Canada13

Same. The only stopping it from getting worse was MBAM ate itself. I haven't shut down yet and did manage to get MBAM reinstalled. The bigger problem is when i shut down will windows now restart? Last log entry: ********************************************* 2013/04/15 19:40:50 -0300 **** **** MESSAGE Executing scheduled update: Hourly | Silent 2013/04/15 19:40:54 -0300 **** **** MESSAGE Scheduled update executed successfully: database updated from version v2013.04.15.11 to version v2013.04.15.12 2013/04/15 19:40:54 -0300 **** **** MESSAGE Starting database refresh 2013/04/15 19:40:54 -0300 **** **** MESSAGE Stopping IP protection 2013/04/15 19:40:54 -0300 **** **** MESSAGE IP Protection stopped successfully 2013/04/15 19:40:56 -0300 **** **** MESSAGE Database refreshed successfully 2013/04/15 19:40:56 -0300 **** **** MESSAGE Starting IP protection 2013/04/15 19:40:56 -0300 **** **** MESSAGE IP Protection started successfully 2013/04/15 19:43:31 -0300 **** **** DETECTION C:\Program Files (x86)\AVG\AVG2012\avgclitx.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:31 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:44 -0300 **** **** DETECTION C:\Program Files (x86)\AVG\AVG2012\avgui.exe Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:55 -0300 **** **** DETECTION C:\Windows\System32\ntdll.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:55 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:55 -0300 **** **** DETECTION C:\Windows\SysWOW64\ntdll.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:55 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:55 -0300 **** **** DETECTION C:\Windows\SysWOW64\KERNELBASE.DLL Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:55 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:55 -0300 **** **** DETECTION C:\Windows\SysWOW64\rpcrt4.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:55 -0300 **** **** DETECTION C:\Windows\SysWOW64\sspicli.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:55 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:55 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:55 -0300 **** **** DETECTION C:\Windows\SysWOW64\shlwapi.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:55 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:55 -0300 **** **** DETECTION C:\Windows\SysWOW64\winmm.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:55 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:55 -0300 **** **** DETECTION C:\Windows\SysWOW64\oleaut32.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:55 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:55 -0300 **** **** DETECTION C:\Windows\SysWOW64\userenv.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:55 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:55 -0300 **** **** DETECTION C:\Windows\SysWOW64\cfgmgr32.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:55 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:55 -0300 **** **** DETECTION C:\Windows\SysWOW64\iertutil.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:55 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:55 -0300 **** **** DETECTION C:\Windows\SysWOW64\msvbvm60.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:55 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:55 -0300 **** **** DETECTION C:\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:56 -0300 **** **** DETECTION C:\Windows\System32\KERNELBASE.DLL Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:57 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:57 -0300 **** **** DETECTION C:\Windows\System32\rpcrt4.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:57 -0300 **** **** DETECTION C:\Windows\System32\MMDevAPI.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:57 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:57 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:57 -0300 **** **** DETECTION C:\Windows\System32\oleaut32.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:57 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:57 -0300 **** **** DETECTION C:\Windows\System32\ntmarta.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:57 -0300 **** **** DETECTION C:\Windows\System32\Wldap32.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:57 -0300 **** **** DETECTION C:\Windows\System32\clbcatq.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:57 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:57 -0300 **** **** DETECTION C:\Windows\System32\AudioSes.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:57 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:57 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:57 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:57 -0300 **** **** DETECTION C:\Windows\System32\cfgmgr32.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:57 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:43:57 -0300 **** **** DETECTION C:\Windows\System32\AUDIOKSE.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:57 -0300 **** **** DETECTION C:\Windows\System32\shlwapi.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:43:57 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:25 -0300 **** **** DETECTION C:\Windows\System32\ntdll.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:25 -0300 **** **** DETECTION C:\Windows\System32\KERNELBASE.DLL Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:25 -0300 **** **** DETECTION C:\Windows\System32\rpcrt4.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:25 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:25 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:25 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:25 -0300 **** **** DETECTION C:\Windows\System32\winmm.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:25 -0300 **** **** DETECTION C:\Windows\System32\userenv.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:25 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:25 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:25 -0300 **** **** DETECTION C:\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:25 -0300 **** **** DETECTION C:\Windows\System32\shlwapi.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:25 -0300 **** **** DETECTION C:\Windows\System32\sspicli.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:25 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:25 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:25 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:26 -0300 **** **** DETECTION C:\Windows\System32\input.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:26 -0300 **** **** DETECTION C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:26 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:26 -0300 **** **** DETECTION C:\Program Files\Windows NT\TableTextService\TABLETEXTSERVICE.DLL Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:26 -0300 **** **** DETECTION C:\Windows\System32\imagehlp.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:26 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:26 -0300 **** **** DETECTION C:\Windows\System32\en-US\KERNELBASE.DLL.MUI Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:26 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:26 -0300 **** **** DETECTION C:\Windows\System32\gpapi.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:26 -0300 **** **** DETECTION C:\Windows\System32\Wldap32.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:26 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:26 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:26 -0300 **** **** DETECTION C:\Windows\System32\clbcatq.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:26 -0300 **** **** DETECTION C:\Windows\System32\oleaut32.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:26 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:26 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:26 -0300 **** **** DETECTION C:\Windows\System32\iertutil.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:26 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:34 -0300 **** **** DETECTION C:\Windows\SysWOW64\winmm.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:34 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:34 -0300 **** **** DETECTION C:\Windows\SysWOW64\msvbvm60.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:34 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:36 -0300 **** **** DETECTION c:\program files (x86)\avg\avg2012\avgui.exe Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:36 -0300 **** **** DETECTION C:\Windows\System32\ntdll.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:36 -0300 **** **** ERROR Quarantine failed: SDKQuarantine failed with error code 2 2013/04/15 19:44:36 -0300 **** **** DETECTION C:\Windows\SysWOW64\ntdll.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:36 -0300 **** **** DETECTION C:\Windows\SysWOW64\KERNELBASE.DLL Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:36 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:36 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:40 -0300 **** **** DETECTION c:\program files (x86)\avg\avg2012\avgui.exe Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:40 -0300 **** **** DETECTION C:\Windows\System32\ntdll.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:40 -0300 **** **** ERROR Quarantine failed: SDKQuarantine failed with error code 2 2013/04/15 19:44:40 -0300 **** **** DETECTION C:\Windows\SysWOW64\ntdll.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:40 -0300 **** **** DETECTION C:\Windows\SysWOW64\KERNELBASE.DLL Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:40 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:40 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:53 -0300 **** **** DETECTION C:\Windows\SysWOW64\userenv.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:44:53 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:44:53 -0300 **** **** DETECTION C:\Windows\SysWOW64\powrprof.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:45:09 -0300 **** **** DETECTION C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Trojan.Downloader.ED QUARANTINE 2013/04/15 19:45:09 -0300 **** **** DETECTION C:\Windows\System32\ntdll.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:45:09 -0300 **** **** DETECTION C:\Windows\SysWOW64\ntdll.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:45:09 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:45:09 -0300 **** **** DETECTION C:\Windows\SysWOW64\KERNELBASE.DLL Trojan.Downloader.ED QUARANTINE 2013/04/15 19:45:09 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:45:09 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:45:09 -0300 **** **** DETECTION C:\Windows\System32\winmm.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:45:09 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:45:25 -0300 **** **** DETECTION C:\Windows\System32\thumbcache.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:45:32 -0300 **** **** DETECTION C:\Windows\System32\ntdll.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:45:32 -0300 **** **** DETECTION C:\Windows\SysWOW64\ntdll.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:45:32 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:45:32 -0300 **** **** DETECTION C:\Windows\SysWOW64\KERNELBASE.DLL Trojan.Downloader.ED QUARANTINE 2013/04/15 19:45:32 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:45:32 -0300 **** **** DETECTION C:\Windows\SysWOW64\rpcrt4.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:45:32 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:45:32 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:45:32 -0300 **** **** DETECTION C:\Windows\SysWOW64\sspicli.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:45:32 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:45:32 -0300 **** **** DETECTION C:\Windows\SysWOW64\clbcatq.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:45:32 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:45:32 -0300 **** **** DETECTION C:\Windows\SysWOW64\oleaut32.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:45:32 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:45:32 -0300 **** **** DETECTION C:\Windows\SysWOW64\shlwapi.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:45:32 -0300 **** **** ERROR Quarantine failed: DeleteFile failed with error code 5 2013/04/15 19:45:32 -0300 **** **** DETECTION c:\windows\system32\thumbcache.dll Trojan.Downloader.ED QUARANTINE 2013/04/15 19:45:32 -0300 **** **** ERROR Quarantine failed: SDKQuarantine failed with error code 2 2013/04/15 19:45:40 -0300 **** **** MESSAGE Stopping protection 2013/04/15 19:45:40 -0300 **** **** MESSAGE Protection stopped successfully 2013/04/15 19:45:40 -0300 **** **** MESSAGE Stopping IP protection 2013/04/15 19:45:40 -0300 **** **** MESSAGE IP Protection stopped successfully 2013/04/15 19:45:40 -0300 **** **** MESSAGE Protection stopped ************************************************************************************************************************ Anything else that could be of assistance?

Thanks!

I'm trying to download the installer and client for World of Tanks. I keep getting an 'outgoing' block to ip 212.124.121.171. I've tried to use the ignore function on the executable but I am still getting blocked trying to get the client. Any help would be appreciated. Thanks

kahdah, I just wanted to give the laptop a couple days. Everything appears cleared up and running fine. Thank you very much for all your help. Canada13

Good morning, In the process of finishing your last instructions at the moment. After all the reboots do I still need to run de-fogger to re-enable what it disabled? Thanks

Woohoo, Windows Update can now be turned on and also ran succesfully. Thank you

Afternoon, Here is the TDSSlog. 2011/04/13 16:19:39.0187 1244 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/13 16:19:40.0312 1244 ================================================================================ 2011/04/13 16:19:40.0312 1244 SystemInfo: 2011/04/13 16:19:40.0312 1244 2011/04/13 16:19:40.0312 1244 OS Version: 5.1.2600 ServicePack: 3.0 2011/04/13 16:19:40.0312 1244 Product type: Workstation 2011/04/13 16:19:40.0312 1244 ComputerName: MINE 2011/04/13 16:19:40.0312 1244 UserName: Rose 2011/04/13 16:19:40.0312 1244 Windows directory: C:\WINDOWS 2011/04/13 16:19:40.0312 1244 System windows directory: C:\WINDOWS 2011/04/13 16:19:40.0312 1244 Processor architecture: Intel x86 2011/04/13 16:19:40.0312 1244 Number of processors: 2 2011/04/13 16:19:40.0312 1244 Page size: 0x1000 2011/04/13 16:19:40.0312 1244 Boot type: Normal boot 2011/04/13 16:19:40.0312 1244 ================================================================================ 2011/04/13 16:19:40.0515 1244 Initialize success 2011/04/13 16:20:00.0890 0552 ================================================================================ 2011/04/13 16:20:00.0890 0552 Scan started 2011/04/13 16:20:00.0890 0552 Mode: Manual; 2011/04/13 16:20:00.0890 0552 ================================================================================ 2011/04/13 16:20:01.0250 0552 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/04/13 16:20:01.0281 0552 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys 2011/04/13 16:20:01.0328 0552 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/04/13 16:20:01.0390 0552 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys 2011/04/13 16:20:01.0453 0552 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/04/13 16:20:01.0562 0552 ApfiltrService (22403504e15810e99a563782e9d45311) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 2011/04/13 16:20:01.0625 0552 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/04/13 16:20:01.0703 0552 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/04/13 16:20:01.0734 0552 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys 2011/04/13 16:20:01.0750 0552 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/04/13 16:20:01.0796 0552 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/04/13 16:20:01.0921 0552 BCM43XX (5d4893633b7161fa25500eb7aeabec94) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 2011/04/13 16:20:02.0062 0552 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/04/13 16:20:02.0250 0552 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/04/13 16:20:02.0281 0552 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/04/13 16:20:02.0343 0552 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/04/13 16:20:02.0421 0552 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/04/13 16:20:02.0468 0552 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/04/13 16:20:02.0546 0552 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/04/13 16:20:02.0562 0552 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/04/13 16:20:02.0609 0552 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/04/13 16:20:02.0656 0552 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/04/13 16:20:02.0687 0552 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/04/13 16:20:02.0703 0552 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/04/13 16:20:02.0765 0552 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/04/13 16:20:02.0781 0552 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/04/13 16:20:02.0843 0552 e1yexpress (71ff7ad30bd9e3c06df112383bb60089) C:\WINDOWS\system32\DRIVERS\e1y5132.sys 2011/04/13 16:20:02.0875 0552 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/04/13 16:20:02.0890 0552 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/04/13 16:20:02.0921 0552 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/04/13 16:20:02.0921 0552 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/04/13 16:20:02.0984 0552 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/04/13 16:20:03.0015 0552 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/04/13 16:20:03.0046 0552 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/04/13 16:20:03.0093 0552 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/04/13 16:20:03.0109 0552 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/04/13 16:20:03.0171 0552 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/04/13 16:20:03.0234 0552 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/04/13 16:20:03.0312 0552 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/04/13 16:20:03.0390 0552 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/04/13 16:20:03.0500 0552 ialm (7df53bb1f78de5dca8ac842868d34b01) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2011/04/13 16:20:03.0609 0552 iastor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\drivers\iastor.sys 2011/04/13 16:20:03.0656 0552 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/04/13 16:20:03.0734 0552 IntcHdmiAddService (f5c70e41b19d33cc764998786ab74165) C:\WINDOWS\system32\drivers\IntcHdmi.sys 2011/04/13 16:20:03.0796 0552 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/04/13 16:20:03.0828 0552 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/04/13 16:20:03.0890 0552 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/04/13 16:20:03.0890 0552 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/04/13 16:20:03.0937 0552 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/04/13 16:20:03.0984 0552 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/04/13 16:20:04.0031 0552 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/04/13 16:20:04.0078 0552 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/04/13 16:20:04.0093 0552 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/04/13 16:20:04.0156 0552 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/04/13 16:20:04.0203 0552 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/04/13 16:20:04.0265 0552 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/04/13 16:20:04.0328 0552 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/04/13 16:20:04.0359 0552 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/04/13 16:20:04.0453 0552 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/04/13 16:20:04.0531 0552 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/04/13 16:20:04.0546 0552 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/04/13 16:20:04.0609 0552 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/04/13 16:20:04.0640 0552 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/04/13 16:20:04.0687 0552 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/04/13 16:20:04.0734 0552 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/04/13 16:20:04.0750 0552 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/04/13 16:20:04.0781 0552 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/04/13 16:20:04.0812 0552 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/04/13 16:20:04.0843 0552 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/04/13 16:20:04.0968 0552 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/04/13 16:20:05.0093 0552 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/04/13 16:20:05.0109 0552 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/04/13 16:20:05.0171 0552 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/04/13 16:20:05.0187 0552 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/04/13 16:20:05.0203 0552 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/04/13 16:20:05.0265 0552 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/04/13 16:20:05.0328 0552 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/04/13 16:20:05.0343 0552 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/04/13 16:20:05.0421 0552 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/04/13 16:20:05.0500 0552 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/04/13 16:20:05.0578 0552 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/04/13 16:20:05.0640 0552 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/04/13 16:20:05.0703 0552 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/04/13 16:20:05.0703 0552 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/04/13 16:20:05.0765 0552 OA001Afx (0f538df1673e5216f3baacb6911d9d0f) C:\WINDOWS\system32\Drivers\OA001Afx.sys 2011/04/13 16:20:05.0828 0552 OA001Ufd (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\WINDOWS\system32\DRIVERS\OA001Ufd.sys 2011/04/13 16:20:05.0890 0552 OA001Vid (159e5a08a6a5231863cddbd787a4eabb) C:\WINDOWS\system32\DRIVERS\OA001Vid.sys 2011/04/13 16:20:05.0968 0552 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/04/13 16:20:06.0015 0552 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/04/13 16:20:06.0046 0552 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/04/13 16:20:06.0078 0552 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/04/13 16:20:06.0093 0552 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/04/13 16:20:06.0140 0552 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/04/13 16:20:06.0281 0552 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/04/13 16:20:06.0281 0552 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/04/13 16:20:06.0312 0552 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/04/13 16:20:06.0390 0552 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/04/13 16:20:06.0453 0552 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/04/13 16:20:06.0453 0552 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/04/13 16:20:06.0468 0552 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/04/13 16:20:06.0531 0552 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/04/13 16:20:06.0546 0552 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/04/13 16:20:06.0609 0552 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/04/13 16:20:06.0671 0552 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/04/13 16:20:06.0718 0552 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/04/13 16:20:06.0765 0552 rimmptsk (ea885e7a56f1be1f14c372337c42fe48) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 2011/04/13 16:20:06.0843 0552 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/04/13 16:20:06.0890 0552 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/04/13 16:20:06.0921 0552 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys 2011/04/13 16:20:06.0968 0552 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys 2011/04/13 16:20:06.0984 0552 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys 2011/04/13 16:20:07.0015 0552 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/04/13 16:20:07.0078 0552 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/04/13 16:20:07.0140 0552 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/04/13 16:20:07.0203 0552 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/04/13 16:20:07.0234 0552 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/04/13 16:20:07.0375 0552 STHDA (c111965a8dbd00768787d807ec3113ff) C:\WINDOWS\system32\drivers\sthda.sys 2011/04/13 16:20:07.0421 0552 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/04/13 16:20:07.0468 0552 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/04/13 16:20:07.0531 0552 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/04/13 16:20:07.0625 0552 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/04/13 16:20:07.0687 0552 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/04/13 16:20:07.0734 0552 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/04/13 16:20:07.0750 0552 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/04/13 16:20:07.0796 0552 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/04/13 16:20:07.0859 0552 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/04/13 16:20:07.0906 0552 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/04/13 16:20:07.0953 0552 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/04/13 16:20:07.0984 0552 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/04/13 16:20:08.0031 0552 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\WINDOWS\system32\DRIVERS\usbccid.sys 2011/04/13 16:20:08.0093 0552 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/04/13 16:20:08.0140 0552 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/04/13 16:20:08.0171 0552 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/04/13 16:20:08.0203 0552 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/04/13 16:20:08.0250 0552 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/04/13 16:20:08.0312 0552 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 2011/04/13 16:20:08.0359 0552 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/04/13 16:20:08.0421 0552 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/04/13 16:20:08.0437 0552 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/04/13 16:20:08.0515 0552 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 2011/04/13 16:20:08.0578 0552 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/04/13 16:20:08.0640 0552 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys 2011/04/13 16:20:08.0687 0552 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 2011/04/13 16:20:08.0734 0552 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/04/13 16:20:08.0781 0552 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/04/13 16:20:08.0812 0552 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/04/13 16:20:08.0859 0552 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys 2011/04/13 16:20:09.0109 0552 ================================================================================ 2011/04/13 16:20:09.0109 0552 Scan finished 2011/04/13 16:20:09.0109 0552 ================================================================================

Good Morning Kahdah, The IE and Firefox redirects appear to have stopped. Windows Autoupdates still wont display the IE updates page nor allow autoupdates to be turned on. ESETScan.txt C:\Documents and Settings\Rose\Application Data\Sun\Java\Deployment\cache\6.0\51\4ef73e33-45cef2e6 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined C:\Documents and Settings\Rose\Application Data\Sun\Java\Deployment\cache\6.0\57\160cda79-1731a99f a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined I'm off to work. Will return in approx 8hrs.

Interesting, before combofix ran the MWB help link would start firefox, now it starts IE. Combofix.log ComboFix 11-04-12.01 - Rose 12/04/2011 22:25:12.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3024.2656 [GMT -3:00] Running from: c:\documents and settings\Rose\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Rose\Application Data\Local . . ((((((((((((((((((((((((( Files Created from 2011-03-13 to 2011-04-13 ))))))))))))))))))))))))))))))) . . 2011-04-12 19:32 . 2011-04-12 19:32 301568 ----a-w- C:\t3syipjd.exe 2011-04-11 20:41 . 2011-04-11 20:41 -------- d-----w- C:\$AVG 2011-04-10 01:01 . 2011-04-10 01:01 -------- d-----w- c:\documents and settings\Administrator 2011-04-09 19:15 . 2011-04-09 20:59 -------- d-----w- c:\program files\Malwarebytes 2011-04-06 01:14 . 2011-04-06 01:14 -------- d-----w- c:\program files\iPod 2011-04-06 01:14 . 2011-04-06 01:14 -------- d-----w- c:\program files\iTunes 2011-04-06 01:12 . 2011-04-06 01:12 -------- d-----w- c:\program files\Bonjour 2011-04-04 15:02 . 2011-04-06 15:37 -------- d-----w- c:\windows\SxsCaPendDel . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-09 13:53 . 2008-04-14 12:00 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2008-04-14 12:00 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58 . 2010-11-06 23:30 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2010-11-06 23:30 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2008-04-14 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-28 170008] "Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-02-03 2670592] "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr] 2009-07-07 06:06 737280 ------w- c:\windows\system32\AESTFltr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2010-02-17 20:20 278528 ----a-w- c:\program files\DellTPad\Apoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell Webcam Central] 2008-04-11 17:28 372736 ------w- c:\program files\Dell Webcam\Dell Webcam Central\WebcamDellB.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2011-03-17 13:35 136176 ----atw- c:\documents and settings\Rose\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2010-07-28 02:33 136216 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-03-07 18:33 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 09:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OA001Mon] 2010-01-28 21:18 24576 ----a-w- c:\windows\OA001Mon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2010-07-28 02:33 145432 ----a-w- c:\windows\system32\igfxpers.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher] 2010-11-11 17:55 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "idsvc"=3 (0x3) "McComponentHostService"=3 (0x3) "iPod Service"=3 (0x3) "gupdate"=2 (0x2) "WMZuneComm"=3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Documents and Settings\\Rose\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [19/04/2007 6:56 AM 133968] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [13/11/2010 12:14 PM 113664] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [06/11/2010 10:31 PM 240344] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [06/11/2010 10:33 PM 116224] R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [06/11/2010 10:34 PM 133632] R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [06/11/2010 10:34 PM 281472] S0 cerc6;cerc6; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 2:16 PM 130384] S3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [06/11/2010 10:34 PM 134144] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 2:16 PM 753504] S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2011 2:23 AM 136176] S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 2:57 PM 268528] . Contents of the 'Scheduled Tasks' folder . 2011-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-05 05:23] . 2011-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-05 05:23] . 2011-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1123561945-1417001333-1003Core.job - c:\documents and settings\Rose\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-17 13:35] . 2011-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1123561945-1417001333-1003UA.job - c:\documents and settings\Rose\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-03-17 13:35] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com?o=14196&l=dis uInternet Settings,ProxyOverride = *.local FF - ProfilePath - c:\documents and settings\Rose\Application Data\Mozilla\Firefox\Profiles\ioz6b8za.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - canadiandriver.com|yahoo.ca|youtube.com|nhl.com/scores . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-ares - c:\program files\Ares\Ares.exe HKLM-Run-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe HKLM-Run-DivX Download Manager - c:\program files\DivX\DivX Plus Web Player\DDmService.exe SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe MSConfigStartUp-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-04-12 22:28 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(884) c:\windows\system32\sxs.dll c:\windows\System32\BCMLogon.dll . - - - - - - - > 'explorer.exe'(2612) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-04-12 22:29:44 ComboFix-quarantined-files.txt 2011-04-13 01:29 . Pre-Run: 123,626,041,344 bytes free Post-Run: 124,784,132,096 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 9C77BF60887C98493FC647D3F2247CB3 Bedtime here. Will check back for new instructions, if any, before work. Thanks.

AVG does not want to uninstall. I keep getting stopped by the 'watchdog process'. Even running as Admin it will not uninstall. Should I use the 15min disable and run combofix or should I find another way to stop and uninstall AVG?

Hello, Ran the files as requested. Here are the results. OTL.txt OTL logfile created on: 12/04/2011 4:40:00 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Rose\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free 7.00 Gb Paging File | 6.00 Gb Available in Paging File | 94.00% Paging File free Paging file location(s): C:\pagefile.sys 4092 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 114.86 Gb Free Space | 77.07% Space Free | Partition Type: NTFS Computer Name: MINE | User Name: Rose | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Rose\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe () PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - c:\Program Files\Zune\ZuneBusEnum.exe (Microsoft Corporation) PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.) PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Rose\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation) SRV - (ZuneWlanCfgSvc) -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (ZuneBusEnum) -- c:\Program Files\Zune\ZuneBusEnum.exe (Microsoft Corporation) SRV - (STacSV) -- c:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.) SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.) DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation) DRV - (OA001Vid) -- C:\WINDOWS\system32\drivers\OA001Vid.sys (Creative Technology Ltd.) DRV - (e1yexpress) Intel

Hi Guys, We're still having problems. As per the sticky 48hrs have passed. MBAM and AVG still show clear runs, but Internet Explorer still re-directs and Windows Automatic Updates cant be turned on. Should I re-run the sticky items and repost/attach? Thanks again in advance,

Good Day, We have seemed to removed XP Antivirus 2011, however we are still encountering IE redirects and no functioning windows automatic updates. Attached are the files as per the sticky. Note that Defogger did not ask for a reboot. DDS.txt . DDS (Ver_11-03-05.01) - NTFSx86 Run by Rose at 10:10:20.06 on 10/04/2011 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3024.2375 [GMT -3:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\idt\wdm\stacsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Intel\ASF Agent\ASFAgent.exe C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\Explorer.EXE c:\Program Files\Zune\ZuneBusEnum.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\WINDOWS\system32\WLTRAY.exe C:\WINDOWS\system32\AESTFltr.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\avgemcx.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Documents and Settings\Rose\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ask.com?o=14196&l=dis uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [ares] "c:\program files\ares\Ares.exe" -h uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289094473484 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\rose\applic~1\mozilla\firefox\profiles\ioz6b8za.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - canadiandriver.com|yahoo.ca|youtube.com|nhl.com/scores FF - plugin: c:\documents and settings\rose\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\rose\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\documents and settings\rose\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984] R2 ASFAgent;ASF Agent;c:\program files\intel\asf agent\ASFAgent.exe [2007-4-19 133968] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-11-13 113664] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2010-11-6 240344] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-11-6 116224] R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2010-11-6 133632] R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2010-11-6 281472] S0 cerc6;cerc6; [x] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2010-11-6 134144] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-5 136176] S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528] . =============== Created Last 30 ================ . 2011-04-09 19:15:14 -------- d-----w- c:\program files\Malwarebytes 2011-04-06 01:14:18 -------- d-----w- c:\program files\iPod 2011-04-06 01:14:15 -------- d-----w- c:\program files\iTunes 2011-04-06 01:12:45 -------- d-----w- c:\program files\Bonjour 2011-04-04 15:02:12 -------- d-----w- c:\windows\SxsCaPendDel . ==================== Find3M ==================== . 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll . ============= FINISH: 10:10:41.57 =============== MBAM did clear items but now runs clean. Here is the log when it cleaned. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6320 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 09/04/2011 5:57:28 PM mbam-log-2011-04-09 (17-57-28).txt Scan type: Full scan (C:\|E:\|) Objects scanned: 201227 Time elapsed: 1 hour(s), 33 minute(s), 36 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 7 Folders Infected: 0 Files Infected: 4 Memory Processes Infected: c:\documents and settings\Rose\local settings\application data\gve.exe (Trojan.Agent) -> 2064 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Rose\Local Settings\Application Data\gve.exe" -a "C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Rose\Local Settings\Application Data\gve.exe" -a "C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Rose\Local Settings\Application Data\gve.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\Rose\Local Settings\Application Data\gve.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: c:\documents and settings\Rose\local settings\application data\gve.exe (Trojan.Agent) -> Delete on reboot. c:\documents and settings\Rose\application data\Sun\Java\deployment\cache\6.0\38\72a57626-1ed227f0 (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\Rose\local settings\application data\ikf.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\documents and settings\Rose\local settings\Temp\0.4438282752717413.exe (Trojan.Agent) -> Quarantined and deleted successfully. Appreciate any help. attach.zip

That fixed worked (the exclusion path). Restored the two files from the vault and MBAM performed a flawless quickscan. No additional programs are running on task manager and everything looks good. Thank you.

I have had the same experience this morning using AVG 8.5. My info screens are the same as sasuke's.