i have all the logs you asked for..
ComboFix 11-03-06.01 - Carl 06/03/2011 23:40:20.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.353.1033.18.892.382 [GMT 0:00]
Running from: c:\users\Carl\Desktop\ComboFix.exe
Command switches used :: c:\users\Carl\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\A27C56FD.exe"
.
.
((((((((((((((((((((((((( Files Created from 2011-02-06 to 2011-03-06 )))))))))))))))))))))))))))))))
.
.
2011-03-06 23:51 . 2011-03-06 23:51 -------- d-----w- c:\users\Carl\AppData\Local\temp
2011-03-06 23:51 . 2011-03-06 23:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-03-06 23:51 . 2011-03-06 23:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-06 23:34 . 2011-03-06 23:34 -------- d-----w- c:\users\Carl\AppData\Roaming\Avira
2011-03-04 10:35 . 2011-02-23 09:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{39087762-DC60-499D-8EFC-C295D2817D40}\mpengine.dll
2011-03-03 20:34 . 2011-01-10 14:23 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-03 20:34 . 2011-01-10 14:23 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-03 20:34 . 2011-03-03 20:34 -------- d-----w- c:\programdata\Avira
2011-03-03 20:34 . 2011-03-03 20:34 -------- d-----w- c:\program files\Avira
2011-03-01 22:07 . 2009-12-14 12:44 88632 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2011-03-01 22:07 . 2009-12-14 12:44 39352 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2011-03-01 22:04 . 2011-03-01 22:04 -------- d-----w- c:\program files\Common Files\InfoWatch
2011-03-01 22:04 . 2011-03-02 04:02 -------- d-----w- c:\programdata\Kaspersky Lab
2011-03-01 22:04 . 2011-03-01 22:04 -------- d-----w- c:\program files\Kaspersky Lab
2011-03-01 21:46 . 2011-03-01 21:46 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2011-03-01 21:12 . 2011-03-06 23:23 1404 ----a-w- C:\FixitRegBackup.reg
2011-02-28 09:34 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AEA88E0-FF70-44C2-BF7B-31618E6DB91D}\mpengine.dll
2011-02-27 13:20 . 2011-02-27 13:20 86016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{23C67337-EDFC-4FB6-8C35-176303AE6E34}-TaskManager.exe
2011-02-26 20:58 . 2011-02-26 20:58 86016 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{5D143D63-2893-415B-8EA5-B5103DB99102}-TaskManager.exe
2011-02-24 23:10 . 2011-02-24 23:10 -------- d-----w- C:\_OTM
2011-02-24 08:12 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-02-24 08:11 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2011-02-24 08:11 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2011-02-24 08:11 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2011-02-24 08:11 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\wsmplpxy.dll
2011-02-24 08:11 . 2009-10-09 21:56 10240 ----a-w- c:\windows\system32\winrssrv.dll
2011-02-20 22:32 . 2011-03-01 20:06 -------- d-----w- c:\users\Carl\AppData\Roaming\dvdcss
2011-02-20 22:13 . 2011-02-20 22:14 -------- d-----w- C:\Downloads
2011-02-18 18:02 . 2011-02-19 11:45 -------- d-----w- C:\MGADiagToolOutput
2011-02-13 19:52 . 2011-01-06 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-02-13 19:51 . 2010-12-20 15:42 634648 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2011-02-13 19:49 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll
2011-02-13 19:49 . 2010-10-15 14:08 3548048 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-02-13 19:49 . 2010-10-15 14:08 3600272 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-02-13 19:49 . 2010-12-31 13:25 2038784 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-11 06:54 . 2010-11-25 12:17 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-02-02 17:11 . 2009-10-02 20:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-28 14:57 . 2011-01-12 22:59 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-20 18:09 . 2010-08-23 05:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 18:08 . 2010-08-23 05:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 15:49 . 2011-01-12 22:59 1169408 ----a-w- c:\windows\system32\sdclt.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 6144000]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 MpKsl043931fe;MpKsl043931fe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CB4BF60-28F3-41A1-A58C-63A2077BE244}\MpKsl043931fe.sys [x]
R1 MpKsl05486dce;MpKsl05486dce;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E1D7671-4664-4645-AEBC-2BF1A979B19B}\MpKsl05486dce.sys [x]
R1 MpKsl087a8610;MpKsl087a8610;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E621BE0B-EF0C-4ADB-8596-75893F29FC33}\MpKsl087a8610.sys [x]
R1 MpKsl116acfbe;MpKsl116acfbe;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8BFA235-30F0-4037-B6EB-9677CD30F6D1}\MpKsl116acfbe.sys [x]
R1 MpKsl1e9872b0;MpKsl1e9872b0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6CCE084-4291-4375-85C7-736BF8407A3D}\MpKsl1e9872b0.sys [x]
R1 MpKsl1fe1034e;MpKsl1fe1034e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42250DC0-17CF-460A-B83C-455966143A25}\MpKsl1fe1034e.sys [x]
R1 MpKsl232af958;MpKsl232af958;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKsl232af958.sys [x]
R1 MpKsl2630b016;MpKsl2630b016;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E621BE0B-EF0C-4ADB-8596-75893F29FC33}\MpKsl2630b016.sys [x]
R1 MpKsl2cdcd736;MpKsl2cdcd736;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKsl2cdcd736.sys [x]
R1 MpKsl2d2d137d;MpKsl2d2d137d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CB4BF60-28F3-41A1-A58C-63A2077BE244}\MpKsl2d2d137d.sys [x]
R1 MpKsl2e4f2bad;MpKsl2e4f2bad;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E621BE0B-EF0C-4ADB-8596-75893F29FC33}\MpKsl2e4f2bad.sys [x]
R1 MpKsl31f93767;MpKsl31f93767;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AEA88E0-FF70-44C2-BF7B-31618E6DB91D}\MpKsl31f93767.sys [x]
R1 MpKsl387f365a;MpKsl387f365a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5CB4BF60-28F3-41A1-A58C-63A2077BE244}\MpKsl387f365a.sys [x]
R1 MpKsl3d26ea74;MpKsl3d26ea74;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E621BE0B-EF0C-4ADB-8596-75893F29FC33}\MpKsl3d26ea74.sys [x]
R1 MpKsl47fb5354;MpKsl47fb5354;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E1D7671-4664-4645-AEBC-2BF1A979B19B}\MpKsl47fb5354.sys [x]
R1 MpKsl4f398684;MpKsl4f398684;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E1D7671-4664-4645-AEBC-2BF1A979B19B}\MpKsl4f398684.sys [x]
R1 MpKsl5f56ec47;MpKsl5f56ec47;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB828177-EE3E-48F9-8EF7-5A737C7BBED6}\MpKsl5f56ec47.sys [x]
R1 MpKsl62c2b9f4;MpKsl62c2b9f4;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5763317D-C956-4B29-A671-07280BF29BA9}\MpKsl62c2b9f4.sys [x]
R1 MpKsl74ef32c8;MpKsl74ef32c8;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6CCE084-4291-4375-85C7-736BF8407A3D}\MpKsl74ef32c8.sys [x]
R1 MpKsl797dbb70;MpKsl797dbb70;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E621BE0B-EF0C-4ADB-8596-75893F29FC33}\MpKsl797dbb70.sys [x]
R1 MpKsl85775efb;MpKsl85775efb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKsl85775efb.sys [x]
R1 MpKsl910e235a;MpKsl910e235a;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76007F20-AA1C-4659-88C1-2B2543E8FB43}\MpKsl910e235a.sys [x]
R1 MpKsl91d5f318;MpKsl91d5f318;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKsl91d5f318.sys [x]
R1 MpKsl92fd6e49;MpKsl92fd6e49;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKsl92fd6e49.sys [x]
R1 MpKsl9469d47c;MpKsl9469d47c;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E621BE0B-EF0C-4ADB-8596-75893F29FC33}\MpKsl9469d47c.sys [x]
R1 MpKsla317d795;MpKsla317d795;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6CCE084-4291-4375-85C7-736BF8407A3D}\MpKsla317d795.sys [x]
R1 MpKslc40f8d23;MpKslc40f8d23;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AB828177-EE3E-48F9-8EF7-5A737C7BBED6}\MpKslc40f8d23.sys [x]
R1 MpKslc79eec1d;MpKslc79eec1d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E1D7671-4664-4645-AEBC-2BF1A979B19B}\MpKslc79eec1d.sys [x]
R1 MpKslc9b60dc3;MpKslc9b60dc3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKslc9b60dc3.sys [x]
R1 MpKsld507f2a2;MpKsld507f2a2;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{76007F20-AA1C-4659-88C1-2B2543E8FB43}\MpKsld507f2a2.sys [x]
R1 MpKsld6967b9f;MpKsld6967b9f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F6CCE084-4291-4375-85C7-736BF8407A3D}\MpKsld6967b9f.sys [x]
R1 MpKsle6275802;MpKsle6275802;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8BFA235-30F0-4037-B6EB-9677CD30F6D1}\MpKsle6275802.sys [x]
R1 MpKsledf75447;MpKsledf75447;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8BFA235-30F0-4037-B6EB-9677CD30F6D1}\MpKsledf75447.sys [x]
R1 MpKslf881d9c6;MpKslf881d9c6;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0EF1AE9F-7347-40F4-A502-D69C8EE273BC}\MpKslf881d9c6.sys [x]
R1 MpKslfa308138;MpKslfa308138;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A096048B-606A-48B4-A622-7388325B9F0A}\MpKslfa308138.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-12-20 38224]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 Normandy;Normandy SR2; [x]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-08-07 283136]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 CEBFilter;CEBFilter;c:\program files\C&E\OSD\OsdService\cebuffer.sys [x]
R4 CEIO;CEIO;c:\program files\C&E\OSD\OsdService\ceio.sys [x]
R4 cKBFilter;cKBFilter;c:\program files\C&E\OSD\OsdService\kbfiltr.sys [x]
R4 gupdate1c9f9105aaf10c5;Google Update Service (gupdate1c9f9105aaf10c5);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 133104]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2008-05-23 458752]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-11-15 48128]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2010-08-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-09-02 23:46]
.
2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 23:21]
.
2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-29 23:21]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Copy to Semagic - c:\program files\Semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
IE: Semagic - c:\program files\Semagic\link.htm
FF - ProfilePath - c:\users\Carl\AppData\Roaming\Mozilla\Firefox\Profiles\no7badff.default\
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-03-06 23:51
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-03-06 23:55:18
ComboFix-quarantined-files.txt 2011-03-06 23:55
ComboFix2.txt 2011-03-03 20:23
.
Pre-Run: 8,493,113,344 bytes free
Post-Run: 8,259,104,768 bytes free
.
- - End Of File - - ACAC7B7FD0BE789053F7BB8E6B5E384D
Results of screen317's Security Check version 0.99.9
Windows Vista Service Pack 1 (UAC is enabled)
Out of date service pack!! Internet Explorer 7
Out of date! ``````````````````````````````
Antivirus/Firewall Check: Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update. Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware
Adobe Flash Player 10.2.152.32
````````````````````````````````
Process Check:
objlist.exe by Laurent Avira Antivir avgnt.exe
Avira Antivir avguard.exe
``````````End of Log```````````` Avira AntiVir Personal
Report file date: 07 March 2011 18:49
Scanning for 2456063 virus strains and unwanted programs.
The program is running as an unrestricted full version.
Online services are available:
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 1) [6.0.6001]
Boot mode : Normally booted
Username : SYSTEM
Computer name : CARL-PC
Version information:
BUILD.DAT : 10.0.0.611 31824 Bytes 14/01/2011 13:42:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 10/01/2011 14:23:31
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 12:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 10/01/2011 14:23:40
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 14:23:50
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 20:36:11
VBASE003.VDF : 7.11.3.1 2048 Bytes 09/02/2011 20:36:11
VBASE004.VDF : 7.11.3.2 2048 Bytes 09/02/2011 20:36:12
VBASE005.VDF : 7.11.3.3 2048 Bytes 09/02/2011 20:36:12
VBASE006.VDF : 7.11.3.4 2048 Bytes 09/02/2011 20:36:12
VBASE007.VDF : 7.11.3.5 2048 Bytes 09/02/2011 20:36:12
VBASE008.VDF : 7.11.3.6 2048 Bytes 09/02/2011 20:36:12
VBASE009.VDF : 7.11.3.7 2048 Bytes 09/02/2011 20:36:12
VBASE010.VDF : 7.11.3.8 2048 Bytes 09/02/2011 20:36:12
VBASE011.VDF : 7.11.3.9 2048 Bytes 09/02/2011 20:36:12
VBASE012.VDF : 7.11.3.10 2048 Bytes 09/02/2011 20:36:12
VBASE013.VDF : 7.11.3.59 157184 Bytes 14/02/2011 20:36:14
VBASE014.VDF : 7.11.3.97 120320 Bytes 16/02/2011 20:36:14
VBASE015.VDF : 7.11.3.148 128000 Bytes 19/02/2011 20:36:14
VBASE016.VDF : 7.11.3.183 140288 Bytes 22/02/2011 20:36:14
VBASE017.VDF : 7.11.3.216 124416 Bytes 24/02/2011 20:36:15
VBASE018.VDF : 7.11.3.251 159232 Bytes 28/02/2011 20:36:15
VBASE019.VDF : 7.11.4.33 148992 Bytes 02/03/2011 20:36:16
VBASE020.VDF : 7.11.4.34 2048 Bytes 02/03/2011 20:36:16
VBASE021.VDF : 7.11.4.35 2048 Bytes 02/03/2011 20:36:16
VBASE022.VDF : 7.11.4.36 2048 Bytes 02/03/2011 20:36:16
VBASE023.VDF : 7.11.4.37 2048 Bytes 02/03/2011 20:36:16
VBASE024.VDF : 7.11.4.38 2048 Bytes 02/03/2011 20:36:16
VBASE025.VDF : 7.11.4.39 2048 Bytes 02/03/2011 20:36:16
VBASE026.VDF : 7.11.4.40 2048 Bytes 02/03/2011 20:36:16
VBASE027.VDF : 7.11.4.41 2048 Bytes 02/03/2011 20:36:16
VBASE028.VDF : 7.11.4.42 2048 Bytes 02/03/2011 20:36:16
VBASE029.VDF : 7.11.4.43 2048 Bytes 02/03/2011 20:36:16
VBASE030.VDF : 7.11.4.44 2048 Bytes 02/03/2011 20:36:16
VBASE031.VDF : 7.11.4.56 52736 Bytes 03/03/2011 20:36:17
Engineversion : 8.2.4.178
AEVDF.DLL : 8.1.2.1 106868 Bytes 10/01/2011 14:23:26
AESCRIPT.DLL : 8.1.3.55 1282426 Bytes 03/03/2011 20:36:22
AESCN.DLL : 8.1.7.2 127349 Bytes 10/01/2011 14:23:26
AESBX.DLL : 8.1.3.2 254324 Bytes 10/01/2011 14:23:26
AERDL.DLL : 8.1.9.2 635252 Bytes 10/01/2011 14:23:25
AEPACK.DLL : 8.2.4.11 520566 Bytes 03/03/2011 20:36:22
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 03/03/2011 20:36:21
AEHEUR.DLL : 8.1.2.81 3314038 Bytes 03/03/2011 20:36:21
AEHELP.DLL : 8.1.16.1 246134 Bytes 03/03/2011 20:36:19
AEGEN.DLL : 8.1.5.2 397683 Bytes 03/03/2011 20:36:18
AEEMU.DLL : 8.1.3.0 393589 Bytes 10/01/2011 14:23:18
AECORE.DLL : 8.1.19.2 196983 Bytes 03/03/2011 20:36:17
AEBB.DLL : 8.1.1.0 53618 Bytes 10/01/2011 14:23:18
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10/01/2011 14:23:32
AVPREF.DLL : 10.0.0.0 44904 Bytes 10/01/2011 14:23:30
AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 14:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 10/01/2011 14:23:31
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10/01/2011 14:23:31
AVARKT.DLL : 10.0.22.6 231784 Bytes 10/01/2011 14:23:27
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10/01/2011 14:23:28
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 14:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10/01/2011 14:23:31
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 14:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 13:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 10/01/2011 14:23:52
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, S:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Start of the scan: 07 March 2011 18:49
Starting search for hidden objects.
c:\windows\system32\sndvol.exe
c:\windows\system32\sndvol.exe
[NOTE] The process is not visible.
The scan of running processes will be started
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '79' Module(s) have been scanned
Scan process 'avscan.exe' - '29' Module(s) have been scanned
Scan process 'avcenter.exe' - '64' Module(s) have been scanned
Scan process 'plugin-container.exe' - '91' Module(s) have been scanned
Scan process 'firefox.exe' - '108' Module(s) have been scanned
Scan process 'explorer.exe' - '65' Module(s) have been scanned
Scan process 'utorrent.exe' - '55' Module(s) have been scanned
Scan process 'wuauclt.exe' - '34' Module(s) have been scanned
Scan process 'SynTPHelper.exe' - '14' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned
Scan process 'unsecapp.exe' - '28' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '29' Module(s) have been scanned
Scan process 'avgnt.exe' - '49' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '47' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '34' Module(s) have been scanned
Scan process 'Explorer.EXE' - '133' Module(s) have been scanned
Scan process 'taskeng.exe' - '48' Module(s) have been scanned
Scan process 'Dwm.exe' - '38' Module(s) have been scanned
Scan process 'taskeng.exe' - '80' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '9' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '32' Module(s) have been scanned
Scan process 'avguard.exe' - '65' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'spoolsv.exe' - '84' Module(s) have been scanned
Scan process 'svchost.exe' - '93' Module(s) have been scanned
Scan process 'svchost.exe' - '82' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '149' Module(s) have been scanned
Scan process 'svchost.exe' - '118' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '47' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'winlogon.exe' - '30' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'S:\'
[INFO] No virus was found!
Starting to scan executable files (registry).
The registry was scanned ( '979' files ).
Starting the file scan:
Begin scan in 'C:\' <Vista>
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{23C67337-EDFC-4FB6-8C35-176303AE6E34}-TaskManager.exe
[DETECTION] Is the TR/Dldr.Genome.baov.7 Trojan
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{5D143D63-2893-415B-8EA5-B5103DB99102}-TaskManager.exe
[DETECTION] Is the TR/Dldr.Genome.baov.7 Trojan
C:\Qoobox\Quarantine\C\Users\Carl\wuaucldt.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\baoezuh.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/MSIL.Agent.and back-door program
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\locagxa.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/MSIL.Agent.and back-door program
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\nksklwr.exe.vir
[DETECTION] Is the TR/Dldr.Genome.baov.7 Trojan
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\ohydy.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\sdra64.exe.vir
[DETECTION] Is the TR/Spy.ZBot.IAT.5 Trojan
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\DD42632F63BE5ED71A228945E1AA97EE\fixcore70700bin.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\DD42632F63BE5ED71A228945E1AA97EE\libcore707en0setup.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\DD42632F63BE5ED71A228945E1AA97EE\smartcore70700bin.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\Microsoft\TaskManager.exe.vir
[DETECTION] Is the TR/Dldr.Genome.baov.7 Trojan
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\_OTM\MovedFiles\02242011_231059\C_Users\Carl\AppData\Roaming\euxhhov.exe
[DETECTION] Is the TR/Spy.ZBot.IAT.5 Trojan
C:\_OTM\MovedFiles\02242011_231059\C_Users\Carl\AppData\Roaming\ywtidsv.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
Begin scan in 'S:\' <System>
Beginning disinfection:
C:\_OTM\MovedFiles\02242011_231059\C_Users\Carl\AppData\Roaming\ywtidsv.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '486b99e2.qua'.
C:\_OTM\MovedFiles\02242011_231059\C_Users\Carl\AppData\Roaming\euxhhov.exe
[DETECTION] Is the TR/Spy.ZBot.IAT.5 Trojan
[NOTE] The file was moved to the quarantine directory under the name '50f8b64b.qua'.
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '02a8ecd3.qua'.
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\Microsoft\TaskManager.exe.vir
[DETECTION] Is the TR/Dldr.Genome.baov.7 Trojan
[NOTE] The file was moved to the quarantine directory under the name '6495a315.qua'.
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\DD42632F63BE5ED71A228945E1AA97EE\smartcore70700bin.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '212f8e27.qua'.
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\DD42632F63BE5ED71A228945E1AA97EE\libcore707en0setup.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5e35bc42.qua'.
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\DD42632F63BE5ED71A228945E1AA97EE\fixcore70700bin.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '12b79008.qua'.
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\sdra64.exe.vir
[DETECTION] Is the TR/Spy.ZBot.IAT.5 Trojan
[NOTE] The file was moved to the quarantine directory under the name '6ea5d054.qua'.
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\ohydy.exe.vir
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '43f6ff15.qua'.
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\nksklwr.exe.vir
[DETECTION] Is the TR/Dldr.Genome.baov.7 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5a98c48a.qua'.
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\locagxa.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/MSIL.Agent.and back-door program
[NOTE] The file was moved to the quarantine directory under the name '36f4e8c6.qua'.
C:\Qoobox\Quarantine\C\Users\Carl\AppData\Roaming\baoezuh.exe.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/MSIL.Agent.and back-door program
[NOTE] The file was moved to the quarantine directory under the name '4771d125.qua'.
C:\Qoobox\Quarantine\C\Users\Carl\wuaucldt.exe.vir
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4959e19e.qua'.
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{5D143D63-2893-415B-8EA5-B5103DB99102}-TaskManager.exe
[DETECTION] Is the TR/Dldr.Genome.baov.7 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0c1f989c.qua'.
C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{23C67337-EDFC-4FB6-8C35-176303AE6E34}-TaskManager.exe
[DETECTION] Is the TR/Dldr.Genome.baov.7 Trojan
[NOTE] The file was moved to the quarantine directory under the name '05059c3a.qua'.
End of the scan: 07 March 2011 20:15
Used time: 1:25:25 Hour(s)
The scan has been done completely.
23225 Scanned directories
293804 Files were scanned
15 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
15 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
293789 Files not concerned
1488 Archives were scanned
0 Warnings
15 Notes
512953 Objects were scanned with rootkit scan
1 Hidden objects were found
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:24:50, on 07/03/2011
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18565)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Carl\Downloads\utorrent.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conime.exe
C:\Users\Carl\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Save YouTube Video as MP3 -
res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} -
http://download.eset.com/special/eos/OnlineScanner.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/f ... wflash.cabO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
--
End of file - 4231 bytes