Virus taking over

View previous topic View next topic Go down

Virus taking over

Post by gasman76 on 12th May 2011, 4:49 pm

Hi i am running XP on a homebase system, im running firefox the pc picked up a virus that avg didnt detect a while ago and will not update now, i cannot downloads malwarebytes anymore because everytime i try to run the download file i get a message that says cannot find program, also everytime i try to fun a program like firefox or anything else a box pops up and tells me to open with?

Any help would be great thanks...

gasman76
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-05-12
Gender Gender : Male
OS OS : xp
Points Points : 20631
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus taking over

Post by Dr Jay on 12th May 2011, 6:12 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus taking over

Post by gasman76 on 13th May 2011, 8:04 am

This would be great if i could actually install combofix into the machine but when i try to run the application it say application not found so i cant install anything very frustrating here .........

gasman76
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-05-12
Gender Gender : Male
OS OS : xp
Points Points : 20631
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus taking over

Post by Dr Jay on 14th May 2011, 4:57 am

Please download and run this file: [You must be registered and logged in to see this link.]

Merge it to the Registry. Then, let me know if you can run programs.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus taking over

Post by gasman76 on 19th May 2011, 9:42 am

Sorry for the slow responce.

Great thanks for your help i can now run programs and have malware bytes installed and scanning and an updated avg, the quick scan on malware is taking about 45mins and i have done this 3 times, malware says no malicious threats on the logs but AVG keeps popping up js/agent virus. I have tried disabling AVG and uninstalling it to run COMBOFIX but not getting anywhere any ideas ??? Thanks..

Just disabled AVG again ran COMBOFIX saved to the desktop and called combo-fix.exe, message showing cant run please delete AVG would be dengerous to continue...

gasman76
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-05-12
Gender Gender : Male
OS OS : xp
Points Points : 20631
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus taking over

Post by Dr Jay on 19th May 2011, 6:24 pm

ComboFix wants AVG removed, and I would suggest as well since there are better programs than AVG.

Do you have a premium version of AVG? Or is it just the free one?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus taking over

Post by gasman76 on 19th May 2011, 6:46 pm

Thanks for the quick reply Dragon. Its the free 2011 AVG version and as i type this a window has popped up on my screen saying.

Generic Host Process for Win32 Services has
encountered a problem and needs to close. We are sorry
for the inconvenience.

This keep apearing.

gasman76
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-05-12
Gender Gender : Male
OS OS : xp
Points Points : 20631
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus taking over

Post by Dr Jay on 20th May 2011, 11:11 am

Let's remove AVG then allow ComboFix to run...

Download and run this tool to remove AVG:

[You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus taking over

Post by gasman76 on 20th May 2011, 4:07 pm

Hello Dragon i have run the program and re installed combo fix because it said the previous installation had exired, so AVG is disabled and when i run combofix all i get is an end program message
c:\32788RFWJFW\Licence\Firefox.exe.

Bit worried now as i dont have any virus software running help Please ??

gasman76
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-05-12
Gender Gender : Male
OS OS : xp
Points Points : 20631
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus taking over

Post by Dr Jay on 21st May 2011, 12:40 am

It's okay. Just go to the normal websites you go to when you browse the web. Don't click any other links, just do some basic stuff and you should be fine. Any other viruses will be removed anyway, so no worries.

We're going to have to do something special to fully get rid of AVG:

Run CFScript

Open Notepad and copy/paste the text in the box into the window:

REGISTRY::
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayRSAlert]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinished]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayScanStarted]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEnd]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdEndFail]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayUpdStart]
[-HKEY_CURRENT_USER\AppEvents\Schemes\Apps\avgtray]
[-HKEY_CURRENT_USER\Software\Avg]
[-HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\.avgdx]
[-HKEY_CLASSES_ROOT\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A3E}]
[-HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_CLASSES_ROOT\CLSID\{41B21542-2055-4212-A6F2-395CD109B14B}]
[-HKEY_CLASSES_ROOT\CLSID\{6F59E522-4689-156E-316C-D5B48819DE95} ]
[-HKEY_CLASSES_ROOT\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}]
[-HKEY_CLASSES_ROOT\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}]
[-HKEY_CLASSES_ROOT\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}]
[-HKEY_CLASSES_ROOT\CLSID\{F1FE4608-7924-4908-8E12-81CFA206F00A}]
[-HKEY_CLASSES_ROOT\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}]
[-HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\Installer\Features\36E852A15FD8BDA48923830A21D156BE]
[-HKEY_CLASSES_ROOT\Installer\Features\69BC3230A1222404483A39DE4E0799CF]
[-HKEY_CLASSES_ROOT\Installer\Features\CFD2C1F142D260E3CB8B271543DA9F98]
[-HKEY_CLASSES_ROOT\Installer\Products\36E852A15FD8BDA48923830A21D156BE]
[-HKEY_CLASSES_ROOT\Installer\Products\69BC3230A1222404483A39DE4E0799CF]
[-HKEY_CLASSES_ROOT\Installer\Products\CFD2C1F142D260E3CB8B271543DA9F98]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\06DD9E4F7F3FF9C41BC2BD64A2CE18FE]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\38F747DBDC97B4E459142E21199F9D10]
[-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\41A387AA3A7A33D3590FA953D1350011]
[-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter]
[-HKEY_CLASSES_ROOT\LinkScannerIE.NavFilter.1]
[-HKEY_CLASSES_ROOT\MicroScanner.MicroScanner]
[-HKEY_CLASSES_ROOT\piffile\shellex\ContextMenuHandlers\AVG9 Shell Extension]
[-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\linkscanner]
[-HKEY_LOCAL_MACHINE\SOFTWARE\AVG]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VC]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0323CB96-221A-4042-84A3-93EDE47099FC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1A258E63-8DF5-4ADB-9832-38A0121D65EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AlwaysUnloadDll]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABED-40e0-8F7B-6DE4F6756F0B}]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEE-40e0-8F7B-6DE4F6756F0B}]
[-HKEY_CLASSES_ROOT\CLSID\{50A96677-4378-434d-9F4B-6B28B485933F}\{976BA62F-ABEF-40e0-8F7B-6DE4F6756F0B}]
[-HKEY_CLASSES_ROOT\CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}]
[-HKEY_CLASSES_ROOT\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
[-HKEY_CLASSES_ROOT\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-HKEY_CLASSES_ROOT\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}]
[-HKEY_CLASSES_ROOT\PROTOCOLS\Handler\avgsecuritytoolbar]
[-HKEY_CURRENT_USER\AppEvents\EventLabels\avgtrayWSAlert]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-HKEY_CURRENT_USER\Software\AppDataLow\Avg]
[-HKEY_CURRENT_USER\Software\AVG Security Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\AVG Security Toolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG9Uninstall]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayRSAlert]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinished]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanFinishedThreatFound]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayScanStarted]
[-HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avgtrayWSAlert]
[-HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgtray]
[-HKEY_USERS\.DEFAULT\Software\AppDataLow\Avg]
[-HKEY_USERS\.DEFAULT\Software\Avg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"=-
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"=-
"avg@igeared"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\GroupOrderList]
"AVG"=-

DRIVER::
Avg
AVGIDSAgent
AVGIDSDriver
AVGIDSEH
AVGIDSFilter
AVGIDSShim
Avgldx86
Avgmfx86
Avgrkx86
Avgtdix
avgwd
AVG Security Toolbar Service
avg9emc
avg9wd

FOLDER::
%SYSTEMDRIVE%\$AVG
%COMMONAPPDATA%\AVG10
%COMMONAPPDATA%\MFAData
%COMMONPROGRAMS%\AVG 2011
%APPDATA%\AVG10
%PROGRAMFILES%\AVG
%SYSTEM%\drivers\AVG
%COMMONAPPDATA%\AVG Security Toolbar
%COMMONAPPDATA%\avg9
%COMMONPrograms%\AVG Free 9.0

File::
%COMMONAPPDATA%\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat
%COMMONDESKTOP%\AVG 2011.lnk
%SYSTEM%\drivers\AVGIDSDriver.sys
%SYSTEM%\drivers\AVGIDSEH.sys
%SYSTEM%\drivers\AVGIDSFilter.sys
%SYSTEM%\drivers\AVGIDSShim.sys
%SYSTEM%\drivers\avgldx86.sys
%SYSTEM%\drivers\avgmfx86.sys
%SYSTEM%\drivers\avgrkx86.sys
%SYSTEM%\drivers\avgtdix.sys
%COMMONDesktop%\AVG Free 9.0.lnk
%PROGRAMFILES%\Mozilla Firefox\searchplugins\avg_igeared.xml
%SYSTEM%\avgrsstx.dll

SECCENTER::
AVG Anti-Virus Free

Save it to your Desktop as CFScript_AVG2011.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus taking over

Post by gasman76 on 21st May 2011, 8:49 am

Hey Dragon I really apppreciate the help here, must be frustrating we cant even get past combofix as of yet. Right heres an update.

I opened notepad copied the text above into it, then saved as the file name. But after doing this twice the filename still stays as new text doc.txt so i sent it over to combofix anyway. Just before combofix wats to run the AVG message appeares telling me to uninstall AVG (damb program)

What now my friend??? :sad:

gasman76
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-05-12
Gender Gender : Male
OS OS : xp
Points Points : 20631
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus taking over

Post by Dr Jay on 22nd May 2011, 10:18 am

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Then, try again, please.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus taking over

Post by gasman76 on 23rd May 2011, 9:18 pm

Hello dragon I have run combofix now in safemode the log took about an hour to produce then i had a prompt telling me the log is stored at C:\COMBOFIX.TXT i re booted the pc and tried to run the log file but the message come up not found grrrrrrrr im sure you will know where i can find it ??
Thanks Dave.

gasman76
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-05-12
Gender Gender : Male
OS OS : xp
Points Points : 20631
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus taking over

Post by gasman76 on 23rd May 2011, 10:16 pm

Right here goes i hope this is the log your looking for dragon i have had to split the log as its too long the next part is posted under. Thanks...

ComboFix 11-05-23.02 - Admin 23/05/2011 20:40:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.665 [GMT 1:00]
Running from: C:\Documents and Settings\Admin\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript_AVG2011.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"C:\Documents and Settings\All Users\Application Data\Common Files\6F59E522-4689-156E-316C-D5B48819DE95.dat"
"C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk"
"C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk"
"C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml"
"C:\WINDOWS\system32\avgrsstx.dll"
"C:\WINDOWS\system32\drivers\AVGIDSDriver.sys"
"C:\WINDOWS\system32\drivers\AVGIDSEH.sys"
"C:\WINDOWS\system32\drivers\AVGIDSFilter.sys"
"C:\WINDOWS\system32\drivers\AVGIDSShim.sys"
"C:\WINDOWS\system32\drivers\avgldx86.sys"
"C:\WINDOWS\system32\drivers\avgmfx86.sys"
"C:\WINDOWS\system32\drivers\avgrkx86.sys"
"C:\WINDOWS\system32\drivers\avgtdix.sys"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\$AVG
C:\$AVG\$VAULT\V_00000614.fil
C:\$AVG\$VAULT\V_00001434.fil
C:\$AVG\$VAULT\V_00005840.fil
C:\$AVG\$VAULT\V_00005841.fil
C:\$AVG\$VAULT\V_00005842.fil
C:\$AVG\$VAULT\V_00005843.fil
C:\$AVG\$VAULT\V_00005844.fil
C:\$AVG\$VAULT\V_00005845.fil
C:\$AVG\$VAULT\V_00005846.fil
C:\$AVG\$VAULT\V_00005847.fil
C:\$AVG\$VAULT\vvfolder.idx
C:\Documents and Settings\Admin\Application Data\AVG10
C:\Documents and Settings\Admin\Application Data\AVG10\cfgall\usergui.cfg
C:\Documents and Settings\Admin\Application Data\desktop.ini
C:\Documents and Settings\Admin\Local Settings\Application Data\{9BC01155-4295-4D42-ADD9-525135591A07}
C:\Documents and Settings\Admin\Local Settings\Application Data\{9BC01155-4295-4D42-ADD9-525135591A07}\chrome.manifest
C:\Documents and Settings\Admin\Local Settings\Application Data\{9BC01155-4295-4D42-ADD9-525135591A07}\chrome\content\_cfg.js
C:\Documents and Settings\Admin\Local Settings\Application Data\{9BC01155-4295-4D42-ADD9-525135591A07}\chrome\content\overlay.xul
C:\Documents and Settings\Admin\Local Settings\Application Data\{9BC01155-4295-4D42-ADD9-525135591A07}\install.rdf
C:\Documents and Settings\Admin\Recent\Thumbs.db
C:\Documents and Settings\All Users\Application Data\AVG10
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\admin.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\changecfgreg.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\csl.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\dav.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\emssrv.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\erd.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\except.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\idp.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\idpallow.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\krnl.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\mail.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\mailsrv.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\mailsrvvsapi.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\malrep.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\scan.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\sched.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\setup.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\spsrv.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\update.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\updatecomps.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\updatecomps.cfg.prepare
C:\Documents and Settings\All Users\Application Data\AVG10\Cfg\user.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\cfgall\falsealarm.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\cfgall\krnlall.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\cfgall\pctuneupall.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\cfgall\srmall.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\cfgall\updateall.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\cfgall\userall.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e.dat
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\0f508601-5fe9-4626-81b8-6d28fcecb223
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\12875426-7ea0-493b-9e14-1e043e7fc501
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\14029e1e-7ff2-402c-a9c9-b43a4952eb68
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\1a07543f-46d4-4d44-803c-ee429ddf9a3d
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\22e3351f-3d4f-4d02-a18f-1a4cef8ec012
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\2d540116-5ba0-407d-8a95-1e5580c2ec4d
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\3586bc16-88c2-4041-bfb5-fd54b4068a46
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\38a9df31-af1f-4d0f-bf95-cb3de2881624
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\44819d0c-1b4d-4b4a-9d27-df3d6f96a35a
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\4b11e125-a87c-4f1a-850b-5627588e5578
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\51a72749-d6b3-4b53-919d-c07543fa8d3c
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\599f9c04-5309-403a-9ee2-f10861116b37
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\6041a603-c52f-4a49-8461-8d77c173593d
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\6af9902e-e01b-4767-bd15-795a74ec3447
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\853ba950-f3f2-4e79-a273-b0506a719b58
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\8ce8cd75-091b-4166-a0fc-39712a9cc52a
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\90433b4a-2d45-430a-bf69-5266bd07f27b
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\90afd21d-bfa1-4e22-8654-a37fc100d923
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\9d0e563d-b011-4a35-8d6f-78085facd571
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\avgcchff.dat
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\avgcchfi.dat
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\avgcchmf.dat
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\avgcchmi.dat
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\b013104c-e834-491b-b39f-3b7a47237e3d
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\b82c2942-4bcb-4d05-baa1-5e60d5996452
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\c4317338-ae31-411a-95f6-b80d549f1a75
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\c4ba6f2a-ae0d-410b-96b6-5423bd53ae47
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\e5a40315-1c41-4338-8708-91174f27a53f
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\e8bf2938-72b8-4278-9efa-716ef33eed01
C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\850209550208c0e\fd4af056-183a-4707-b490-270079776a71
C:\Documents and Settings\All Users\Application Data\AVG10\Dumps\AVGIDSAgent.exe_129370632002968750.exh
C:\Documents and Settings\All Users\Application Data\AVG10\Dumps\AVGIDSAgent.exe_129370632002968750_F.dmp
C:\Documents and Settings\All Users\Application Data\AVG10\Dumps\AVGIDSAgent.exe_129370632002968750_M.dmp
C:\Documents and Settings\All Users\Application Data\AVG10\Dumps\AVGIDSAgent.exe_129378275198437500.exh
C:\Documents and Settings\All Users\Application Data\AVG10\Dumps\AVGIDSAgent.exe_129378275198437500_F.dmp
C:\Documents and Settings\All Users\Application Data\AVG10\Dumps\AVGIDSAgent.exe_129378275198437500_M.dmp
C:\Documents and Settings\All Users\Application Data\AVG10\Dumps\AVGIDSAgent.exe_129378275198593750.exh
C:\Documents and Settings\All Users\Application Data\AVG10\Dumps\AVGIDSAgent.exe_129378275198593750_F.dmp
C:\Documents and Settings\All Users\Application Data\AVG10\Dumps\AVGIDSAgent.exe_129378275198593750_M.dmp
C:\Documents and Settings\All Users\Application Data\AVG10\Dumps\AVGIDSAgent.exe_129380883507031250.exh
C:\Documents and Settings\All Users\Application Data\AVG10\Dumps\AVGIDSAgent.exe_129380883507031250_F.dmp
C:\Documents and Settings\All Users\Application Data\AVG10\Dumps\AVGIDSAgent.exe_129380883507031250_M.dmp
C:\Documents and Settings\All Users\Application Data\AVG10\Dumps\AVGIDSAgent.exe_129394784017812500.exh
C:\Documents and Settings\All Users\Application Data\AVG10\Dumps\AVGIDSAgent.exe_129394784017812500_F.dmp
C:\Documents and Settings\All Users\Application Data\AVG10\Dumps\AVGIDSAgent.exe_129394784017812500_M.dmp
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\agentStartup.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\analyzerConfig.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\analyzerFilterConfig.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\BehavioralEventProcessors.dat
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\BehavioralEventProcessors.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\BehavioralEvents.dat
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\BehavioralEvents.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\Characteristics.dat
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\Classifiers.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\ClientConfig.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\Correlations.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\downloadManager.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\downloads.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\EN_US\Characteristics.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\EN_US\internalListStrings.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\EN_US\reportableevents.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\ExecutableEvents.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\FileCoverage.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\globalConfig.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\internalList.zip
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\internalList.zip.bak
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\md5Cache.dat
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\messages.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\NetworkEvents.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\ProductParameters.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\quarantinedList.zip
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\quarantinedList.zip.bak
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\registryCoverage.dat
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\RegistryCoverage.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\Relationships.dat
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\Relationships.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\ReportableEventMappings.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\SelfProtection.xml
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\userList.zip
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\config\userList.zip.bak
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\log\AVGIDSAgent.log
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\log\AVGIDSAgent_boot.log
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\log\AVGIDSAgent_graph.log
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\log\AVGIDSAgent_malware.log
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\log\AVGIDSAgent_node.log
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\log\AVGIDSAgent_removed.log
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\malwareprofile\backup.dat
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\malwareprofile\nodes.dat
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\profile\globalLoadable.bak
C:\Documents and Settings\All Users\Application Data\AVG10\IDS\profile\globalLoadable.gdb
C:\Documents and Settings\All Users\Application Data\AVG10\log\arklog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcfg.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcfg.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcfgex.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcfgex.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjw.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjw.log.1
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjw.log.10
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjw.log.2
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjw.log.3
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjw.log.4
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjw.log.5
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjw.log.6
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjw.log.7
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjw.log.8
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjw.log.9
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjw.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjwsrv.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjwsrv.log.1
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjwsrv.log.10
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjwsrv.log.2
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjwsrv.log.3
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjwsrv.log.4
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjwsrv.log.5
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjwsrv.log.6
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjwsrv.log.7
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjwsrv.log.8
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjwsrv.log.9
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgchjwsrv.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcore.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcore.log.1
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcore.log.10
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcore.log.2
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcore.log.3
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcore.log.4
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcore.log.5
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcore.log.6
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcore.log.7
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcore.log.8
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcore.log.9
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcore.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcsl.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcsl.log.1
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcsl.log.2
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgcsl.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgdiagex.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgdiagex.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgemc.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgemc.log.1
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgemc.log.2
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgemc.log.3
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgemc.log.4
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgemc.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgexc.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgexc.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgldr.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgldr.log.1
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgldr.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avglng.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avglng.log.1
C:\Documents and Settings\All Users\Application Data\AVG10\log\avglng.log.2
C:\Documents and Settings\All Users\Application Data\AVG10\log\avglng.log.3
C:\Documents and Settings\All Users\Application Data\AVG10\log\avglng.log.4
C:\Documents and Settings\All Users\Application Data\AVG10\log\avglng.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgmail.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgns.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgns.log.1
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgns.log.2
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgns.log.3
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgns.log.4
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgns.log.5
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgns.log.6
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgns.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgpostinst.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgpostinst.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgrkt.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgrkt.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgrs.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgrs.log.1
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgrs.log.10
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgrs.log.2
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgrs.log.3
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgrs.log.4
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgrs.log.5
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgrs.log.6
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgrs.log.7
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgrs.log.8
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgrs.log.9
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgrs.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgscan.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgscan.log.1
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgscan.log.2
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgscan.log.3
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgscan.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsched.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsched.log.1
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsched.log.10
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsched.log.2
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsched.log.3
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsched.log.4
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsched.log.5
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsched.log.6
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsched.log.7
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsched.log.8
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsched.log.9
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsched.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsrm.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsrm.log.1
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsrm.log.2
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsrm.log.3
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsrm.log.4
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsrm.log.5
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsrm.log.6
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsrm.log.7
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsrm.log.8
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsrm.log.9
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsrm.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsrmac.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgsrmac.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgtdi.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgtdi.log.1
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgtdi.log.2
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgtdi.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgual.2010-10-12.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgual.2011-05-13.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgual.2011-05-14.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgual.2011-05-15.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgual.2011-05-16.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgual.2011-05-17.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgual.2011-05-18.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgual.2011-05-19.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgual.2011-05-20.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgual.2011-05-21.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgual.2011-05-22.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgual.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgual.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgui.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgui.log.1
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgui.log.10
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgui.log.2
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgui.log.3
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgui.log.4
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgui.log.5
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgui.log.6
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgui.log.7
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgui.log.8
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgui.log.9
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgui.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avguidraw.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avguidraw.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avguilog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgupd.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgupd.log.1
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgupd.log.2
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgupd.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgupdm.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgwd.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgwd.log.1
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgwd.log.10
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgwd.log.2
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgwd.log.3
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgwd.log.4
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgwd.log.5
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgwd.log.6
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgwd.log.7
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgwd.log.8
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgwd.log.9
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgwd.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgwdsvc.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgwdsvc.log.1
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgwdsvc.log.2
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgwdsvc.log.3
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgwdsvc.log.4
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgwdsvc.log.5
C:\Documents and Settings\All Users\Application Data\AVG10\log\avgwdsvc.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\cfgexlog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\cfglog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\chjwlog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\commonpriv.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\commonpriv.log.1
C:\Documents and Settings\All Users\Application Data\AVG10\log\commonpriv.log.10
C:\Documents and Settings\All Users\Application Data\AVG10\log\commonpriv.log.2
C:\Documents and Settings\All Users\Application Data\AVG10\log\commonpriv.log.3
C:\Documents and Settings\All Users\Application Data\AVG10\log\commonpriv.log.4
C:\Documents and Settings\All Users\Application Data\AVG10\log\commonpriv.log.5
C:\Documents and Settings\All Users\Application Data\AVG10\log\commonpriv.log.6
C:\Documents and Settings\All Users\Application Data\AVG10\log\commonpriv.log.7
C:\Documents and Settings\All Users\Application Data\AVG10\log\commonpriv.log.8
C:\Documents and Settings\All Users\Application Data\AVG10\log\commonpriv.log.9
C:\Documents and Settings\All Users\Application Data\AVG10\log\commonpriv.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\corelog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\csllog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\emclog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\fixcfg.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\fixcfg.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\history.xml
C:\Documents and Settings\All Users\Application Data\AVG10\log\IDP\log\avgtray_idp_Admin.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\IDP\log\avgtray_idp_Guest.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\IDP\log\avgui_idp_Admin.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\IDP\log\avgwdsvc_idp_SYSTEM.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\ldrlog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\lnglog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\lscanlog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\nslog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\privlog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\publog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\rslog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\scanlog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\schedlog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\srmlog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\tdilog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\updlog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\vault.log
C:\Documents and Settings\All Users\Application Data\AVG10\log\vault.log.1
C:\Documents and Settings\All Users\Application Data\AVG10\log\vault.log.2
C:\Documents and Settings\All Users\Application Data\AVG10\log\vault.log.3
C:\Documents and Settings\All Users\Application Data\AVG10\log\vault.log.4
C:\Documents and Settings\All Users\Application Data\AVG10\log\vault.log.5
C:\Documents and Settings\All Users\Application Data\AVG10\log\vault.log.6
C:\Documents and Settings\All Users\Application Data\AVG10\log\vault.log.7
C:\Documents and Settings\All Users\Application Data\AVG10\log\vault.log.8
C:\Documents and Settings\All Users\Application Data\AVG10\log\vault.log.9
C:\Documents and Settings\All Users\Application Data\AVG10\log\vault.log.lock
C:\Documents and Settings\All Users\Application Data\AVG10\log\vaultlog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\wdlog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\log\wdsvclog.cfg
C:\Documents and Settings\All Users\Application Data\AVG10\scanlogs\I_00000001.log
C:\Documents and Settings\All Users\Application Data\AVG10\scanlogs\I_00000003.log
C:\Documents and Settings\All Users\Application Data\AVG10\scanlogs\I_00000004.log
C:\Documents and Settings\All Users\Application Data\AVG10\scanlogs\I_00000005.log
C:\Documents and Settings\All Users\Application Data\AVG10\scanlogs\I_00000006.log
C:\Documents and Settings\All Users\Application Data\AVG10\scanlogs\I_00000007.log
C:\Documents and Settings\All Users\Application Data\AVG10\scanlogs\I_00000008.log
C:\Documents and Settings\All Users\Application Data\AVG10\scanlogs\I_00000009.log
C:\Documents and Settings\All Users\Application Data\AVG10\scanlogs\I_00000010.log
C:\Documents and Settings\All Users\Application Data\AVG10\scanlogs\I_00000011.log
C:\Documents and Settings\All Users\Application Data\AVG10\scanlogs\I_00000012.log
C:\Documents and Settings\All Users\Application Data\AVG10\scanlogs\I_00000013.log
C:\Documents and Settings\All Users\Application Data\AVG10\scanlogs\I_00000014.log
C:\Documents and Settings\All Users\Application Data\AVG10\scanlogs\I_00000015.log
C:\Documents and Settings\All Users\Application Data\AVG10\scanlogs\srm.idx
C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup\AntiRkx.cab
C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup\Antivirx.cab
C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup\Avgx86.msi
C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup\basex.cab
C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup\COREx.cab
C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup\COREx86.msi
C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup\Emailsx.cab
C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup\GUIx.cab
C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup\IDPx.cab
C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup\lng_usx.cab
C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup\OnlnScx.cab
C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup\ResShldx.cab
C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup\SrchSrfx.cab
C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup\SSHttpBx.cab
C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup\TDIDrvx.cab
C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup\TuneUpx.cab
C:\Documents and Settings\All Users\Application Data\AVG10\SetupBackup\Updatex.cab
C:\Documents and Settings\All Users\Application Data\AVG10\Temp\78006d1f-d931-4842-a33c-d326d805b44d-8e0-oopp.tmp
C:\Documents and Settings\All Users\Application Data\AVG10\Temp\file3196.tmp
C:\Documents and Settings\All Users\Application Data\AVG10\Temp\file9514.tmp
C:\Documents and Settings\All Users\Application Data\AVG10\update\backup\COREx.cab
C:\Documents and Settings\All Users\Application Data\AVG10\update\backup\COREx86.msi
C:\Documents and Settings\All Users\Application Data\AVG10\update\backup\incavi.avm
C:\Documents and Settings\All Users\Application Data\AVG10\update\backup\info.enc
C:\Documents and Settings\All Users\Application Data\AVG10\update\backup\internalList.dat
C:\Documents and Settings\All Users\Application Data\AVG10\update\backup\sb.dat
C:\Documents and Settings\All Users\Application Data\AVG10\update\backup\sc.dat
C:\Documents and Settings\All Users\Application Data\AVG10\update\download\avg10infoavi.ctf
C:\Documents and Settings\All Users\Application Data\AVG10\update\download\avg10infowin.ctf
C:\Documents and Settings\All Users\Application Data\AVG10\update\download\fixcorex2.exe
C:\Documents and Settings\All Users\Application Data\AVG10\update\download\fixcorex3.exe
C:\Documents and Settings\All Users\Application Data\MFAData
C:\Documents and Settings\All Users\Application Data\MFAData\logs\avgInfoCollector.log
C:\Documents and Settings\All Users\Application Data\MFAData\logs\avgInfoCollector.log.lock
C:\Documents and Settings\All Users\Application Data\MFAData\logs\mfa-20101012-075758.log
C:\Documents and Settings\All Users\Application Data\MFAData\logs\mfa-20101012-075943.log
C:\Documents and Settings\All Users\Application Data\MFAData\logs\mfa-20101012-091120.log
C:\Documents and Settings\All Users\Application Data\MFAData\logs\mfa-20110513-203531.log
C:\Documents and Settings\All Users\Application Data\MFAData\logs\mfa-20110513-215600.log
C:\Documents and Settings\All Users\Application Data\MFAData\logs\msi-20101012-075943.log
C:\Documents and Settings\All Users\Application Data\MFAData\logs\msi-20101012-091120.log
C:\Documents and Settings\All Users\Application Data\MFAData\logs\msi-20110513-203531.log
C:\Documents and Settings\All Users\Application Data\MFAData\logs\msi-20110513-215600.log
C:\Documents and Settings\All Users\Application Data\MFAData\mfaurlconf.ini
C:\Documents and Settings\All Users\Application Data\MFAData\mkt\res\LinkScanner-style.css
C:\Documents and Settings\All Users\Application Data\MFAData\mkt\res\LinkScanner.jpg
C:\Documents and Settings\All Users\Application Data\MFAData\mkt\res\Smart-Scanning.jpg
C:\Documents and Settings\All Users\Application Data\MFAData\mkt\res\SmartScanning-style.css
C:\Documents and Settings\All Users\Application Data\MFAData\mkt\res\Social-Networking.jpg
C:\Documents and Settings\All Users\Application Data\MFAData\mkt\res\SocialNetworking-style.css
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10antirkx1136jg.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10antivirx1136dr.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10avgx1136ic.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10avisx1136nr.bin.partial
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10basex1136lz.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10emailsx1136xc.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10guix1136el.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10idatx1136mv.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10idpx1136fz.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10lng_usx1136gl.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10onlnscx1136bq.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10rdstx1136gd.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10resshldx1136bl.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10srchsrfx1136rg.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10sshttpbx1136hr.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10tdidrvx1136bl.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10tuneupx1136tm.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10update2x1136au.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10updatex1136bj.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\f10xplx1136th.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\foi10cnet_lic8dn.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\foi10cnet_mis7be.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\bins\w10corex422af.bin
C:\Documents and Settings\All Users\Application Data\MFAData\pack\iavichjw.avm
C:\Documents and Settings\All Users\Application Data\MFAData\pack\incavi.avm
C:\Documents and Settings\All Users\Application Data\MFAData\public_installation_log.xml
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgatend.stp
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgatupd.stp
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmfapx.exe
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgmfarx.dll
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgntdumpx.exe
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgrunasx.exe
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgupd.sig
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\avgupdx.dll
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\bins\f10mfa1136yo.bin
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\bins\f10upd1136xr.bin
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfaconf.txt
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfacz.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfada.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfaes.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfafr.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfage.lns


gasman76
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-05-12
Gender Gender : Male
OS OS : xp
Points Points : 20631
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus taking over

Post by gasman76 on 23rd May 2011, 10:17 pm

second part of combofix log

C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfahu.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfaid.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfain.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfait.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfajp.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfako.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfams.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfanl.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfapb.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfapl.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfapt.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfaru.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfasc.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfask.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfasp.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfatr.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfaus.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfavera.txt
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfaverx.txt
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfazh.lns
C:\Documents and Settings\All Users\Application Data\MFAData\SelfUpd\mfazt.lns
C:\Documents and Settings\All Users\Application Data\MFAData\state.dat
C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011\AVG Tray Icon.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011\AVG User Interface.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011\Uninstall AVG.lnk
C:\Program Files\AVG
C:\Program Files\AVG\AVG PC Tuneup 2011\AdvisorHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\armaccess.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\aushelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\ausshellext.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\AxBrowsers.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\AxComponents20.bpl
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\boostspeed.url
C:\Program Files\AVG\AVG PC Tuneup 2011\cdefrag.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\commonforms.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\Data\Applications.dat
C:\Program Files\AVG\AVG PC Tuneup 2011\Data\debug.paths
C:\Program Files\AVG\AVG PC Tuneup 2011\Data\main.ini
C:\Program Files\AVG\AVG PC Tuneup 2011\DebugMode.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\DiskCleaner.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\DiskCleanerHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\DiskDefrag.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\DiskDefragHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\DiskDoctor.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\DiskDoctorHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\DiskExplorer.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\DiskExplorerHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\DiskSecurityHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\DiskWiper.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\DuplicateFileFinder.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\EULA.rtf
C:\Program Files\AVG\AVG PC Tuneup 2011\FileRecovery.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\FileRecoveryHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\FileShredder.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\helper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\InstantOptimizerHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\InternetOptimizer.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\InternetOptimizerHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\Lang\chs.lng
C:\Program Files\AVG\AVG PC Tuneup 2011\Lang\csy.lng
C:\Program Files\AVG\AVG PC Tuneup 2011\Lang\deu.lng
C:\Program Files\AVG\AVG PC Tuneup 2011\Lang\enu.lng
C:\Program Files\AVG\AVG PC Tuneup 2011\Lang\ess.lng
C:\Program Files\AVG\AVG PC Tuneup 2011\Lang\fra.lng
C:\Program Files\AVG\AVG PC Tuneup 2011\Lang\hun.lng
C:\Program Files\AVG\AVG PC Tuneup 2011\Lang\ita.lng
C:\Program Files\AVG\AVG PC Tuneup 2011\Lang\jpn.lng
C:\Program Files\AVG\AVG PC Tuneup 2011\Lang\nlb.lng
C:\Program Files\AVG\AVG PC Tuneup 2011\Lang\plk.lng
C:\Program Files\AVG\AVG PC Tuneup 2011\Lang\ptb.lng
C:\Program Files\AVG\AVG PC Tuneup 2011\Lang\ptg.lng
C:\Program Files\AVG\AVG PC Tuneup 2011\Lang\rus.lng
C:\Program Files\AVG\AVG PC Tuneup 2011\Lang\trk.lng
C:\Program Files\AVG\AVG PC Tuneup 2011\localizer.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\madBasic_.bpl
C:\Program Files\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
C:\Program Files\AVG\AVG PC Tuneup 2011\madExcept_.bpl
C:\Program Files\AVG\AVG PC Tuneup 2011\PerlRegExp.bpl
C:\Program Files\AVG\AVG PC Tuneup 2011\ProgramManager.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\ProgramManagerHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\rdboot32.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\rdboot64.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\RegCleaner.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\RegistryCleanerHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\RegistryDefrag.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\RegistryDefragHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\RepLibrary.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\RescueCenter.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\RescueCenterHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\rtl120.bpl
C:\Program Files\AVG\AVG PC Tuneup 2011\sendlog.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\ServiceManager.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\ServiceManagerHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\Settings.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\SpywareCheckerHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\sqlite3.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\StartupManager.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\StartupManagerHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\SystemInformation.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\SystemInformationHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\TaskManager.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\TaskManagerHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\TaskSchedulerHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\TrackEraser.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\TrackEraserHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\TweakManager.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\TweakManagerHelper.dll
C:\Program Files\AVG\AVG PC Tuneup 2011\unins000.dat
C:\Program Files\AVG\AVG PC Tuneup 2011\unins000.exe
C:\Program Files\AVG\AVG PC Tuneup 2011\unins000.msg
C:\Program Files\AVG\AVG PC Tuneup 2011\vcl120.bpl
C:\Program Files\AVG\AVG PC Tuneup 2011\version.exe
C:\Program Files\AVG\AVG10\3rd_party\licenses\ace.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\arabica.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\boost.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\bsdiff.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\bzip.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\carp.html
C:\Program Files\AVG\AVG10\3rd_party\licenses\cryptopp.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\curl.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\dazukofs.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\expat.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\imagemagick.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\infozip.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\lua.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\md4_md5_license.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\milter.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\minizip.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\openssl_license.html
C:\Program Files\AVG\AVG10\3rd_party\licenses\sasl.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\tinyxml.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\unrar.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\untar.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\xalan_xerces.txt
C:\Program Files\AVG\AVG10\3rd_party\licenses\zlib.txt
C:\Program Files\AVG\AVG10\3rd_party\readme.txt
C:\Program Files\AVG\AVG10\avg.snu
C:\Program Files\AVG\AVG10\avg_us.chm
C:\Program Files\AVG\AVG10\avg_us.lng
C:\Program Files\AVG\AVG10\avgabout.dll
C:\Program Files\AVG\AVG10\avgamnot.dll
C:\Program Files\AVG\AVG10\avgapix.dll
C:\Program Files\AVG\AVG10\avgar_us.chm
C:\Program Files\AVG\AVG10\avgatend.stp
C:\Program Files\AVG\AVG10\avgatupd.stp
C:\Program Files\AVG\AVG10\avgcclix.dll
C:\Program Files\AVG\AVG10\avgcertx.dll
C:\Program Files\AVG\AVG10\avgcfgex.exe
C:\Program Files\AVG\AVG10\avgcfgx.dll
C:\Program Files\AVG\AVG10\avgchclx.dll
C:\Program Files\AVG\AVG10\avgchjwx.dll
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgclitx.dll
C:\Program Files\AVG\AVG10\avgcmgr.exe
C:\Program Files\AVG\AVG10\avgcorex.dll
C:\Program Files\AVG\AVG10\avgcremx.exe
C:\Program Files\AVG\AVG10\avgcslx.dll
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgdg_us.chm
C:\Program Files\AVG\AVG10\avgdumpx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgf_us.chm
C:\Program Files\AVG\AVG10\avgf_us.chw
C:\Program Files\AVG\AVG10\avgfree_us.mht
C:\Program Files\AVG\AVG10\avgfree_zh.mht
C:\Program Files\AVG\AVG10\avgfree_zt.mht
C:\Program Files\AVG\AVG10\avgidp_us.chm
C:\Program Files\AVG\AVG10\avgidpsdkx.dll
C:\Program Files\AVG\AVG10\avglngx.dll
C:\Program Files\AVG\AVG10\avglogx.dll
C:\Program Files\AVG\AVG10\avgls_us.chm
C:\Program Files\AVG\AVG10\avglscanx.exe
C:\Program Files\AVG\AVG10\avgmfapx.exe
C:\Program Files\AVG\AVG10\avgmfarx.dll
C:\Program Files\AVG\AVG10\avgmtrapx.dll
C:\Program Files\AVG\AVG10\avgmvflx.dll
C:\Program Files\AVG\AVG10\avgmwdef_us.mht
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgntdumpx.exe
C:\Program Files\AVG\AVG10\avgoutlookx.dll
C:\Program Files\AVG\AVG10\avgpostinstx.dll
C:\Program Files\AVG\AVG10\avgpp.dll
C:\Program Files\AVG\AVG10\avgresf.dll
C:\Program Files\AVG\AVG10\avgrktx.dll
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgsals_us.mht
C:\Program Files\AVG\AVG10\avgsbfree_us.mht
C:\Program Files\AVG\AVG10\avgscanx.dll
C:\Program Files\AVG\AVG10\avgscanx.exe
C:\Program Files\AVG\AVG10\avgsched.dll
C:\Program Files\AVG\AVG10\avgse.dll
C:\Program Files\AVG\AVG10\avgsrmax.exe
C:\Program Files\AVG\AVG10\avgsrmx.dll
C:\Program Files\AVG\AVG10\avgssie.dll
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\avgtrial_us.mht
C:\Program Files\AVG\AVG10\avgui.exe
C:\Program Files\AVG\AVG10\avguiadv.dll
C:\Program Files\AVG\AVG10\avguires.dll
C:\Program Files\AVG\AVG10\avgupd.sig
C:\Program Files\AVG\AVG10\avgupdx.dll
C:\Program Files\AVG\AVG10\avgvvx.dll
C:\Program Files\AVG\AVG10\avgwd.dll
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgwdwsc.dll
C:\Program Files\AVG\AVG10\avgwebui.dll
C:\Program Files\AVG\AVG10\avgwsc.exe
C:\Program Files\AVG\AVG10\avgxpl.dll
C:\Program Files\AVG\AVG10\axioo.dll
C:\Program Files\AVG\AVG10\cf.dat
C:\Program Files\AVG\AVG10\Chrome\safesearch.crx
C:\Program Files\AVG\AVG10\compat.ini
C:\Program Files\AVG\AVG10\contacts_us.html
C:\Program Files\AVG\AVG10\dfncfg.dat
C:\Program Files\AVG\AVG10\Drivers\avgld.cat
C:\Program Files\AVG\AVG10\Drivers\avgld.inf
C:\Program Files\AVG\AVG10\Drivers\avgldx64.sys
C:\Program Files\AVG\AVG10\Drivers\avgldx86.sys
C:\Program Files\AVG\AVG10\Drivers\avgmf.cat
C:\Program Files\AVG\AVG10\Drivers\avgmf.inf
C:\Program Files\AVG\AVG10\Drivers\avgmfx64.sys
C:\Program Files\AVG\AVG10\Drivers\avgmfx86.sys
C:\Program Files\AVG\AVG10\Drivers\avgrk.cat
C:\Program Files\AVG\AVG10\Drivers\avgrk.inf
C:\Program Files\AVG\AVG10\Drivers\avgrkx64.sys
C:\Program Files\AVG\AVG10\Drivers\avgrkx86.sys
C:\Program Files\AVG\AVG10\Drivers\avgtdi.cat
C:\Program Files\AVG\AVG10\Drivers\avgtdi.inf
C:\Program Files\AVG\AVG10\Drivers\avgtdia.sys
C:\Program Files\AVG\AVG10\Drivers\avgtdix.sys
C:\Program Files\AVG\AVG10\Drivers\ErHrXpx86\AVGIDSEH.cat
C:\Program Files\AVG\AVG10\Drivers\ErHrXpx86\AVGIDSEH.inf
C:\Program Files\AVG\AVG10\Drivers\ErHrXpx86\AVGIDSEH.sys
C:\Program Files\AVG\AVG10\Drivers\XP\AVGIDSDriver.cat
C:\Program Files\AVG\AVG10\Drivers\XP\AVGIDSDriver.inf
C:\Program Files\AVG\AVG10\Drivers\XP\AVGIDSDriver.sys
C:\Program Files\AVG\AVG10\Drivers\XP\AVGIDSFilter.cat
C:\Program Files\AVG\AVG10\Drivers\XP\AVGIDSFilter.inf
C:\Program Files\AVG\AVG10\Drivers\XP\AVGIDSFilter.sys
C:\Program Files\AVG\AVG10\Drivers\XP\AVGIDSShim.cat
C:\Program Files\AVG\AVG10\Drivers\XP\AVGIDSShim.inf
C:\Program Files\AVG\AVG10\Drivers\XP\AVGIDSShim.sys
C:\Program Files\AVG\AVG10\Firefox\Chrome\searchshield.jar
C:\Program Files\AVG\AVG10\Firefox\Components\avgssff.dll.old
C:\Program Files\AVG\AVG10\Firefox4\chrome.manifest
C:\Program Files\AVG\AVG10\Firefox4\Chrome\searchshield.jar
C:\Program Files\AVG\AVG10\Firefox4\Components\avgssff4.dll
C:\Program Files\AVG\AVG10\Firefox4\Components\ISearchShield4.xpt
C:\Program Files\AVG\AVG10\Firefox4\install.rdf
C:\Program Files\AVG\AVG10\fixcfg.exe
C:\Program Files\AVG\AVG10\HtmLayout.dll
C:\Program Files\AVG\AVG10\Icons\alert_mask.png
C:\Program Files\AVG\AVG10\Icons\background_middle_gray.gif
C:\Program Files\AVG\AVG10\Icons\background_middle_green.gif
C:\Program Files\AVG\AVG10\Icons\background_middle_orange.gif
C:\Program Files\AVG\AVG10\Icons\background_middle_red.gif
C:\Program Files\AVG\AVG10\Icons\background_middle_yellow.gif
C:\Program Files\AVG\AVG10\Icons\background_top_gray.gif
C:\Program Files\AVG\AVG10\Icons\background_top_green.gif
C:\Program Files\AVG\AVG10\Icons\background_top_orange.gif
C:\Program Files\AVG\AVG10\Icons\background_top_red.gif
C:\Program Files\AVG\AVG10\Icons\background_top_yellow.gif
C:\Program Files\AVG\AVG10\Icons\block-doc.gif
C:\Program Files\AVG\AVG10\Icons\blocked.gif
C:\Program Files\AVG\AVG10\Icons\blocked12.png
C:\Program Files\AVG\AVG10\Icons\border_bottom_gray.gif
C:\Program Files\AVG\AVG10\Icons\border_bottom_green.gif
C:\Program Files\AVG\AVG10\Icons\border_bottom_orange.gif
C:\Program Files\AVG\AVG10\Icons\border_bottom_red.gif
C:\Program Files\AVG\AVG10\Icons\border_bottom_yellow.gif
C:\Program Files\AVG\AVG10\Icons\border_top_gray.gif
C:\Program Files\AVG\AVG10\Icons\border_top_green.gif
C:\Program Files\AVG\AVG10\Icons\border_top_orange.gif
C:\Program Files\AVG\AVG10\Icons\border_top_red.gif
C:\Program Files\AVG\AVG10\Icons\border_top_yellow.gif
C:\Program Files\AVG\AVG10\Icons\box_bottom_red.gif
C:\Program Files\AVG\AVG10\Icons\box_top_red.gif
C:\Program Files\AVG\AVG10\Icons\caution.gif
C:\Program Files\AVG\AVG10\Icons\caution12.png
C:\Program Files\AVG\AVG10\Icons\click_here_gray.gif
C:\Program Files\AVG\AVG10\Icons\click_here_green.gif
C:\Program Files\AVG\AVG10\Icons\click_here_orange.gif
C:\Program Files\AVG\AVG10\Icons\click_here_red.gif
C:\Program Files\AVG\AVG10\Icons\click_here_yellow.gif
C:\Program Files\AVG\AVG10\Icons\clock.gif
C:\Program Files\AVG\AVG10\Icons\clock12.png
C:\Program Files\AVG\AVG10\Icons\close.gif
C:\Program Files\AVG\AVG10\Icons\icons_blocked.gif
C:\Program Files\AVG\AVG10\Icons\icons_caution.gif
C:\Program Files\AVG\AVG10\Icons\icons_close.gif
C:\Program Files\AVG\AVG10\Icons\icons_safe.gif
C:\Program Files\AVG\AVG10\Icons\icons_unknown.gif
C:\Program Files\AVG\AVG10\Icons\icons_warning.gif
C:\Program Files\AVG\AVG10\Icons\LS_Logo_Results.gif
C:\Program Files\AVG\AVG10\Icons\safe.gif
C:\Program Files\AVG\AVG10\Icons\safe12.png
C:\Program Files\AVG\AVG10\Icons\unknown.gif
C:\Program Files\AVG\AVG10\Icons\vrsn-secured-lsfo.gif
C:\Program Files\AVG\AVG10\Icons\warning.gif
C:\Program Files\AVG\AVG10\Icons\warning12.png
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\avgcslex.dll
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe.old
C:\Program Files\AVG\AVG10\Identity Protection\Agent\driver\platform_XP\UniversalDD.sys
C:\Program Files\AVG\AVG10\imsdk32.dll
C:\Program Files\AVG\AVG10\js.dat
C:\Program Files\AVG\AVG10\license_us.htm
C:\Program Files\AVG\AVG10\mfaus.lns
C:\Program Files\AVG\AVG10\mfaverx.txt
C:\Program Files\AVG\AVG10\mwbsr_e_free_us.mht
C:\Program Files\AVG\AVG10\mwbsr_f_free_us.mht
C:\Program Files\AVG\AVG10\Notification\SPCheckerTE.exe
C:\Program Files\AVG\AVG10\PCTuneup\AxBrowsers.dll
C:\Program Files\AVG\AVG10\PCTuneup\DiskCleanerHelper.dll
C:\Program Files\AVG\AVG10\PCTuneup\DiskDefragHelper.dll
C:\Program Files\AVG\AVG10\PCTuneup\helper.dll
C:\Program Files\AVG\AVG10\PCTuneup\localizer.dll
C:\Program Files\AVG\AVG10\PCTuneup\MicroScanner.exe
C:\Program Files\AVG\AVG10\PCTuneup\MicroScannerElevation.dll
C:\Program Files\AVG\AVG10\PCTuneup\PerlRegExp.bpl
C:\Program Files\AVG\AVG10\PCTuneup\RegistryCleanerHelper.dll
C:\Program Files\AVG\AVG10\PCTuneup\RescueCenterHelper.dll
C:\Program Files\AVG\AVG10\PCTuneup\rtl120.bpl
C:\Program Files\AVG\AVG10\PCTuneup\vcl120.bpl
C:\Program Files\AVG\AVG10\ph.dat
C:\Program Files\AVG\AVG10\sb.dat
C:\Program Files\AVG\AVG10\sb.dat.xcd
C:\Program Files\AVG\AVG10\sb2.dat
C:\Program Files\AVG\AVG10\sc.dat
C:\Program Files\AVG\AVG10\sc.dat.prepare
C:\Program Files\AVG\AVG10\sc.dat.prepare.xcd
C:\Program Files\AVG\AVG10\sc.dat.xcd
C:\Program Files\AVG\AVG10\SearchProvider.exe
C:\Program Files\AVG\AVG10\updatecomps.bak
C:\Program Files\Internet Explorer\complete.dat
C:\Program Files\Internet Explorer\dmlconf.dat
C:\WINDOWS\system32\CTF
C:\WINDOWS\system32\CTF\Links\OtherProducts.html
C:\WINDOWS\system32\drivers\AVG
C:\WINDOWS\system32\drivers\AVG\iavichjw.avm
C:\WINDOWS\system32\drivers\AVG\incavi.avm
C:\WINDOWS\system32\system
C:\WINDOWS\XSxS


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AVGIDSAGENT
-------\Legacy_AVGIDSDRIVER
-------\Legacy_AVGIDSEH
-------\Legacy_AVGIDSFILTER
-------\Legacy_AVGIDSSHIM
-------\Legacy_AVGLDX86
-------\Legacy_AVGMFX86
-------\Legacy_AVGRKX86
-------\Legacy_AVGTDIX
-------\Legacy_AVGWD
-------\Service_AVGIDSDriver
-------\Service_AVGIDSEH
-------\Service_AVGIDSFilter
-------\Service_AVGIDSShim
-------\Service_avgwd


((((((((((((((((((((((((( Files Created from 2011-04-23 to 2011-05-23 )))))))))))))))))))))))))))))))


2011-05-23 19:19:38 . 2011-05-23 19:20:47 -------- d-----w- C:\32788R22FWJFW
2011-05-23 11:34:39 . 2011-05-23 11:35:07 -------- d-----w- C:\Documents and Settings\Guest\Application Data\SoftGrid Client
2011-05-23 11:26:33 . 2011-05-23 11:26:33 -------- d-----w- C:\Documents and Settings\Guest\Local Settings\Application Data\Mozilla
2011-05-17 10:44:15 . 2011-05-18 18:52:28 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2011-05-16 20:10:12 . 2011-05-16 20:10:12 -------- d-----w- C:\Documents and Settings\Admin\Application Data\URSoft
2011-05-16 20:09:50 . 2011-05-16 20:10:10 -------- d-----w- C:\Program Files\Your Uninstaller! 7
2011-05-16 19:53:08 . 2006-06-19 11:01:38 69632 ----a-w- C:\WINDOWS\system32\ztvcabinet.dll
2011-05-16 19:53:08 . 2006-05-25 13:52:46 162304 ----a-w- C:\WINDOWS\system32\ztvunrar36.dll
2011-05-16 19:53:08 . 2005-08-25 23:50:00 77312 ----a-w- C:\WINDOWS\system32\ztvunace26.dll
2011-05-16 19:53:08 . 2003-02-02 18:06:02 153088 ----a-w- C:\WINDOWS\system32\unrar3.dll
2011-05-16 19:53:08 . 2002-03-05 23:00:00 75264 ----a-w- C:\WINDOWS\system32\unacev2.dll
2011-05-16 17:42:36 . 2011-05-16 17:52:50 -------- d-----w- C:\Documents and Settings\Admin\Application Data\Qaybqy
2011-05-16 17:42:36 . 2011-05-16 17:45:09 -------- d-----w- C:\Documents and Settings\Admin\Application Data\Zydywa
2011-05-13 19:28:44 . 2011-05-13 19:28:44 -------- d-----w- C:\Documents and Settings\Admin\Application Data\AVG
2011-05-03 09:11:53 . 2011-05-03 09:11:53 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
2011-05-03 09:11:51 . 2011-05-03 09:11:51 -------- d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
2011-05-01 10:44:13 . 2011-05-01 10:44:13 -------- d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2011-04-28 12:39:07 . 2011-04-28 12:39:07 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
2011-04-28 12:39:06 . 2011-04-28 12:39:06 -------- d-----w- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
2011-04-27 14:37:10 . 2010-02-05 08:17:56 233136 ----a-w- C:\WINDOWS\system32\drivers\pctgntdi.sys
2011-04-27 14:36:47 . 2011-04-27 15:16:25 218592 ----a-w- C:\WINDOWS\system32\drivers\PCTCore.sys
2011-04-27 14:36:46 . 2009-11-23 12:54:20 88040 ----a-w- C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2011-04-27 14:36:29 . 2011-04-27 15:16:27 63360 ----a-w- C:\WINDOWS\system32\drivers\pctplsg.sys
2011-04-27 14:36:15 . 2011-05-17 10:25:17 -------- d-----w- C:\Program Files\Spyware Doctor
2011-04-27 14:36:15 . 2011-04-27 14:46:34 -------- d-----w- C:\Program Files\Common Files\PC Tools
2011-04-27 14:36:15 . 2011-04-27 14:36:15 -------- d-----w- C:\Documents and Settings\All Users\Application Data\PC Tools
2011-04-27 14:36:15 . 2011-04-27 14:36:15 -------- d-----w- C:\Documents and Settings\Admin\Application Data\PC Tools
2011-04-25 09:40:35 . 2011-04-25 09:40:35 -------- d-----w- C:\Program Files\eBay
2011-04-25 09:40:35 . 2011-04-25 09:40:35 -------- d-----w- C:\Documents and Settings\All Users\eBay
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-04-13 12:04:55 . 2011-01-07 12:21:30 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2011-04-13 12:04:55 . 2008-04-13 08:07:38 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2011-03-30 11:47:48 . 2011-03-30 11:47:48 49152 ----a-r- C:\WINDOWS\system32\inetwh32.dll
2011-03-30 11:47:48 . 2011-03-30 11:47:48 1044480 ----a-r- C:\WINDOWS\system32\roboex32.dll
2011-03-07 05:33:50 . 2004-08-09 17:52:49 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-03-04 06:37:06 . 1980-01-01 07:00:00 420864 ----a-w- C:\WINDOWS\system32\vbscript.dll
2011-03-03 13:21:11 . 1980-01-01 07:00:00 1857920 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-02-24 14:29:17 . 2011-02-24 14:29:17 1700352 ----a-w- C:\WINDOWS\system32\gdiplus.dll
2011-02-22 23:06:29 . 1980-01-01 07:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll
2011-02-22 23:06:29 . 1980-01-01 07:00:00 43520 ------w- C:\WINDOWS\system32\licmgr10.dll
2011-02-22 23:06:29 . 1980-01-01 07:00:00 1469440 ------w- C:\WINDOWS\system32\inetcpl.cpl
2011-01-07 12:15:13 . 2011-01-07 12:15:01 883488 ----a-w- C:\Program Files\JavaSetup6u23.exe
2010-11-21 15:19:22 . 2010-11-21 15:19:17 7833600 ----a-w- C:\Program Files\Nokia_Connectivity_Cable_Driver_eng.msi
2010-11-21 15:07:19 . 2010-11-21 15:07:12 36365624 ----a-w- C:\Program Files\Nokia_PC_Suite_eng_web.exe


------- Sigcheck -------

Cryptography Services Error !!

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-04-05 14:22:32 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-04-05 14:19:18 77824]
"Hot Key Kbd Daemon"="SKDAEMON.EXE" [2004-12-17 16:57:34 40960]
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [2004-12-16 10:41:56 90112]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-08-20 23:04:56 487424]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-04-05 14:23:14 114688]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-04-09 17:41:44 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-04-09 17:41:18 512000]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 15:10:42 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 22:55:32 54832]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46:24 57344]
"sclauncher"="C:\Program Files\SimpleCenter\bin\win\sclauncher.exe" [2007-01-30 10:40:54 94208]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2009-12-07 11:50:52 1584640]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 15:27:24 119152]
"VX3000"="C:\WINDOWS\vVX3000.exe" [2010-05-20 15:27:26 762736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 15:45:14 35736]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 11:49:34 932288]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 14:49:28 249064]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 00:12:16 15360]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 01:18:00 443968]

C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
StarOffice 8.lnk - C:\Program Files\Sun\StarOffice 8\program\quickstart.exe [2007-8-17 122880]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-10-26 10:48:54 16680 ------w- C:\Program Files\Citrix\GoToAssist\570\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync\0C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\SimpleCenter\\Home Media Server.exe"=
"C:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"C:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"=

R2 cvhsvc;Client Virtualization Handler;C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 02:33:14 821664]
R2 gupdate;Google Update Service (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-26 13:28:52 135664]
R2 sdAuxService;PC Tools Auxiliary Service;C:\Program Files\Spyware Doctor\pctsAuxs.exe [x]
R2 sftlist;Application Virtualization Client;C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 01:10:44 483688]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-26 13:28:52 135664]
R3 MadgeTRN;Madge Token-Ring Adapter NDIS5 Driver;C:\WINDOWS\system32\DRIVERS\mdgndis5.sys [2001-08-17 11:12:26 164586]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 21:37:50 4640000]
R3 Sftfs;Sftfs;C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys [2010-04-24 01:10:44 554344]
R3 Sftplay;Sftplay;C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys [2010-04-24 01:10:50 211432]
R3 Sftredir;Sftredir;C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys [2010-04-24 01:10:52 20584]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 01:10:54 209768]
S0 hotcore2;hotcore2;C:\WINDOWS\system32\drivers\hotcore2.sys [2006-10-02 09:39:28 30808]
S0 PCTCore;PCTools KDS;C:\WINDOWS\system32\drivers\PCTCore.sys [2011-04-27 15:16:25 218592]
S1 CFRMD;CFRMD;C:\WINDOWS\system32\DRIVERS\CFRMD.sys [2010-12-09 12:14:56 66584]
S1 CFRPD;CFRPD;C:\WINDOWS\system32\DRIVERS\CFRPD.sys [2010-12-09 12:15:18 33232]
S3 Sftvol;Sftvol;C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys [2010-04-24 01:10:54 18280]


Contents of the 'Scheduled Tasks' folder

2011-05-23 C:\WINDOWS\Tasks\Google Software Updater.job
- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-13 07:37:36 . 2010-10-12 07:58:06]

2011-05-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-26 13:29:03 . 2010-10-26 13:28:52]

2011-05-23 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-10-26 13:29:03 . 2010-10-26 13:28:52]

2008-12-21 C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
- C:\Program Files\PCDR5\pcdr5cuiw32.exe [2008-10-31 18:14:02 . 2008-10-31 18:14:02]

2011-05-23 C:\WINDOWS\Tasks\RegistryBooster.job
- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe [2011-01-21 14:19:38 . 2011-01-21 14:19:38]


------- Supplementary Scan -------

uStart Page = [You must be registered and logged in to see this link.]
LSP: C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\vsuzdi1j.default\
FF - prefs.js: browser.startup.homepage - btinternet.com
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: [You must be registered and logged in to see this link.] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

- - - - ORPHANS REMOVED - - - -

Toolbar-{0974BA1E-64EC-11DE-B2A5-E43756D89593} - (no file)
Toolbar-10 - (no file)
HKCU-Run-limewire plus+ - C:\Program Files\Limewire Plus+\limewire.exe
HKCU-Run-WMPNSCFG - C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKCU-Run-Registry Reviver - C:\Program Files\Reviversoft\Registry Reviver\RegistryReviver.exe
HKLM-Run-AVG_TRAY - C:\Program Files\AVG\AVG10\avgtray.exe
HKLM-Run-ISTray - C:\Program Files\Spyware Doctor\pctsTray.exe
SafeBoot-Wdf01000.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1 - C:\Program Files\AVG\AVG PC Tuneup 2011\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-23 21:39:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, [You must be registered and logged in to see this link.]
Windows 5.1.2600 Disk: ST3808110AS rev.3.ADJ -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x8730D33B
user & kernel MBR OK

**************************************************************************

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
C:\WINDOWS\system32\WININET.dll
C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll

- - - - - - - > 'lsass.exe'(760)
C:\WINDOWS\system32\WININET.dll

------------------------ Other Running Processes ------------------------

C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe

**************************************************************************

Completion time: 2011-05-23 21:41:50 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-23 20:41:43

Pre-Run: 55,520,034,816 bytes free
Post-Run: 56,720,494,592 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - D4EF5909A7EE17565F414FD705972EDE

gasman76
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-05-12
Gender Gender : Male
OS OS : xp
Points Points : 20631
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus taking over

Post by Dr Jay on 24th May 2011, 8:37 am

Please download aswMBR from [You must be registered and logged in to see this link.]


  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below




Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are [You must be registered and logged in to see this link.]


  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus taking over

Post by gasman76 on 24th May 2011, 11:51 am

Here is the log of MBR Dragon thanks..

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-24 12:49:47
-----------------------------
12:49:47.781 OS Version: Windows 5.1.2600 Service Pack 3
12:49:47.781 Number of processors: 2 586 0x401
12:49:47.781 ComputerName: IBM-7FFA209F07C UserName: Admin
12:49:49.234 Initialize success
12:50:01.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:50:01.531 Disk 0 Vendor: ST3808110AS 3.ADJ Size: 76293MB BusType: 3
12:50:01.531 Device \Driver\atapi -> DriverStartIo 8732633b
12:50:03.546 Disk 0 MBR read successfully
12:50:03.546 Disk 0 MBR scan
12:50:03.546 Disk 0 TDL4@MBR code has been found
12:50:03.546 Disk 0 MBR hidden
12:50:03.546 Disk 0 MBR [TDL4] **ROOTKIT**
12:50:03.562 Disk 0 trace - called modules:
12:50:03.562 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x873264f0]<<
12:50:03.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87344ab8]
12:50:03.562 3 CLASSPNP.SYS[f788bfd7] -> nt!IofCallDriver -> [0x8737abf0]
12:50:03.562 5 PCTCore.sys[f7730eae] -> nt!IofCallDriver -> \Device\00000070[0x87345f18]
12:50:03.562 7 ACPI.sys[f77e2620] -> nt!IofCallDriver -> [0x87343d98]
12:50:03.562 \Driver\atapi[0x87378220] -> IRP_MJ_CREATE -> 0x873264f0
12:50:03.562 Scan finished successfully
12:50:36.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
12:50:36.531 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"



gasman76
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-05-12
Gender Gender : Male
OS OS : xp
Points Points : 20631
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus taking over

Post by Dr Jay on 25th May 2011, 10:26 am

How to fix TDL4

Re-run [You must be registered and logged in to see this link.]
  • Click [Scan]
  • On completion of the scan
  • Click the [Fix] for TDL4 (MBRoot):



Once you are done with that, please do the following:

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus taking over

Post by gasman76 on 25th May 2011, 11:42 am

218 objects infection not found on the TDSSkiller scan. But when i ran MBR before that and clicked fix the pc crashed so i had to reboot and run the MBR again and nothing was found.

log here.

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-24 12:49:47
-----------------------------
12:49:47.781 OS Version: Windows 5.1.2600 Service Pack 3
12:49:47.781 Number of processors: 2 586 0x401
12:49:47.781 ComputerName: IBM-7FFA209F07C UserName: Admin
12:49:49.234 Initialize success
12:50:01.531 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:50:01.531 Disk 0 Vendor: ST3808110AS 3.ADJ Size: 76293MB BusType: 3
12:50:01.531 Device \Driver\atapi -> DriverStartIo 8732633b
12:50:03.546 Disk 0 MBR read successfully
12:50:03.546 Disk 0 MBR scan
12:50:03.546 Disk 0 TDL4@MBR code has been found
12:50:03.546 Disk 0 MBR hidden
12:50:03.546 Disk 0 MBR [TDL4] **ROOTKIT**
12:50:03.562 Disk 0 trace - called modules:
12:50:03.562 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll >>UNKNOWN [0x873264f0]<<
12:50:03.562 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87344ab8]
12:50:03.562 3 CLASSPNP.SYS[f788bfd7] -> nt!IofCallDriver -> [0x8737abf0]
12:50:03.562 5 PCTCore.sys[f7730eae] -> nt!IofCallDriver -> \Device\00000070[0x87345f18]
12:50:03.562 7 ACPI.sys[f77e2620] -> nt!IofCallDriver -> [0x87343d98]
12:50:03.562 \Driver\atapi[0x87378220] -> IRP_MJ_CREATE -> 0x873264f0
12:50:03.562 Scan finished successfully
12:50:36.531 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
12:50:36.531 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"


aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-25 12:39:42
-----------------------------
12:39:42.125 OS Version: Windows 5.1.2600 Service Pack 3
12:39:42.125 Number of processors: 2 586 0x401
12:39:42.125 ComputerName: IBM-7FFA209F07C UserName: Admin
12:39:42.437 Initialize success
12:39:43.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:39:43.890 Disk 0 Vendor: ST3808110AS 3.ADJ Size: 76293MB BusType: 3
12:39:45.906 Disk 0 MBR read successfully
12:39:45.906 Disk 0 MBR scan
12:39:45.921 Disk 0 unknown MBR code
12:39:47.937 Disk 0 scanning sectors +156232125
12:39:47.968 Disk 0 scanning C:\WINDOWS\system32\drivers
12:39:55.703 Service scanning
12:39:57.500 Disk 0 trace - called modules:
12:39:57.531 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
12:39:57.546 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x873a6ab8]
12:39:57.546 3 CLASSPNP.SYS[f788bfd7] -> nt!IofCallDriver -> [0x87380a68]
12:39:57.562 5 PCTCore.sys[f7730eae] -> nt!IofCallDriver -> \Device\00000070[0x873829e8]
12:39:57.578 7 ACPI.sys[f77e2620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8732a940]
12:39:57.593 Scan finished successfully
12:40:06.250 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
12:40:06.296 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"

Does this mean the machine is clean of do we have to run everything again.

Thanks again for your time Dragon..


Big Grin

gasman76
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-05-12
Gender Gender : Male
OS OS : xp
Points Points : 20631
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus taking over

Post by Dr Jay on 25th May 2011, 6:18 pm

The machine is not clean.

Will TDSSKiller work?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus taking over

Post by gasman76 on 25th May 2011, 6:21 pm

Sorry Dragon i just ran the TDSSKiller again and here is the report..

2011/05/25 19:20:00.0375 2868 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/25 19:20:00.0562 2868 ================================================================================
2011/05/25 19:20:00.0562 2868 SystemInfo:
2011/05/25 19:20:00.0562 2868
2011/05/25 19:20:00.0562 2868 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/25 19:20:00.0562 2868 Product type: Workstation
2011/05/25 19:20:00.0562 2868 ComputerName: IBM-7FFA209F07C
2011/05/25 19:20:00.0562 2868 UserName: Admin
2011/05/25 19:20:00.0562 2868 Windows directory: C:\WINDOWS
2011/05/25 19:20:00.0562 2868 System windows directory: C:\WINDOWS
2011/05/25 19:20:00.0562 2868 Processor architecture: Intel x86
2011/05/25 19:20:00.0562 2868 Number of processors: 2
2011/05/25 19:20:00.0562 2868 Page size: 0x1000
2011/05/25 19:20:00.0562 2868 Boot type: Normal boot
2011/05/25 19:20:00.0562 2868 ================================================================================
2011/05/25 19:20:01.0718 2868 Initialize success
2011/05/25 19:20:03.0406 1260 ================================================================================
2011/05/25 19:20:03.0406 1260 Scan started
2011/05/25 19:20:03.0406 1260 Mode: Manual;
2011/05/25 19:20:03.0406 1260 ================================================================================
2011/05/25 19:20:04.0234 1260 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/25 19:20:04.0281 1260 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/05/25 19:20:04.0500 1260 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/25 19:20:04.0656 1260 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/25 19:20:04.0750 1260 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/25 19:20:04.0812 1260 aeaudio (cde1f62fe63631b932ace2249fb11da0) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/05/25 19:20:04.0921 1260 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/25 19:20:05.0078 1260 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/25 19:20:05.0187 1260 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/25 19:20:05.0250 1260 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/25 19:20:05.0312 1260 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/25 19:20:05.0437 1260 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/25 19:20:05.0500 1260 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/25 19:20:05.0625 1260 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/25 19:20:05.0703 1260 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/25 19:20:05.0750 1260 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/25 19:20:05.0812 1260 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/25 19:20:05.0875 1260 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/25 19:20:05.0921 1260 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/25 19:20:05.0984 1260 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/25 19:20:06.0078 1260 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/25 19:20:06.0187 1260 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/25 19:20:06.0296 1260 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/25 19:20:06.0375 1260 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/25 19:20:06.0921 1260 b57w2k (9948740f9043aca23b8fddf8b9651160) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/05/25 19:20:07.0125 1260 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/25 19:20:07.0546 1260 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/25 19:20:07.0593 1260 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/25 19:20:07.0687 1260 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/05/25 19:20:07.0765 1260 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/25 19:20:07.0875 1260 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/25 19:20:08.0000 1260 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/25 19:20:08.0093 1260 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/25 19:20:08.0187 1260 CFRMD (a6811f84b3df61e22e4f8749d9a8af61) C:\WINDOWS\system32\DRIVERS\CFRMD.sys
2011/05/25 19:20:08.0250 1260 CFRPD (e854bd45cfb2898108ceccba89b67d0d) C:\WINDOWS\system32\DRIVERS\CFRPD.sys
2011/05/25 19:20:08.0359 1260 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/25 19:20:08.0406 1260 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/25 19:20:08.0437 1260 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/25 19:20:08.0453 1260 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/25 19:20:08.0515 1260 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/25 19:20:08.0609 1260 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/25 19:20:08.0687 1260 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/25 19:20:08.0765 1260 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/25 19:20:08.0906 1260 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/25 19:20:09.0031 1260 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/25 19:20:09.0078 1260 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/25 19:20:09.0156 1260 E1000 (c42009e37e377ae55968768e521e05c3) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2011/05/25 19:20:09.0250 1260 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/05/25 19:20:09.0406 1260 EGATHDRV (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
2011/05/25 19:20:09.0500 1260 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/25 19:20:09.0546 1260 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/05/25 19:20:09.0625 1260 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/25 19:20:09.0718 1260 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/05/25 19:20:09.0828 1260 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/05/25 19:20:09.0921 1260 fssfltr (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
2011/05/25 19:20:09.0968 1260 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/25 19:20:10.0015 1260 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/25 19:20:10.0125 1260 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/25 19:20:10.0218 1260 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/25 19:20:10.0312 1260 hotcore2 (3183e6fe42c2a429e2e9a0921b07bf6b) C:\WINDOWS\system32\drivers\hotcore2.sys
2011/05/25 19:20:10.0375 1260 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/25 19:20:10.0484 1260 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/25 19:20:10.0562 1260 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/25 19:20:10.0687 1260 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/25 19:20:10.0796 1260 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/05/25 19:20:10.0921 1260 ialm (0294a30b302ca71a2c26e582dda93486) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/05/25 19:20:11.0031 1260 ibmfilter (6603a96f2ee0f88f53651adc4fcd7468) C:\WINDOWS\system32\drivers\ibmfilter.sys
2011/05/25 19:20:11.0125 1260 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/25 19:20:11.0156 1260 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/25 19:20:11.0250 1260 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/25 19:20:11.0375 1260 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/25 19:20:11.0453 1260 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/05/25 19:20:11.0546 1260 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/25 19:20:11.0656 1260 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/25 19:20:11.0718 1260 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/25 19:20:11.0843 1260 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/25 19:20:11.0921 1260 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/25 19:20:12.0015 1260 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/25 19:20:12.0109 1260 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/25 19:20:12.0187 1260 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/25 19:20:12.0312 1260 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/25 19:20:12.0375 1260 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/25 19:20:12.0453 1260 MadgeTRN (2dedaa32406555930efe616a1c9f46e1) C:\WINDOWS\system32\DRIVERS\mdgndis5.sys
2011/05/25 19:20:12.0500 1260 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/25 19:20:12.0546 1260 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/25 19:20:12.0656 1260 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/25 19:20:12.0734 1260 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/25 19:20:12.0812 1260 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/25 19:20:12.0906 1260 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/25 19:20:13.0109 1260 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
2011/05/25 19:20:13.0171 1260 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
2011/05/25 19:20:13.0296 1260 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/25 19:20:13.0468 1260 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/25 19:20:13.0515 1260 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/25 19:20:13.0625 1260 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/25 19:20:13.0656 1260 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/25 19:20:13.0703 1260 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/25 19:20:13.0796 1260 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/25 19:20:13.0890 1260 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/05/25 19:20:14.0000 1260 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/25 19:20:14.0109 1260 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/05/25 19:20:14.0250 1260 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/25 19:20:14.0359 1260 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/05/25 19:20:14.0546 1260 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/25 19:20:14.0578 1260 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/25 19:20:14.0625 1260 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/25 19:20:14.0656 1260 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/25 19:20:14.0796 1260 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/25 19:20:14.0875 1260 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/25 19:20:14.0953 1260 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\WINDOWS\system32\drivers\ccdcmb.sys
2011/05/25 19:20:15.0265 1260 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\WINDOWS\system32\drivers\ccdcmbo.sys
2011/05/25 19:20:15.0625 1260 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/25 19:20:15.0781 1260 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/25 19:20:15.0859 1260 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/25 19:20:16.0000 1260 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/25 19:20:16.0156 1260 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/25 19:20:16.0218 1260 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/25 19:20:16.0390 1260 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/25 19:20:16.0468 1260 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/25 19:20:16.0562 1260 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/25 19:20:16.0671 1260 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
2011/05/25 19:20:16.0796 1260 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/25 19:20:16.0875 1260 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/25 19:20:16.0968 1260 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/25 19:20:17.0062 1260 PCTCore (807ff1dd6e1bdf8e7d2062fca0daecaf) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/05/25 19:20:17.0328 1260 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/25 19:20:17.0359 1260 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/25 19:20:17.0406 1260 PMEM (fa292805788528c083f416e151b60ab6) C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
2011/05/25 19:20:17.0468 1260 portio (a15f8012b1bb59f5c5abf1aa1158cd43) C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys
2011/05/25 19:20:17.0515 1260 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/25 19:20:17.0609 1260 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/05/25 19:20:17.0718 1260 psadd (f8a25f1dd8b2c332cbc663e3579566e7) C:\WINDOWS\system32\DRIVERS\psadd.sys
2011/05/25 19:20:17.0890 1260 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/25 19:20:17.0906 1260 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/25 19:20:17.0984 1260 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/25 19:20:18.0078 1260 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/25 19:20:18.0125 1260 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/25 19:20:18.0171 1260 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/25 19:20:18.0328 1260 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/25 19:20:18.0390 1260 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/25 19:20:18.0515 1260 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/25 19:20:18.0671 1260 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/25 19:20:18.0734 1260 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/25 19:20:18.0765 1260 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/25 19:20:18.0875 1260 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/25 19:20:18.0968 1260 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/25 19:20:19.0109 1260 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/25 19:20:19.0218 1260 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/25 19:20:19.0359 1260 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/25 19:20:19.0656 1260 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/25 19:20:19.0781 1260 senfilt (e3a8d5ef17b540fc42465051a34a04eb) C:\WINDOWS\system32\drivers\senfilt.sys
2011/05/25 19:20:19.0859 1260 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/25 19:20:19.0984 1260 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/25 19:20:20.0078 1260 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/25 19:20:20.0218 1260 Sftfs (14cb193ecd4e71a32446790f9ecf39dd) C:\WINDOWS\system32\DRIVERS\Sftfsxp.sys
2011/05/25 19:20:20.0250 1260 Sftplay (1f05637831caf19b069aaf361d720bb9) C:\WINDOWS\system32\DRIVERS\Sftplayxp.sys
2011/05/25 19:20:20.0296 1260 Sftredir (423628f17862593d7d43e02187f4c1b5) C:\WINDOWS\system32\DRIVERS\Sftredirxp.sys
2011/05/25 19:20:20.0328 1260 Sftvol (258ab73a01fa1b8d1a2a053c6bba5544) C:\WINDOWS\system32\DRIVERS\Sftvolxp.sys
2011/05/25 19:20:20.0453 1260 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/25 19:20:20.0531 1260 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/05/25 19:20:20.0687 1260 smwdm (014ab093e6452ea88031bb6e22919bb5) C:\WINDOWS\system32\drivers\smwdm.sys
2011/05/25 19:20:20.0734 1260 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/25 19:20:20.0859 1260 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/25 19:20:20.0968 1260 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/25 19:20:21.0046 1260 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/25 19:20:21.0156 1260 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/05/25 19:20:21.0265 1260 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/25 19:20:21.0312 1260 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/25 19:20:21.0437 1260 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/25 19:20:21.0500 1260 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/25 19:20:21.0640 1260 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/25 19:20:21.0703 1260 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/25 19:20:21.0875 1260 SynTP (6a82eb1a6191edccd8fae2a2ea65d6d2) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/05/25 19:20:22.0046 1260 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/25 19:20:22.0265 1260 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/25 19:20:22.0359 1260 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/25 19:20:22.0468 1260 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/25 19:20:22.0562 1260 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/25 19:20:22.0656 1260 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/25 19:20:22.0750 1260 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/25 19:20:22.0828 1260 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/25 19:20:22.0890 1260 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/25 19:20:23.0000 1260 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/05/25 19:20:23.0093 1260 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/25 19:20:23.0171 1260 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/25 19:20:23.0218 1260 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/25 19:20:23.0296 1260 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/05/25 19:20:23.0406 1260 usbser (1c888b000c2f9492f4b15b5b6b84873e) C:\WINDOWS\system32\drivers\usbser.sys
2011/05/25 19:20:23.0546 1260 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/05/25 19:20:23.0640 1260 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/25 19:20:23.0718 1260 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/25 19:20:23.0812 1260 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/25 19:20:23.0890 1260 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/25 19:20:23.0953 1260 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/25 19:20:24.0078 1260 VX3000 (e26744e5dd71a16e80d4dd5a286b8423) C:\WINDOWS\system32\DRIVERS\VX3000.sys
2011/05/25 19:20:24.0218 1260 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/25 19:20:24.0375 1260 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/05/25 19:20:24.0437 1260 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/25 19:20:24.0515 1260 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/05/25 19:20:24.0625 1260 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/05/25 19:20:24.0765 1260 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/05/25 19:20:24.0859 1260 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/25 19:20:24.0984 1260 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/25 19:20:25.0109 1260 MBR (0x1B8) (4bb2f746f72bc5ae3fd3e861325e0dfc) \Device\Harddisk0\DR0
2011/05/25 19:20:25.0656 1260 ================================================================================
2011/05/25 19:20:25.0656 1260 Scan finished
2011/05/25 19:20:25.0656 1260 ================================================================================
2011/05/25 19:20:25.0671 3368 Detected object count: 0
2011/05/25 19:20:25.0671 3368 Actual detected object count: 0

gasman76
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-05-12
Gender Gender : Male
OS OS : xp
Points Points : 20631
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus taking over

Post by Dr Jay on 25th May 2011, 8:21 pm

ESET Online Scan

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus taking over

Post by gasman76 on 26th May 2011, 9:52 am

Here is the log it wouldnt open where you said so i copy and paste from the result. I didnt click delite quarantined should i run the scan again and do so?
Thanks again Dragon

C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\35\27b84623-6c0baf2d a variant of Java/Exploit.CVE-2010-4452.A trojan cleaned by deleting - quarantined
C:\Documents and Settings\Admin\Application Data\Sun\Java\Deployment\cache\6.0\36\5ab5cca4-1b0b7109 a variant of Win32/Kryptik.NUC trojan cleaned by deleting - quarantined
C:\Documents and Settings\Admin\My Documents\Downloads\RegistryReviverSetup.exe a variant of Win32/RegistryReviver application deleted - quarantined
C:\Documents and Settings\Admin\My Documents\Downloads\yu2011setupcnet7.3.2011.2.exe Win32/Toolbar.Zugo application deleted - quarantined
C:\Program Files\Common Files\Nokia\Codecs\EmzMP4VideoEnc.DLL Win32/Ramnit.H virus cleaned - quarantined
C:\Program Files\Common Files\Nokia\Codecs\EzdAMRWBDec.dll Win32/Ramnit.H virus cleaned - quarantined
C:\Program Files\Common Files\Nokia\Codecs\EzdH264Enc.dll Win32/Ramnit.H virus cleaned - quarantined
C:\Program Files\Common Files\Nokia\Codecs\Image_Dec.dll Win32/Ramnit.H virus cleaned - quarantined
C:\Program Files\Common Files\Nokia\Codecs\NokiaH264HPMPDecTFilter.dll Win32/Ramnit.H virus cleaned - quarantined
C:\Program Files\Common Files\Nokia\MPlatform\MAtom.dll Win32/Ramnit.H virus cleaned - quarantined
C:\Program Files\Common Files\Nokia\MPlatform\MMediaReader.dll Win32/Ramnit.H virus cleaned - quarantined
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP114\A0125138.DLL Win32/Ramnit.H virus cleaned - quarantined
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP114\A0125139.dll Win32/Ramnit.H virus cleaned - quarantined
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP114\A0125140.dll Win32/Ramnit.H virus cleaned - quarantined
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP114\A0125141.dll Win32/Ramnit.H virus cleaned - quarantined
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP114\A0125142.dll Win32/Ramnit.H virus cleaned - quarantined
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP114\A0125143.dll Win32/Ramnit.H virus cleaned - quarantined
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP114\A0125144.dll Win32/Ramnit.H virus cleaned - quarantined
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP114\A0125145.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP114\A0125146.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP114\A0125147.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP114\A0125148.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP114\A0125149.exe Win32/RegistryBooster application cleaned by deleting - quarantined

gasman76
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-05-12
Gender Gender : Male
OS OS : xp
Points Points : 20631
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus taking over

Post by Dr Jay on 26th May 2011, 2:25 pm

I wanna look at something first...

Please download [You must be registered and logged in to see this link.] and save it to your Desktop. Do NOT perform a scan yet

  • Double-click on drweb-cureit.exe to start the program.
    An Express Scan of your PC notice will appear.
  • Under Start the Express Scan Now, Click OK to start the scan.
    This is a short scan that will scan the files currently running in memory.
    If something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the Scan tab and UNcheck Heuristic analysis
  • Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).
  • Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.
  • When finished, a message will be displayed at the bottom advising if any viruses were found.
  • Click Yes to all if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found.
    If so, click it, then click the next icon right below and select Move incurable.
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your Desktop.
  • Exit Dr.Web Cureit when you have finished.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus taking over

Post by gasman76 on 26th May 2011, 7:55 pm

Here is the log it took 3 hours to run, im still not running any virus software at the min cant you recommend something other than AVG untill i purchase thanks...

Bamboo.htm\VBScript.0;C:\Documents and Settings\Admin\My Documents\My Stationery\Bamboo.htm;VBS.Rmnet.2;;
Bamboo.htm;C:\Documents and Settings\Admin\My Documents\My Stationery;Container contains infected objects;Moved.;
Drawing.htm\VBScript.0;C:\Documents and Settings\Admin\My Documents\My Stationery\Drawing.htm;VBS.Rmnet.2;;
Drawing.htm;C:\Documents and Settings\Admin\My Documents\My Stationery;Container contains infected objects;Moved.;
eGathComp.html\VBScript.0;C:\IBMSHARE\eGathComp.html;VBS.Rmnet.2;;
eGathComp.html;C:\IBMSHARE;Container contains infected objects;Moved.;
message_t.html\VBScript.0;C:\Program Files\Lenovo\Message Center Plus\Legacy\message_t.html;VBS.Rmnet.2;;
message_t.html;C:\Program Files\Lenovo\Message Center Plus\Legacy;Container contains infected objects;Moved.;
Bamboo.htm\VBScript.0;C:\Program Files\Windows Live\Mail\Stationery\Bamboo.htm;VBS.Rmnet.2;;
Bamboo.htm;C:\Program Files\Windows Live\Mail\Stationery;Container contains infected objects;Moved.;
Drawing.htm\VBScript.0;C:\Program Files\Windows Live\Mail\Stationery\Drawing.htm;VBS.Rmnet.2;;
Drawing.htm;C:\Program Files\Windows Live\Mail\Stationery;Container contains infected objects;Moved.;

gasman76
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-05-12
Gender Gender : Male
OS OS : xp
Points Points : 20631
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus taking over

Post by Dr Jay on 27th May 2011, 5:43 am

Attention: Your computer is severely infected with Win32\Ramnit what is now called, a cocktail infection. This is an infection that is comprised of many different types of viruses and other malware, to damage your computer, and use it as a zombie for its backdoor network. In other words, your computer is under control of a hacker, and regaining control is now next to impossible.

The first component is a [You must be registered and logged in to see this link.], which is a type of trojan that communicates with a hacker: to transfer personal information about you, use your computer to help perform a denial-of-service attack, redirect your internet searches in order to make money off of your browsing habits, and can be a keylogger to steal personal identifiable information to help rob your identity.

The second component is a [You must be registered and logged in to see this link.], which is a type of malware to take control over your computer at administrator access, having full permission to modify all of your device drivers, and allowing itself to hide all the malware on the system. In other words, it is a hackers way of taking control of your computer, and hiding in the dark at the same time. This is a prime initiative of hackers to help keep access to your computer, robbing all of your personal information, and using your computer to send spam across the internet.

The third component is a [You must be registered and logged in to see this link.], which is a type of virus to purposely damage as many files as possible, in order to keep control of your system, so you have as little access as possible.

Not only has your system been compromised severely, it is also highly damaged, and if you do not commit to my suggested removal method below, then your computer may not function anymore.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information. (If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connecting again.) Banking and credit card institutions should be notified to apprise them of your situation (possible security breach). To protect your information that may have been compromised, I recommend reading these references:


Removal method:

It is recommended to do a reformat and reinstall of your operating system. The experts in the [You must be registered and logged in to see this link.] security community believe that once infected with such a piece of malware, the best course of action would be a reformat and clean reinstall of the OS. This is something I don't like to recommend normally, but in most cases it is the best solution for your safety.

I recommend the following articles to read:
Guides for format and reinstall:

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

However, if you do not have the resources to reinstall your computer's OS and would like me to attempt to clean it, I will be happy to do so. But please consider carefully before deciding against a reformat.
If you do make that decision, I will do my best to help you clean the computer of any infections, but you must understand that once a machine has been taken over by this type of malware, I cannot guarantee that it will be 100% secure even after disinfection or that the removal will be successful.

Please let me know what you have decided to do in your next post. Should you have any questions, please feel free to ask.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus taking over

Post by gasman76 on 27th May 2011, 9:19 am

Hi Dragon I thought this might be the case and would have tried a system re install re formate the hard drive but, I bought this pc last october on ebay as a pre installed user refurbed machine. It comes with no software at all and I cant get access to a win xp disk. When the system was crashing a while ago i could get into the internet by hitting the enter key on boot and it takes you into an ibm area where you can do re intall and verious other things. Dont know if this helps but my local drive is Q and the preinstall stuff is on C drive??? Feel like smashing this thing up now and dont know how the virus got here. dont want to talk about passwords as im probably being logged watched cloaned or what ever you call it right now. But its sorted so at least i dont have to worry about that.
I appreciate all your help and await your response but im guessing unless i have an operating disk theres not much hope??


gasman76
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-05-12
Gender Gender : Male
OS OS : xp
Points Points : 20631
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus taking over

Post by Dr Jay on 28th May 2011, 3:39 am

I can't prove your system will be totally without damage after everything gets cleaned.

It's not impossible to clean your system, however, with a system so damaged, it would be a valuable choice to do a reinstall.

If you would like to attempt to clean all of it, which there is not much left to clean, we will go ahead... What would you like to do?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Virus taking over

Post by gasman76 on 28th May 2011, 4:33 pm

I need to reinstall this system is and IBM with lenovo preloaded software now can i do this with ease and will it rid the virus?? thanks

gasman76
Novice
Novice

Posts Posts : 20
Joined Joined : 2011-05-12
Gender Gender : Male
OS OS : xp
Points Points : 20631
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus taking over

Post by Dr Jay on 30th May 2011, 6:44 pm

Take a look at this link and see if it helps to understand how the IBM/Lenovo Rescue Recovery system works.

[You must be registered and logged in to see this link.]


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum