Win32:Trojan-gen {Other}

I’ve been infected by this virus apparently… I’ve tried running the avast boot scan with no luck. I’ve also tried the avast cleaner. That didn’t help either.

It was found in “C:\DOCU~1\ANNECH~1\LOKALE~1\Temp_A00F2496D04.exe.dat”…

I’ve seen recommendations to turn off the System Restore before running a boot scan, but I have no idea of how to do this?

Could anyone help a damsel in distress to remove this sucker from her laptop!?

Thx so much :-*

What action did you choose when avast detected this (Move to chest, Delete, etc. what) ?

What happened when you chose one of the options ?

Based only on the file name with its double file type extension, .exe.dat it certainly looks suspicious. However, that shouldn’t have warranted a boot-time scan or running the virus cleaner (worthless in this case as it 1. isn’t a virus and 2. not on the limited list of viruses the cleaner is designed to repair).

If avast too action (on the option you choose) on the detection then subsequent scans would find nothing else.

So please let is know if there were other issues that you felt necessitated the boot-time scan, etc. ?

You shouldn’t have to disable system restore unless the problem requires it and I don’t feel it does yet (certainly there is insufficient information) as the detected file wasn’t in the system folders.

I tried the recommended move to “Move to chest” but I couldn’t as the file were being used in another process. I also tried cleaning it, but that didn’t work either, as an Avast alert said that the file couldn’t be found.

So Avast couldn’t help me terminate the thing… A quick google pointed me in the direction of the boot scan and the virus cleaner. Which didn’t help me either. And here I am:)

post contents
Check the avast! Log Viewer (right click the avast ‘a’ icon), Warning section, this contains information on all avast detections.

can you go to “virus total” and upload the file and report the results?

also please run a scan with Malware Bytes Anti Malware
post the results

you could try a scan in safe mode

I suggest:

  1. Disable System Restore and then reenable it again.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.

I tried doing the above, and it seems it worked?! I’m no longer getting the warnings from avast about the virus/worm/wtv that sucker was. See the logs below. Do you suggest that I still do as Tech recommends? Or can I consider myself as ‘cured’?! Thx guys - you’re life savers!

Malwarebytes’ Anti-Malware 1.25
Database version: 1062
Windows 5.1.2600 Service Pack 2

19:26:47 22-08-2008
mbam-log-08-22-2008 (19-26-43).txt

Skan type: Hurtig skanning
Objekter skannet: 76484
Tid tilbagelagt: 19 minute(s), 26 second(s)

Inficerede Hukommelses Processer: 0
Inficerede Hukommelses Moduler: 0
Inficerede Registeringsdatabase Nøgler: 5
Inficerede Registeringsdatabase Værdier: 2
Inficerede Registeringsdatabase Filer: 0
Inficerede Mapper: 6
Inficerede Filer: 4

Inficerede Hukommelses Processer:
(Ingen mistænkelige filer fundet)

Inficerede Hukommelses Modules:
(Ingen mistænkelige filer fundet)

Inficerede Registeringsdatabase keys:
HKEY_CLASSES_ROOT\CLSID{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify__c00ed59 (Trojan.Agent) → No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) → No action taken.

Inficerede Registeringsdatabase Værdier:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f2496d04.exe (Trojan.Agent) → No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt&Search\ (Adware.Hotbar) → No action taken.

Inficerede Registeringsdatabase Filer:
(Ingen mistænkelige filer fundet)

Inficerede Mapper:
C:\Programmer\MyGlobalSearch (Adware.MyWebSearch) → No action taken.
C:\Programmer\MyGlobalSearch\bar (Adware.MyWebSearch) → No action taken.
C:\Programmer\MyGlobalSearch\bar\History (Adware.MyWebSearch) → No action taken.
C:\Programmer\MyGlobalSearch\bar\Settings (Adware.MyWebSearch) → No action taken.
C:\Programmer\FunWebProducts (Adware.MyWebSearch) → No action taken.
C:\Programmer\FunWebProducts\Shared (Adware.MyWebSearch) → No action taken.

Inficerede Filer:
C:\Programmer\MyGlobalSearch\bar\History\search (Adware.MyWebSearch) → No action taken.
C:\Programmer\FunWebProducts\Shared\037CD0CA.dat (Adware.MyWebSearch) → No action taken.
C:\Documents and Settings\Anne Christine\Lokale indstillinger\Temp_A00F2496D04.exe (Trojan.Agent) → No action taken.
C:\WINDOWS\system32~.exe (Trojan.Downloader) → No action taken.

Avast log:

21-08-2008 13:17:23 SYSTEM 316 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
21-08-2008 13:24:22 SYSTEM 1788 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\SYSTEM32__C00ED59.DAT” file.
21-08-2008 16:50:36 SYSTEM 1788 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\SYSTEM32__C00ED59.DAT” file.
21-08-2008 16:51:16 SYSTEM 1788 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\SYSTEM32__C00ED59.DAT” file.
21-08-2008 16:52:48 SYSTEM 1788 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\SYSTEM32__C00ED59.DAT” file.
21-08-2008 16:57:03 Anne Christine 1788 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\ANNECH~1\LOKALE~1\Temp_A00F2496D04.exe.dat” file.
21-08-2008 17:25:27 Anne Christine 1800 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\ANNECH~1\LOKALE~1\Temp_A00F2496D04.exe.dat” file.
21-08-2008 23:18:58 Anne Christine 1792 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\ANNECH~1\LOKALE~1\Temp_A00F2496D04.exe.dat” file.
22-08-2008 00:30:30 Anne Christine 1796 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\ANNECH~1\LOKALE~1\Temp_A00F2496D04.exe.dat” file.
22-08-2008 09:06:01 Anne Christine 1780 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\ANNECH~1\LOKALE~1\Temp_A00F2496D04.exe.dat” file.
22-08-2008 17:42:07 SYSTEM 1780 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\ANNECH~1\LOKALE~1\Temp_A00F2496D04.exe.dat” file.

Runscanner logfile http://www.runscanner.net PART I

  • = signed file
  • = file not found

General info

Computer name : AC-EGHOLM
Creation time : 23-08-2008 08:08:38
Hosts <> 127.0.0.1 : 0
Hosts file location : %SystemRoot%\System32\drivers\etc
IE version : 7.0.5730.11
OS : Microsoft Windows XP
OS Build : 2600
OS SP : Service Pack 2
RunScanner Version : 1.7.0.0
User Language : Dansk
User rights : Administrator
Windows folder : C:\WINDOWS

Running processes

c:\programmer\lenovo\system update\suservice.exe ( )
C:\WINDOWS\system32\acs.exe

  • C:\Programmer\Adobe\Acrobat 7.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
    C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
  • C:\WINDOWS\System32\alg.exe (Microsoft Corporation)
  • C:\Documents and Settings\Anne Christine\Lokale indstillinger\Temporary Internet Files\Content.IE5\RTW76R7A\aswar[1].exe (ALWIL Software)
  • C:\Programmer\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
  • C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
  • C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
  • C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
  • C:\Programmer\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
    C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
    C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
  • C:\WINDOWS\vsnp2uvc.exe (Sonix)
  • C:\WINDOWS\system32\csrss.exe (Microsoft Corporation)
  • C:\Programmer\IBM ThinkVantage\Client Security Solution\cssauth.exe (Lenovo Group Limited)
  • C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
    C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
    C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
    C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
  • C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
  • C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
  • C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
  • C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
  • C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
  • C:\WINDOWS\system32\svchost.exe (Microsoft Corporation)
  • C:\Programmer\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
  • C:\Programmer\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
  • C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
  • C:\WINDOWS\system32\ibmpmsvc.exe
  • C:\Programmer\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe (IBM)
  • C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
    C:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
  • C:\Programmer\Internet Explorer\iexplore.exe (Microsoft Corporation)
  • C:\Programmer\iPod\bin\iPodService.exe (Apple Inc.)
    C:\WINDOWS\system32\IPSSVC.EXE (Lenovo Ltd.)
  • C:\Programmer\iTunes\iTunesHelper.exe (Apple Inc.)
  • C:\Programmer\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
  • C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation)
  • C:\WINDOWS\system32\lsass.exe (Microsoft Corporation)
    C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc)
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (McAfee, Inc)
    C:\Programmer\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
    c:\progra~1\mcafee.com\vso\mcvsescn.exe (McAfee, Inc.)
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe (McAfee, Inc.)
    C:\Programmer\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
    c:\programmer\mcafee.com\agent\mcdetect.exe (McAfee, Inc)
  • C:\Programmer\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
  • C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE (Microsoft Corporation)
  • C:\Programmer\Fælles filer\Microsoft Shared\office12\offlb.exe (Microsoft Corporation)
    c:\PROGRA~1\mcafee.com\vso\mcshield.exe (McAfee Inc.)
    C:\Programmer\Fælles filer\Virtual Token\vtserver.exe (UPEK Inc.)
  • C:\Programmer\IBM ThinkVantage\Client Security Solution\pwmgr.exe (Lenovo Group Limited)
  • C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
    C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe (Pharos Systems International)
    C:\WINDOWS\system32\HPZipm12.exe (HP)
    C:\Programmer\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
    C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
    C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
  • C:\Documents and Settings\Anne Christine\Lokale indstillinger\Temp\wzec25\RunScanner.exe (Runscanner.net)
    C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
  • C:\Programmer\Skype\Phone\Skype.exe (Skype Technologies S.A.)
    C:\Programmer\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
  • C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation)
  • C:\Programmer\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Limited)
    C:\Programmer\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe (IBM Corporation)
    C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE (Lenovo)
    C:\WINDOWS\system32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
    C:\WINDOWS\System32\TPHDEXLG.EXE (Lenovo.)
    C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe (Lenovo Group Limited)
    C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)
  • C:\WINDOWS\system32\wbem\wmiapsrv.exe (Microsoft Corporation)
  • C:\WINDOWS\system32\services.exe (Microsoft Corporation)
  • C:\Programmer\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\WINDOWS\system32\TpKmpSVC.exe
    C:\Programmer\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
  • C:\Programmer\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
  • C:\Programmer\Messenger\msmsgs.exe (Microsoft Corporation)
  • C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation)
  • c:\windows\System32\smss.exe (Microsoft Corporation)
  • C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
  • C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
  • C:\Programmer\Fælles filer\Microsoft Shared\Windows Live\WLLoginProxy.exe (Microsoft Corporation)

PART II

Unrated items

002 * C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
002 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL
002 C:\Programmer\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
002 C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
002 C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe (Lenovo Group Limited)
002 c:\PROGRA~1\FÆLLES~1\INSTAL~1\UPDATE~1\ISUSPM.exe (InstallShield Software Corporation)
002 c:\Programmer\Fælles filer\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
002 C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe (Lenovo Group Limited)
002 c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc)
002 c:\PROGRA~1\mcafee.com\agent\mcupdate.exe (McAfee, Inc)
002 C:\Programmer\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
002 C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe (Utimaco Safeware AG)
002 C:\Programmer\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
002 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL (Lenovo Group Limited)
002 C:\Programmer\ThinkPad\ConnectUtilities\QCWLICON.EXE (Lenovo)
002 C:\Programmer\QuickTime\qttask.exe (Apple Inc.)
002 C:\WINDOWS\system32\tp4ex.exe (Lenovo Group Limited)
002 C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
002 C:\Programmer\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
002 C:\WINDOWS\system32\TpShocks.exe (Lenovo, Ltd. and IBM Corporation.)
002 C:\Programmer\Fælles filer\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
002 C:\Programmer\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
002 C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
005 C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
005 C:\Programmer\ThinkPad\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
005 C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
010 C:\WINDOWS\system32\acs.exe (ACU Configuration Service)
010 C:\Programmer\Fælles filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Mobile Device)
010 * C:\Programmer\Alwil Software\Avast4\ashServ.exe (avast! Antivirus)
010 * C:\Programmer\Alwil Software\Avast4\aswUpdSv.exe (avast! iAVS4 Control Service)
010 * C:\Programmer\Alwil Software\Avast4\ashMaiSv.exe (avast! Mail Scanner)
010 * C:\Programmer\Alwil Software\Avast4\ashWebSv.exe (avast! Web Scanner)
010 C:\Programmer\ThinkPad\Bluetooth Software\bin\btwdins.exe (Bluetooth Service)
010 C:\Programmer\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper)
010 C:\Programmer\Windows Media Connect\mswmcls.exe (Hjælpeprogram til WMC (Windows Media Connect))
010 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE (HP Port Resolver)
010 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE (HP Status Server)
010 C:\WINDOWS\system32\TpKmpSVC.exe (IBM KCU Service)
010 C:\WINDOWS\system32\PsaSrv.exe (IBM PSA Access Driver Control)
010 C:\Programmer\Fælles filer\InstallShield\Driver\1150\Intel 32\IDriverT.exe (InstallDriver Table Manager)
010 C:\WINDOWS\system32\IPSSVC.EXE (IPS Core Service)
010 C:\Programmer\Fælles filer\Microsoft Shared\VS7Debug\mdm.exe (Machine Debug Manager)
010 C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (McAfee SecurityCenter Update Manager)
010 c:\PROGRA~1\mcafee.com\agent\mctskshd.exe (McAfee Task Scheduler)
010 c:\programmer\mcafee.com\agent\mcdetect.exe (McAfee WSC Integration)
010 c:\PROGRA~1\mcafee.com\vso\mcshield.exe (McAfee.com McShield)
010 C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe (Pharos Systems ComTaskMaster)
010 C:\WINDOWS\system32\HPZipm12.exe (Pml Driver HPZ12)
010 C:\Programmer\Fælles filer\Virtual Token\vtserver.exe (Protector Suite Virtual Token)
010 C:\Programmer\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer)
010 c:\programmer\lenovo\system update\suservice.exe (System Update)
010 C:\WINDOWS\System32\TPHDEXLG.EXE (ThinkPad HDD APS Logging Service)
010 C:\Programmer\IBM ThinkVantage\Rescue and Recovery\rrservice.exe (TVT Backup Service)
010 C:\Programmer\Fælles filer\Lenovo\Scheduler\tvtsched.exe (TVT Scheduler)
010 c:\programmer\windows media connect\mswmccds.exe (WMC (Windows Media Connect))

PART III

011 C:\WINDOWS\system32\DRIVERS\AegisP.sys (AEGIS Protocol (IEEE 802.1x) v3.2.0.3)
011 C:\WINDOWS\System32\drivers\ANC.SYS (ANC)
011 * C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (aswFsBlk)
011 * C:\WINDOWS\system32\drivers\aswRdr.sys (aswRdr)
011 * C:\WINDOWS\system32\drivers\Aavmker4.sys (avast! Asynchronous Virus Monitor)
011 * C:\WINDOWS\system32\drivers\aswTdi.sys (avast! Network Shield Support)
011 * C:\WINDOWS\system32\drivers\aswSP.sys (avast! Self Protection)
011 * C:\WINDOWS\system32\drivers\aswMon2.sys (avast! Standard Shield Support)
011 C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Bluetooth LAN-access-server)
011 C:\WINDOWS\system32\drivers\btaudio.sys (Bluetooth-audioenhed)
011 C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Bluetooth-busoptæller)
011 C:\WINDOWS\system32\DRIVERS\btport.sys (Driver til virtuel Bluetooth-kommunikation)
011 C:\WINDOWS\system32\drivers\drvmcdb.sys (drvmcdb)
011 C:\WINDOWS\system32\drivers\drvnddm.sys (drvnddm)
011 * C:\WINDOWS\SYSTEM32\EGATHDRV.SYS (IBM eGatherer)
011 C:\WINDOWS\system32\Drivers\psadd.sys (IBM PSA Access Driver)
011 C:\WINDOWS\system32\drivers\ibmfilter.sys (ibmfilter)
011 C:\WINDOWS\System32\drivers\IBMBLDID.SYS (IBMTPCHK)
011 C:\WINDOWS\system32\DRIVERS\PROCDD.SYS (IPS Helper Driver)
011 C:\WINDOWS\system32\drivers\iviaspi.sys (IVI ASPI Shell)
011 C:\WINDOWS\system32\drivers\pfc.sys (Padus ASPI Shell)
011 C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys (PCDRNDISUIO Usermode I/O Protocol)
011 C:\WINDOWS\System32\drivers\pmemnt.sys (pmem)
011 C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys (PrivateDisk)
011 C:\WINDOWS\System32\Drivers\PxHelp20.sys (PxHelp20)
011 C:\WINDOWS\System32\drivers\qcndisif.SYS (QCNDISIF)
011 C:\WINDOWS\system32\drivers\SCDEmu.sys (SCDEmu)
011 C:\WINDOWS\system32\drivers\ShockMgr.sys (ShockMgr)
011 C:\WINDOWS\system32\drivers\Shockprf.sys (Shockprf)
011 C:\WINDOWS\System32\drivers\Smapint.sys (Smapint)
011 C:\Programmer\ThinkVantage Fingerprint Software\smihlp.sys (SMI helper driver)
011 C:\Programmer\SMI2\smi2.sys (smi2)
011 C:\WINDOWS\system32\drivers\sscdbhk5.sys (sscdbhk5)
011 C:\WINDOWS\system32\drivers\ssrtln.sys (ssrtln)
011 C:\WINDOWS\System32\drivers\TDSMAPI.SYS (TDSMAPI)
011 C:\WINDOWS\system32\dla\tfsnboio.sys (tfsnboio)
011 C:\WINDOWS\system32\dla\tfsncofs.sys (tfsncofs)
011 C:\WINDOWS\system32\dla\tfsndrct.sys (tfsndrct)
011 C:\WINDOWS\system32\dla\tfsndres.sys (tfsndres)
011 C:\WINDOWS\system32\dla\tfsnifs.sys (tfsnifs)
011 C:\WINDOWS\system32\dla\tfsnopio.sys (tfsnopio)
011 C:\WINDOWS\system32\dla\tfsnpool.sys (tfsnpool)
011 C:\WINDOWS\system32\dla\tfsnudf.sys (tfsnudf)
011 C:\WINDOWS\system32\dla\tfsnudfa.sys (tfsnudfa)
011 C:\WINDOWS\system32\drivers\TPHKDRV.sys (TPHKDRV)
011 C:\WINDOWS\System32\drivers\Tppwrif.sys (TPPWRIF)
011 C:\WINDOWS\System32\drivers\TSMAPIP.SYS (TSMAPIP)
011 C:\WINDOWS\System32\Drivers\btwusb.sys (WIDCOMM USB Bluetooth Driver)
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
030 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
035 C:\WINDOWS\system32\mscories.dll (Microsoft Corporation) {89B4C1CD-B018-4511-B0A1-5476DBF70820}
041 c:\progra~1\mcafee.com\vso\mcvsshl.dll (McAfee, Inc.) {BA52B914-B692-46c4-B683-905236F6F655}
042 C:\Programmer\Lenovo\PkgMgr\PkgMgr.exe (Lenovo Group Limited) {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}
047 Zone: .kenan-flagler.unc.edu : http://.kenan-flagler.unc.edu
047 Zone: .kenan-flagler.unc.edu : https://.kenan-flagler.unc.edu
052 GUID / CLSID not found {7E853D72-626A-48EC-A868-BA8D5E23E045}
052 C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) {5CA3D70E-1895-11CF-8E15-001234567890}
052 * C:\Programmer\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
052 C:\Programmer\TEXTware\QUICKfind\PlugIns\IEHelp.dll {C08DF07A-3E49-4E25-9AB0-D3882835F153}
061 * C:\Programmer\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
061 C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) {5CA3D70E-1895-11CF-8E15-001234567890}
061 C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) {1D2680C9-0E2A-469d-B787-065558BC7D43}
061 C:\WINDOWS\system32\btneighborhood.dll (Broadcom Corporation.) {6af09ec9-b429-11d4-a1fb-0090960218cb}
061 C:\Programmer\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc.) {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
061 C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdshell.dll (Utimaco Safeware AG) {F6A51CCC-6AA6-46ad-B726-97466F0A38BF}
061 C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation) {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}
061 C:\WINDOWS\system32\dfshim.dll (Microsoft Corporation) {e82a2d71-5b2f-43a0-97b8-81be15854de8}
061 C:\Programmer\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
061 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP) {E0D79304-84BE-11CE-9641-444553540000}
061 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP) {E0D79305-84BE-11CE-9641-444553540000}
061 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP) {E0D79306-84BE-11CE-9641-444553540000}
061 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP) {E0D79307-84BE-11CE-9641-444553540000}
062 C:\Programmer\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627}
067 C:\Programmer\ThinkVantage Fingerprint Software\psfus.dll (UPEK Inc.)
067 C:\WINDOWS\system32\QConGina.dll (Lenovo)
067 C:\WINDOWS\system32\notifyf2.dll
067 C:\WINDOWS\system32\tphklock.dll
069 C:\WINDOWS\system32\PSS0C61F.DLL (Pharos Systems International)
069 C:\WINDOWS\system32\PSS0C622.DLL (Pharos Systems International)
069 C:\WINDOWS\system32\PSS0C626.DLL (Pharos Systems International)
069 C:\WINDOWS\system32\PSS0C629.DLL (Pharos Systems International)
069 C:\WINDOWS\system32\PSS0C62B.DLL (Pharos Systems International)
069 C:\WINDOWS\system32\PSS0C62E.DLL (Pharos Systems International)
069 C:\WINDOWS\system32\PSS0C631.DLL (Pharos Systems International)
069 C:\WINDOWS\system32\PSS0C634.DLL (Pharos Systems International)
069 C:\WINDOWS\system32\PSS0C636.DLL (Pharos Systems International)
073 McAfee.com Scan for Viruses - My Computer (AC-EGHOLM-Anne Christine).job : c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe (McAfee, Inc.)
073 PMTask.job : C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
100 Start Page HKCU : http://www.google.dk/ig?hl=da

PART IV

104 C:\WINDOWS\DOWNLO~1\EBRARY~1.OCX (ebrary) {001EE746-A1F9-460E-80AD-269E088D6A01}
104 * C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx (Facebook, Inc.) {0CCA191D-13A6-4E29-B746-314DEE697D83}
104 * C:\WINDOWS\Downloaded Program Files\minesweeper.dll (Microsoft Corporation) {2917297F-F02B-4B9D-81DF-494B6333150B}
104 * C:\WINDOWS\Downloaded Program Files\acpir2.dll {2DAD3559-2923-4935-AD49-B673D2539944}
104 GUID / CLSID not found {3a4f9191-65a8-11d5-85c1-0001023952c1}
104 C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx (The Facebook) {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}
104 * C:\WINDOWS\Downloaded Program Files\FacebookPhotoUploader.ocx (The Facebook) {5F8469B4-B055-49DD-83F7-62B522420ECC}
104 * C:\WINDOWS\Downloaded Program Files\MgAxCtrl.dll (Autodesk Inc.) {62789780-B744-11D0-986B-00609731A21D}
104 * C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll (Microsoft Corporation) {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
104 GUID / CLSID not found {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
104 * C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx {917623D1-D8E5-11D2-BE8B-00104B06BDE3}
104 C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll (IBM.) {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
104 C:\Programmer\TDC\Digital Signatur CSP\csputil.dll (Cryptomathic A/S) {D216644A-C6DB-49D9-BBCF-D38FE7991BF2}
104 C:\WINDOWS\Downloaded Program Files\IlosoftImageUpload.dll {DC6FEBC5-0A2D-458A-A01B-5DB15EEC4305}
105 &Search :
105 E&ksporter til Microsoft Excel : res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
105 E&xport to Microsoft Excel : res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
105 Send til &Bluetooth : C:\Programmer\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
120 TcpIp SearchList : kenan-flagler.unc.edu,unc.edu
122 C:\WINDOWS\system32\vrlogon.dll (UPEK Inc.)
170 {1bd1ba60-0d2a-11dd-b375-0014a4d4291f} : F:\LaunchU3.exe -a
170 {5c0da1ca-6482-11dd-b456-0014a4d4291f} : F:\ClickMe.exe
170 {7c3a8714-ea30-11dc-b31b-0014a4d4291f} : F:\ClickMe.exe
170 Q : Q:\setupSNK.exe
173 * C:\Programmer\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
173 c:\progra~1\mcafee.com\vso\mcvsshl.dll (McAfee, Inc.)
173 C:\Programmer\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc.) {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
173 C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdshell.dll (Utimaco Safeware AG) {F6A51CCC-6AA6-46ad-B726-97466F0A38BF}
173 C:\Programmer\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
173 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP) {E0D79304-84BE-11CE-9641-444553540000}
221 * C:\Programmer\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
221 c:\progra~1\mcafee.com\vso\mcvsshl.dll (McAfee, Inc.)
221 C:\Programmer\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc.) {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
221 C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdshell.dll (Utimaco Safeware AG) {F6A51CCC-6AA6-46ad-B726-97466F0A38BF}
221 C:\Programmer\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
221 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP) {E0D79304-84BE-11CE-9641-444553540000}
225 * C:\Programmer\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 * C:\Programmer\Alwil Software\Avast4\ashShell.dll (ALWIL Software) {472083B0-C522-11CF-8763-00608CC02F24}
225 c:\progra~1\mcafee.com\vso\mcvsshl.dll (McAfee, Inc.)
225 c:\progra~1\mcafee.com\vso\mcvsshl.dll (McAfee, Inc.)
225 C:\Programmer\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc.) {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
225 C:\Programmer\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc.) {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
225 C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdshell.dll (Utimaco Safeware AG) {F6A51CCC-6AA6-46ad-B726-97466F0A38BF}
225 C:\Programmer\IBM ThinkVantage\SafeGuard PrivateDisk\pdshell.dll (Utimaco Safeware AG) {F6A51CCC-6AA6-46ad-B726-97466F0A38BF}
225 C:\Programmer\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\Programmer\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
225 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP) {E0D79304-84BE-11CE-9641-444553540000}
225 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP) {E0D79304-84BE-11CE-9641-444553540000}
227 C:\Programmer\PowerISO\PWRISOSH.DLL (PowerISO Computing, Inc.) {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
227 C:\Programmer\WinRAR\rarext.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA}
227 C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing LP) {E0D79304-84BE-11CE-9641-444553540000}
231 C:\Programmer\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.) PDF Column Info

Missing files

010 System32\QCONSVC.EXE
011 C:\WINDOWS\system32\drivers\Abiosdsk.sys
011 C:\DOCUME~1\ANNECH~1\LOKALE~1\Temp\aswArKrn.sys
011 C:\WINDOWS\system32\drivers\Atdisk.sys
011 C:\WINDOWS\system32\drivers\Changer.sys
011 C:\WINDOWS\system32\drivers\lbrtfdc.sys
011 C:\WINDOWS\TEMP\mc2F.tmp
011 C:\WINDOWS\system32\drivers\PCIDump.sys
011 C:\WINDOWS\system32\drivers\PDCOMP.sys
011 C:\WINDOWS\system32\drivers\PDFRAME.sys
011 C:\WINDOWS\system32\drivers\PDRELI.sys
011 C:\WINDOWS\system32\drivers\PDRFRAME.sys
011 C:\WINDOWS\system32\drivers\Simbad.sys
011 c:\windows\system32\DRIVERS\usbser_lowerflt.sys
011 C:\WINDOWS\system32\drivers\WDICA.sys
061 deskpan.dll
067

HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00ed59 (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
Why didn't you let MBAM get rid of what it detected?

Perhaps because I said run a scan and post the results…
I will modify advice and say click REMOVE and add a note that this automatically creates a quarantine