3952 OS Version: 5.1.2600 ServicePack: 2.0
13:17:41.0656 3952 Product type: Workstation
13:17:41.0656 3952 ComputerName: HEMA
13:17:41.0656 3952 UserName: admin
13:17:41.0656 3952 Windows directory: C:\WINDOWS
13:17:41.0656 3952 System windows directory: C:\WINDOWS
13:17:41.0656 3952 Processor architecture: Intel x86
13:17:41.0656 3952 Number of processors: 2
13:17:41.0656 3952 Page size: 0x1000
13:17:41.0656 3952 Boot type: Normal boot
13:17:41.0656 3952 ============================================================
13:17:43.0312 3952 Initialize success
13:17:45.0625 3968 ============================================================
13:17:45.0625 3968 Scan started
13:17:45.0625 3968 Mode: Manual;
13:17:45.0625 3968 ============================================================
13:17:46.0671 3968 Abiosdsk - ok
13:17:46.0703 3968 abp480n5 - ok
13:17:46.0781 3968 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:17:46.0781 3968 ACPI - ok
13:17:46.0875 3968 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
13:17:46.0875 3968 ACPIEC - ok
13:17:46.0890 3968 adpu160m - ok
13:17:46.0937 3968 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys
13:17:46.0953 3968 aec - ok
13:17:47.0046 3968 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
13:17:47.0046 3968 AFD - ok
13:17:47.0109 3968 Aha154x - ok
13:17:47.0140 3968 aic78u2 - ok
13:17:47.0171 3968 aic78xx - ok
13:17:47.0265 3968 AliIde - ok
13:17:47.0375 3968 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
13:17:47.0421 3968 Ambfilt - ok
13:17:47.0500 3968 amsint - ok
13:17:47.0546 3968 asc - ok
13:17:47.0562 3968 asc3350p - ok
13:17:47.0578 3968 asc3550 - ok
13:17:47.0640 3968 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys
13:17:47.0640 3968 AsusACPI - ok
13:17:47.0687 3968 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:17:47.0687 3968 AsyncMac - ok
13:17:47.0781 3968 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:17:47.0781 3968 atapi - ok
13:17:47.0812 3968 Atdisk - ok
13:17:47.0890 3968 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:17:47.0890 3968 Atmarpc - ok
13:17:48.0078 3968 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:17:48.0093 3968 audstub - ok
13:17:48.0312 3968 AVG Anti-Spyware Driver (d6f4c1450699901048818b0c3aaf7a17) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
13:17:48.0312 3968 AVG Anti-Spyware Driver - ok
13:17:48.0562 3968 AvgAsCln (856b0cee009946bf2d327e6b24fe7e3f) C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
13:17:48.0562 3968 AvgAsCln - ok
13:17:48.0734 3968 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
13:17:48.0734 3968 avgio - ok
13:17:48.0859 3968 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
13:17:48.0859 3968 avgntflt - ok
13:17:48.0968 3968 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
13:17:48.0968 3968 avipbb - ok
13:17:49.0171 3968 BCM43XX (d9c373cd4a399d133d7444a7274fd0e9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
13:17:49.0234 3968 BCM43XX - ok
13:17:49.0343 3968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:17:49.0343 3968 Beep - ok
13:17:49.0421 3968 btaudio (4c1e8749d280f9b8e41c4eff6a6bbc04) C:\WINDOWS\system32\drivers\btaudio.sys
13:17:49.0437 3968 btaudio - ok
13:17:49.0531 3968 BTDriver (a47b37b97f9348e81a60c44b99011416) C:\WINDOWS\system32\DRIVERS\btport.sys
13:17:49.0531 3968 BTDriver - ok
13:17:49.0687 3968 BTKRNL (c5a0bb83ada38f6fc0a2338dfac789d1) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
13:17:49.0703 3968 BTKRNL - ok
13:17:49.0828 3968 BTWDNDIS (eb80e51cb4045571066d8ad1871e284e) C:\WINDOWS\system32\DRIVERS\btwdndis.sys
13:17:49.0828 3968 BTWDNDIS - ok
13:17:49.0968 3968 btwhid (276eff0a93014f810cf1a8be41df736c) C:\WINDOWS\system32\DRIVERS\btwhid.sys
13:17:49.0968 3968 btwhid - ok
13:17:50.0031 3968 BTWUSB (f9b15cfaef98d8117313c6c4215b9eac) C:\WINDOWS\system32\Drivers\btwusb.sys
13:17:50.0031 3968 BTWUSB - ok
13:17:50.0156 3968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:17:50.0156 3968 cbidf2k - ok
13:17:50.0265 3968 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:17:50.0265 3968 CCDECODE - ok
13:17:50.0343 3968 cd20xrnt - ok
13:17:50.0406 3968 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:17:50.0406 3968 Cdaudio - ok
13:17:50.0515 3968 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
13:17:50.0515 3968 Cdfs - ok
13:17:50.0625 3968 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:17:50.0640 3968 Cdrom - ok
13:17:50.0718 3968 Changer - ok
13:17:50.0796 3968 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
13:17:50.0812 3968 CmBatt - ok
13:17:50.0875 3968 CmdIde - ok
13:17:50.0953 3968 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
13:17:50.0953 3968 Compbatt - ok
13:17:51.0062 3968 Cpqarray - ok
13:17:51.0125 3968 dac2w2k - ok
13:17:51.0203 3968 dac960nt - ok
13:17:51.0406 3968 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
13:17:51.0406 3968 Disk - ok
13:17:51.0531 3968 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
13:17:51.0546 3968 dmboot - ok
13:17:51.0671 3968 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
13:17:51.0671 3968 dmio - ok
13:17:51.0781 3968 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:17:51.0781 3968 dmload - ok
13:17:51.0906 3968 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
13:17:51.0906 3968 DMusic - ok
13:17:52.0000 3968 dpti2o - ok
13:17:52.0062 3968 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
13:17:52.0062 3968 drmkaud - ok
13:17:52.0156 3968 esgiguard - ok
13:17:52.0265 3968 ETD (a8ef594bc01ce9b41417506296f3f470) C:\WINDOWS\system32\DRIVERS\ETD.sys
13:17:52.0265 3968 ETD - ok
13:17:52.0406 3968 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
13:17:52.0406 3968 Fastfat - ok
13:17:52.0546 3968 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys
13:17:52.0546 3968 Fdc - ok
13:17:52.0640 3968 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
13:17:52.0656 3968 Fips - ok
13:17:52.0734 3968 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:17:52.0734 3968 Flpydisk - ok
13:17:52.0843 3968 FltMgr (54fd90f0038f07920cb9fb6591bde82f) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:17:52.0843 3968 FltMgr - ok
13:17:53.0000 3968 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:17:53.0000 3968 Fs_Rec - ok
13:17:53.0093 3968 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:17:53.0093 3968 Ftdisk - ok
13:17:53.0203 3968 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:17:53.0203 3968 Gpc - ok
13:17:53.0312 3968 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:17:53.0312 3968 HDAudBus - ok
13:17:53.0421 3968 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:17:53.0421 3968 HidUsb - ok
13:17:53.0500 3968 hpn - ok
13:17:53.0562 3968 HTTP (c19b522a9ae0bbc3293397f3055e80a1) C:\WINDOWS\system32\Drivers\HTTP.sys
13:17:53.0578 3968 HTTP - ok
13:17:53.0656 3968 i2omgmt - ok
13:17:53.0687 3968 i2omp - ok
13:17:53.0765 3968 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:17:53.0765 3968 i8042prt - ok
13:17:53.0921 3968 ialm (601c76224d741fe70afc4298c0a04213) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:17:53.0968 3968 ialm - ok
13:17:54.0078 3968 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:17:54.0078 3968 Imapi - ok
13:17:54.0171 3968 ini910u - ok
13:17:54.0421 3968 IntcAzAudAddService (6eae4218b9cab2c1f55d0f2b7bdfde8c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:17:54.0515 3968 IntcAzAudAddService - ok
13:17:54.0593 3968 IntelIde - ok
13:17:54.0656 3968 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:17:54.0656 3968 intelppm - ok
13:17:54.0750 3968 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:17:54.0765 3968 Ip6Fw - ok
13:17:54.0828 3968 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:17:54.0828 3968 IpFilterDriver - ok
13:17:54.0937 3968 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:17:54.0937 3968 IpInIp - ok
13:17:54.0984 3968 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:17:54.0984 3968 IpNat - ok
13:17:55.0046 3968 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:17:55.0046 3968 IPSec - ok
13:17:55.0156 3968 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:17:55.0156 3968 IRENUM - ok
13:17:55.0265 3968 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:17:55.0281 3968 isapnp - ok
13:17:55.0375 3968 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:17:55.0375 3968 Kbdclass - ok
13:17:55.0531 3968 kbfiltr (7f2b8d0b31fb4a797e5786ef124c5a80) C:\WINDOWS\system32\DRIVERS\kbfiltr.sys
13:17:55.0531 3968 kbfiltr - ok
13:17:55.0687 3968 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys
13:17:55.0703 3968 kmixer - ok
13:17:55.0890 3968 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
13:17:55.0953 3968 KSecDD - ok
13:17:56.0109 3968 L1c (9a2e2a27a1adea20a481a1aeb42f0039) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
13:17:56.0125 3968 L1c - ok
13:17:56.0343 3968 lbrtfdc - ok
13:17:56.0484 3968 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:17:56.0484 3968 mnmdd - ok
13:17:56.0609 3968 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
13:17:56.0609 3968 Modem - ok
13:17:56.0906 3968 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
13:17:57.0093 3968 Monfilt - ok
13:17:57.0187 3968 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:17:57.0187 3968 Mouclass - ok
13:17:57.0296 3968 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:17:57.0296 3968 mouhid - ok
13:17:57.0359 3968 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
13:17:57.0359 3968 MountMgr - ok
13:17:57.0453 3968 mraid35x - ok
13:17:57.0546 3968 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:17:57.0546 3968 MRxDAV - ok
13:17:57.0671 3968 MRxSmb (1fd607fc67f7f7c633c3da65bfc53d18) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:17:57.0687 3968 MRxSmb - ok
13:17:57.0796 3968 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
13:17:57.0796 3968 Msfs - ok
13:17:57.0921 3968 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:17:57.0921 3968 MSKSSRV - ok
13:17:58.0062 3968 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:17:58.0062 3968 MSPCLOCK - ok
13:17:58.0171 3968 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
13:17:58.0171 3968 MSPQM - ok
13:17:58.0281 3968 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:17:58.0281 3968 mssmbios - ok
13:17:58.0390 3968 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
13:17:58.0406 3968 MSTEE - ok
13:17:58.0500 3968 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
13:17:58.0500 3968 Mup - ok
13:17:58.0609 3968 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:17:58.0609 3968 NABTSFEC - ok
13:17:58.0718 3968 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
13:17:58.0734 3968 NDIS - ok
13:17:58.0828 3968 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:17:58.0828 3968 NdisIP - ok
13:17:58.0953 3968 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:17:58.0953 3968 NdisTapi - ok
13:17:59.0046 3968 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:17:59.0046 3968 Ndisuio - ok
13:17:59.0140 3968 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:17:59.0140 3968 NdisWan - ok
13:17:59.0250 3968 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
13:17:59.0265 3968 NDProxy - ok
13:17:59.0359 3968 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:17:59.0359 3968 NetBIOS - ok
13:17:59.0468 3968 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:17:59.0484 3968 NetBT - ok
13:17:59.0640 3968 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
13:17:59.0640 3968 Npfs - ok
13:17:59.0765 3968 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
13:17:59.0781 3968 Ntfs - ok
13:17:59.0906 3968 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:17:59.0921 3968 Null - ok
13:18:00.0031 3968 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:18:00.0031 3968 NwlnkFlt - ok
13:18:00.0156 3968 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:18:00.0156 3968 NwlnkFwd - ok
13:18:00.0250 3968 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\drivers\Parport.sys
13:18:00.0250 3968 Parport - ok
13:18:00.0359 3968 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
13:18:00.0359 3968 PartMgr - ok
13:18:00.0390 3968 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:18:00.0390 3968 ParVdm - ok
13:18:00.0468 3968 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
13:18:00.0468 3968 PCI - ok
13:18:00.0484 3968 PCIDump - ok
13:18:00.0500 3968 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:18:00.0500 3968 PCIIde - ok
13:18:00.0546 3968 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:18:00.0562 3968 Pcmcia - ok
13:18:00.0609 3968 PDCOMP - ok
13:18:00.0640 3968 PDFRAME - ok
13:18:00.0687 3968 PDRELI - ok
13:18:00.0734 3968 PDRFRAME - ok
13:18:00.0765 3968 perc2 - ok
13:18:00.0828 3968 perc2hib - ok
13:18:00.0984 3968 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:18:00.0984 3968 PptpMiniport - ok
13:18:01.0062 3968 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
13:18:01.0062 3968 PSched - ok
13:18:01.0093 3968 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:18:01.0093 3968 Ptilink - ok
13:18:01.0203 3968 ql1080 - ok
13:18:01.0265 3968 Ql10wnt - ok
13:18:01.0421 3968 ql12160 - ok
13:18:01.0781 3968 ql1240 - ok
13:18:02.0000 3968 ql1280 - ok
13:18:02.0125 3968 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:18:02.0125 3968 RasAcd - ok
13:18:02.0250 3968 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:18:02.0250 3968 Rasl2tp - ok
13:18:02.0390 3968 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:18:02.0390 3968 RasPppoe - ok
13:18:02.0468 3968 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:18:02.0484 3968 Raspti - ok
13:18:02.0562 3968 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:18:02.0562 3968 Rdbss - ok
13:18:02.0656 3968 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:18:02.0656 3968 RDPCDD - ok
13:18:02.0734 3968 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:18:02.0750 3968 rdpdr - ok
13:18:02.0890 3968 RDPWD (d4f5643d7714ef499ae9527fdcd50894) C:\WINDOWS\system32\drivers\RDPWD.sys
13:18:02.0890 3968 RDPWD - ok
13:18:03.0296 3968 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:18:03.0312 3968 redbook - ok
13:18:03.0468 3968 RkHit - ok
13:18:03.0687 3968 rtsuvc (83d828327c685df6dd1ca065956955b4) C:\WINDOWS\system32\DRIVERS\rtsuvc.sys
13:18:03.0703 3968 rtsuvc - ok
13:18:03.0890 3968 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:18:03.0906 3968 Secdrv - ok
13:18:04.0078 3968 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys
13:18:04.0078 3968 Serial - ok
13:18:04.0406 3968 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:18:04.0406 3968 Sfloppy - ok
13:18:04.0578 3968 Simbad - ok
13:18:04.0734 3968 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:18:04.0734 3968 SLIP - ok
13:18:04.0843 3968 Sparrow - ok
13:18:05.0156 3968 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys
13:18:05.0156 3968 splitter - ok
13:18:05.0296 3968 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
13:18:05.0296 3968 sr - ok
13:18:05.0437 3968 Srv (20b7e396720353e4117d64d9dcb926ca) C:\WINDOWS\system32\DRIVERS\srv.sys
13:18:05.0453 3968 Srv - ok
13:18:05.0578 3968 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
13:18:05.0578 3968 ssmdrv - ok
13:18:05.0750 3968 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:18:05.0765 3968 streamip - ok
13:18:05.0906 3968 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:18:05.0906 3968 swenum - ok
13:18:06.0062 3968 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
13:18:06.0062 3968 swmidi - ok
13:18:06.0156 3968 symc810 - ok
13:18:06.0187 3968 symc8xx - ok
13:18:06.0250 3968 sym_hi - ok
13:18:06.0296 3968 sym_u3 - ok
13:18:06.0359 3968 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
13:18:06.0359 3968 sysaudio - ok
13:18:06.0515 3968 Tcpip (9f4b36614a0fc234525ba224957de55c) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:18:06.0515 3968 Tcpip - ok
13:18:06.0625 3968 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:18:06.0625 3968 TDPIPE - ok
13:18:06.0734 3968 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
13:18:06.0734 3968 TDTCP - ok
13:18:06.0843 3968 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:18:06.0843 3968 TermDD - ok
13:18:06.0953 3968 TosIde - ok
13:18:07.0000 3968 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
13:18:07.0015 3968 Udfs - ok
13:18:07.0093 3968 ultra - ok
13:18:07.0171 3968 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
13:18:07.0171 3968 Update - ok
13:18:07.0281 3968 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:18:07.0296 3968 usbccgp - ok
13:18:07.0406 3968 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:18:07.0406 3968 usbehci - ok
13:18:07.0546 3968 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:18:07.0546 3968 usbhub - ok
13:18:07.0640 3968 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:18:07.0640 3968 usbscan - ok
13:18:07.0750 3968 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:18:07.0750 3968 usbstor - ok
13:18:07.0859 3968 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:18:07.0859 3968 usbuhci - ok
13:18:07.0968 3968 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
13:18:07.0968 3968 usbvideo - ok
13:18:08.0078 3968 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
13:18:08.0078 3968 VgaSave - ok
13:18:08.0156 3968 ViaIde - ok
13:18:08.0234 3968 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
13:18:08.0234 3968 VolSnap - ok
13:18:08.0328 3968 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:18:08.0328 3968 Wanarp - ok
13:18:08.0343 3968 WDICA - ok
13:18:08.0390 3968 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys
13:18:08.0390 3968 wdmaud - ok
13:18:08.0546 3968 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:18:08.0546 3968 WmiAcpi - ok
13:18:08.0671 3968 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:18:08.0687 3968 WSTCODEC - ok
13:18:08.0796 3968 ztemtusbser (4b6dfadd45c19ad43fd56b965efd2dc3) C:\WINDOWS\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
13:18:08.0812 3968 ztemtusbser - ok
13:18:08.0859 3968 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
13:18:09.0062 3968 \Device\Harddisk0\DR0 - ok
13:18:09.0093 3968 Boot (0x1200) (8bf3a6c73ffe5dd091a8a98ecc62376a) \Device\Harddisk0\DR0\Partition0
13:18:09.0093 3968 \Device\Harddisk0\DR0\Partition0 - ok
13:18:09.0109 3968 Boot (0x1200) (23e41949acb7a356b44cf843f1466392) \Device\Harddisk0\DR0\Partition1
13:18:09.0109 3968 \Device\Harddisk0\DR0\Partition1 - ok
13:18:09.0109 3968 ============================================================
13:18:09.0109 3968 Scan finished
13:18:09.0109 3968 ============================================================
13:18:09.0140 3960 Detected object count: 0
13:18:09.0140 3960 Actual detected object count: 0





































Avira AntiVir Personal
Report file date: Sunday, December 11, 2011 08:29

Scanning for 3552762 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HEMA

Version information:
BUILD.DAT : 10.2.0.704 35934 Bytes 9/28/2011 13:34:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 7/21/2011 06:42:28
AVSCAN.DLL : 10.0.5.0 47464 Bytes 7/21/2011 06:45:00
LUKE.DLL : 10.3.0.5 45416 Bytes 7/21/2011 06:43:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 19:10:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 7/21/2011 06:42:28
AVREG.DLL : 10.3.0.9 90472 Bytes 7/21/2011 06:42:21
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 04:35:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 02:23:55
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 02:23:56
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 06:44:25
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 06:44:28
VBASE005.VDF : 7.11.10.251 1788416 Bytes 7/7/2011 06:44:29
VBASE006.VDF : 7.11.13.60 6411776 Bytes 8/16/2011 03:56:09
VBASE007.VDF : 7.11.15.106 2389504 Bytes 10/5/2011 11:36:13
VBASE008.VDF : 7.11.18.32 2132992 Bytes 11/24/2011 13:39:21
VBASE009.VDF : 7.11.18.33 2048 Bytes 11/24/2011 13:39:21
VBASE010.VDF : 7.11.18.34 2048 Bytes 11/24/2011 13:39:22
VBASE011.VDF : 7.11.18.35 2048 Bytes 11/24/2011 13:39:22
VBASE012.VDF : 7.11.18.36 2048 Bytes 11/24/2011 13:39:23
VBASE013.VDF : 7.11.18.89 204800 Bytes 11/28/2011 08:42:10
VBASE014.VDF : 7.11.18.145 143872 Bytes 12/1/2011 08:12:59
VBASE015.VDF : 7.11.18.180 173056 Bytes 12/2/2011 08:13:04
VBASE016.VDF : 7.11.18.208 164864 Bytes 12/5/2011 08:13:08
VBASE017.VDF : 7.11.18.239 177152 Bytes 12/6/2011 02:43:41
VBASE018.VDF : 7.11.19.36 171520 Bytes 12/9/2011 02:43:51
VBASE019.VDF : 7.11.19.37 2048 Bytes 12/9/2011 02:43:53
VBASE020.VDF : 7.11.19.38 2048 Bytes 12/9/2011 02:43:55
VBASE021.VDF : 7.11.19.39 2048 Bytes 12/9/2011 02:43:56
VBASE022.VDF : 7.11.19.40 2048 Bytes 12/9/2011 02:43:57
VBASE023.VDF : 7.11.19.41 2048 Bytes 12/9/2011 02:43:57
VBASE024.VDF : 7.11.19.42 2048 Bytes 12/9/2011 02:43:57
VBASE025.VDF : 7.11.19.43 2048 Bytes 12/9/2011 02:43:58
VBASE026.VDF : 7.11.19.44 2048 Bytes 12/9/2011 02:43:58
VBASE027.VDF : 7.11.19.45 2048 Bytes 12/9/2011 02:43:59
VBASE028.VDF : 7.11.19.46 2048 Bytes 12/9/2011 02:43:59
VBASE029.VDF : 7.11.19.47 2048 Bytes 12/9/2011 02:43:59
VBASE030.VDF : 7.11.19.48 2048 Bytes 12/9/2011 02:44:00
VBASE031.VDF : 7.11.19.57 46592 Bytes 12/9/2011 02:44:02
Engineversion : 8.2.6.134
AEVDF.DLL : 8.1.2.2 106868 Bytes 11/29/2011 08:45:04
AESCRIPT.DLL : 8.1.3.90 491899 Bytes 12/11/2011 02:45:00
AESCN.DLL : 8.1.7.2 127349 Bytes 4/21/2011 02:23:27
AESBX.DLL : 8.2.4.5 434549 Bytes 12/6/2011 08:14:42
AERDL.DLL : 8.1.9.15 639348 Bytes 10/1/2011 13:40:31
AEPACK.DLL : 8.2.14.5 741751 Bytes 12/11/2011 02:44:55
AEOFFICE.DLL : 8.1.2.21 201084 Bytes 12/6/2011 08:14:17
AEHEUR.DLL : 8.1.3.6 3895670 Bytes 12/11/2011 02:44:46
AEHELP.DLL : 8.1.18.0 254327 Bytes 11/29/2011 08:43:11
AEGEN.DLL : 8.1.5.17 405877 Bytes 12/11/2011 02:44:07
AEEMU.DLL : 8.1.3.0 393589 Bytes 4/21/2011 02:23:14
AECORE.DLL : 8.1.24.0 196983 Bytes 11/29/2011 08:42:41
AEBB.DLL : 8.1.1.0 53618 Bytes 4/21/2011 02:23:14
AVWINLL.DLL : 10.0.0.0 19304 Bytes 4/21/2011 02:23:36
AVPREF.DLL : 10.0.3.2 44904 Bytes 7/21/2011 06:42:20
AVREP.DLL : 10.0.0.10 174120 Bytes 7/21/2011 06:42:22
AVARKT.DLL : 10.0.26.1 255336 Bytes 7/21/2011 06:42:00
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 7/21/2011 06:42:10
SQLITE3.DLL : 3.6.19.0 355688 Bytes 7/21/2011 09:42:31
AVSMTP.DLL : 10.0.0.17 63848 Bytes 4/21/2011 02:23:36
NETNT.DLL : 10.0.0.0 11624 Bytes 4/21/2011 02:23:46
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 7/21/2011 06:45:09
RCTEXT.DLL : 10.0.64.0 97640 Bytes 7/21/2011 06:45:09

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced

Start of the scan: Sunday, December 11, 2011 08:29

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '27' Module(s) have been scanned
Scan process 'msdtc.exe' - '39' Module(s) have been scanned
Scan process 'dllhost.exe' - '57' Module(s) have been scanned
Scan process 'dllhost.exe' - '44' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'chrome.exe' - '52' Module(s) have been scanned
Scan process 'avcenter.exe' - '61' Module(s) have been scanned
Scan process 'chrome.exe' - '40' Module(s) have been scanned
Scan process 'chrome.exe' - '40' Module(s) have been scanned
Scan process 'chrome.exe' - '40' Module(s) have been scanned
Scan process 'chrome.exe' - '40' Module(s) have been scanned
Scan process 'chrome.exe' - '65' Module(s) have been scanned
Scan process 'BTTray.exe' - '45' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '32' Module(s) have been scanned
Scan process 'uTorrent.exe' - '51' Module(s) have been scanned
Scan process 'ETDCtrlHelper.exe' - '23' Module(s) have been scanned
Scan process 'avgas.exe' - '43' Module(s) have been scanned
Scan process 'adawarebp.exe' - '46' Module(s) have been scanned
Scan process 'avgnt.exe' - '48' Module(s) have been scanned
Scan process 'igfxext.exe' - '17' Module(s) have been scanned
Scan process 'ETDCtrl.exe' - '34' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '35' Module(s) have been scanned
Scan process 'AsTray.exe' - '28' Module(s) have been scanned
Scan process 'AsEPCMon.exe' - '9' Module(s) have been scanned
Scan process 'AsAcpiSvr.exe' - '46' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '20' Module(s) have been scanned
Scan process 'hkcmd.exe' - '22' Module(s) have been scanned
Scan process 'igfxtray.exe' - '23' Module(s) have been scanned
Scan process 'alg.exe' - '31' Module(s) have been scanned
Scan process 'btwdins.exe' - '24' Module(s) have been scanned
Scan process 'Explorer.EXE' - '87' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'MonServiceUDisk.exe' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'guard.exe' - '24' Module(s) have been scanned
Scan process 'avguard.exe' - '52' Module(s) have been scanned
Scan process 'sched.exe' - '41' Module(s) have been scanned
Scan process 'spoolsv.exe' - '58' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'svchost.exe' - '29' Module(s) have been scanned
Scan process 'svchost.exe' - '156' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '49' Module(s) have been scanned
Scan process 'lsass.exe' - '61' Module(s) have been scanned
Scan process 'services.exe' - '35' Module(s) have been scanned
Scan process 'winlogon.exe' - '62' Module(s) have been scanned
Scan process 'csrss.exe' - '11' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '418' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\admin\Application Data\EA.tmp
[DETECTION] Contains recognition pattern of the WORM/Diver.A worm
Begin scan in 'D:\'

Beginning disinfection:
The registration entry <HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit> was successfully repaired.
C:\Documents and Settings\admin\Application Data\EA.tmp
[DETECTION] Contains recognition pattern of the WORM/Diver.A worm
[NOTE] A backup was created as '442881d4.qua' ( QUARANTINE )
[NOTE] The file was deleted!


End of the scan: Sunday, December 11, 2011 09:05
Used time: 32:13 Minute(s)

The scan has been done completely.

2270 Scanned directories
129803 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
1 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
129802 Files not concerned
1874 Archives were scanned
0 Warnings
1 Notes
397910 Objects were scanned with rootkit scan
0 Hidden objects were found

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.

• Double click the aswMBR.exe icon to run it
  
• Click the Scan button to start the scan
  
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo

Sir,

the log showed 2 infected files :


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-12 19:46:17
-----------------------------
19:46:17.921 OS Version: Windows 5.1.2600 Service Pack 2
19:46:17.921 Number of processors: 2 586 0x1C0A
19:46:17.921 ComputerName: HEMA UserName:
19:46:18.515 Initialize success
20:14:24.640 AVAST engine defs: 11121200
20:15:37.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:15:37.156 Disk 0 Vendor: Hitachi_HTS543225A7A384 ESBOA60W Size: 238475MB BusType: 3
20:15:39.187 Disk 0 MBR read successfully
20:15:39.187 Disk 0 MBR scan
20:15:39.281 Disk 0 Windows XP default MBR code
20:15:39.281 Disk 0 scanning sectors +488376000
20:15:39.390 Disk 0 scanning C:\WINDOWS\system32\drivers
20:15:57.937 Service scanning
20:15:59.343 Modules scanning
20:16:06.390 Disk 0 trace - called modules:
20:16:06.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
20:16:06.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89e32030]
20:16:06.406 3 CLASSPNP.SYS[ba0e905b] -> nt!IofCallDriver -> \Device\0000006b[0x89e319e8]
20:16:06.421 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89dd3940]
20:16:07.000 AVAST engine scan C:\WINDOWS
20:16:24.671 AVAST engine scan C:\WINDOWS\system32
20:19:26.953 AVAST engine scan C:\WINDOWS\system32\drivers
20:19:46.343 AVAST engine scan C:\Documents and Settings\admin
20:19:46.500 File: C:\Documents and Settings\admin\Application Data\133.tmp **INFECTED** Win32:Kolab-PH [Trj]
20:19:54.671 File: C:\Documents and Settings\admin\Application Data\Qbrqrg.exe.vir **INFECTED** Win32:Malware-gen
20:23:04.218 AVAST engine scan C:\Documents and Settings\All Users
20:23:27.234 Scan finished successfully
20:23:48.078 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\admin\Desktop\MBR.dat"
20:23:48.093 The log file has been saved successfully to "C:\Documents and Settings\admin\Desktop\aswMBR.txt"

Hello

I would like you to run this tool for me - fixTDSS

download it to your desktop and start the program

Follow the prompts and Ok any security prompts

when it is complete it will say the infection was cleared or no infection was found - let me know what it says

after it is complete I want you to restart the computer and try to rerun ASWMbr for me and send me the report

• Double click the aswMBR.exe icon to run it
  
• Click the Scan button to start the scan
  
• On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo

Sir,

Fixtdss said backdoor.tidserv was not found in the computer and closed.


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-15 06:49:11
-----------------------------
06:49:11.687 OS Version: Windows 5.1.2600 Service Pack 2
06:49:11.687 Number of processors: 2 586 0x1C0A
06:49:11.687 ComputerName: HEMA UserName:
06:49:12.281 Initialize success
07:16:56.281 AVAST engine defs: 11121402
07:20:31.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:20:31.312 Disk 0 Vendor: Hitachi_HTS543225A7A384 ESBOA60W Size: 238475MB BusType: 3
07:20:33.656 Disk 0 MBR read successfully
07:20:33.671 Disk 0 MBR scan
07:20:33.734 Disk 0 Windows XP default MBR code
07:20:33.765 Disk 0 scanning sectors +488376000
07:20:33.875 Disk 0 scanning C:\WINDOWS\system32\drivers
07:20:51.437 Service scanning
07:20:52.687 Modules scanning
07:20:59.046 Disk 0 trace - called modules:
07:20:59.062 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:20:59.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89de9288]
07:20:59.062 3 CLASSPNP.SYS[ba0e905b] -> nt!IofCallDriver -> \Device\0000006b[0x89dda9e8]
07:20:59.062 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89ddad98]
07:20:59.671 AVAST engine scan C:\WINDOWS
07:21:16.812 AVAST engine scan C:\WINDOWS\system32
07:24:15.062 AVAST engine scan C:\WINDOWS\system32\drivers
07:24:35.125 AVAST engine scan C:\Documents and Settings\admin
07:24:35.265 File: C:\Documents and Settings\admin\Application Data\133.tmp **INFECTED** Win32:Kolab-PH [Trj]
07:24:43.421 File: C:\Documents and Settings\admin\Application Data\Qbrqrg.exe.vir **INFECTED** Win32:Malware-gen
07:28:23.546 AVAST engine scan C:\Documents and Settings\All Users
07:28:46.250 Scan finished successfully
07:29:43.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\admin\Desktop\MBR.dat"
07:29:43.015 The log file has been saved successfully to "C:\Documents and Settings\admin\Desktop\aswMBR.txt"

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

File::
C:\Documents and Settings\admin\Application Data\133.tmp
C:\Documents and Settings\admin\Application Data\Qbrqrg.exe.vir

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

In your next post I need the following


• report from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now after running the script?

Gringo

Sir, after running for a few secs,
before fixing , it said.. today's date is 15-12-2011, combofix is outdated , do u want to continue with reduced functionality or cancel? before i could click anything, 'a serious problem has occurred' blue page appeared and the computer restarted