Trojan virus AVG 'threat detected'

oohgreta · 28 June 2012 at 12:39AM

Hi .. I'm running free AVG security software and of late a pop up keeps appearing when opening certain things (including malwarebytes) saying 'threat detected' Trojon horse dropper. generic etc etc. It seems to be related to systems 32. Following advice taken from other threads I am currently running an updated version of Malwarebytes which has so far detected 10 objects. I can't download ccleaner from the sticky thread as the downlaod webpage appears and the goes blank. Please please please could someone hold my hand and guide me through this mess!! I ran HijackThis and got the following:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:57:12, on 27/06/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Users\Frances\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DF4VMO1X\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O3 - Toolbar: (no name) - !{ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [5dd361d0d68c96da4328dd58adffd4d4] C:\Users\Public\DOWNLO~1\AIRPOR~1.EXE /r
O4 - HKCU\..\Run: [vProt] C:\Program Files (x86)\GameBox\vprot.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spotify] "C:\Users\Frances\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Frances\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Frances\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-18\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage (User 'Default user')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IGRS - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo ReadyComm AppSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\AppSvc.exe
O23 - Service: Lenovo ReadyComm ConnSvc - Lenovo Group Limited - C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton PC Checkup Application Launcher - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 15490 bytes

waddler_8 · 28 June 2012 at 7:21AM

Post the malwarebytes log when finished, then download DDS from the link below and save it to your desktop:

Link

After you've downloaded it and saved it to your desktop:

Double click DDS to run it.
When it's finished, DDS will open two logs:

DDS.txt
Attach.txt

Save both reports to your desktop.

Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)

oohgreta · 28 June 2012 at 9:42PM

Thanks

..Here's the malware log after running scan:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.27.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Frances :: FRANCES-PC [administrator]

28/06/2012 00:09:11
mbam-log-2012-06-28 (00-09-11).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 570770
Time elapsed: 1 hour(s), 32 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\CLSID\{0e32fcd4-7f06-4768-9f2b-869dc2ffffae} (PUP.FunWebProducts) -> No action taken.
HKCR\TypeLib\{af25082c-7883-4ac5-9d15-784f3cfc78df} (PUP.FunWebProducts) -> No action taken.
HKCR\Interface\{7906EEF8-33D6-442A-A07A-11A9A5701935} (PUP.FunWebProducts) -> No action taken.
HKCR\GuffinsInstaller.Start.1 (PUP.FunWebProducts) -> No action taken.
HKCR\GuffinsInstaller.Start (PUP.FunWebProducts) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E32FCD4-7F06-4768-9F2B-869DC2FFFFAE} (PUP.FunWebProducts) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E32FCD4-7F06-4768-9F2B-869DC2FFFFAE} (PUP.FunWebProducts) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\ProgramData\TheBflix (PUP.BFlix) -> No action taken.
C:\ProgramData\TheBflix\data (PUP.BFlix) -> No action taken.

Files Detected: 16
C:\Program Files (x86)\GuffinsEI\Installr\4.bin\u4EZSETP.dll (PUP.FunWebProducts) -> No action taken.
C:\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4VEY6MT\SoftonicDownloader_for_zoo-empire[1].exe (PUP.OfferBundler.ST) -> No action taken.
C:\Users\Frances\AppData\LocalLow\GuffinsEI\Installr\Cache\008F3574.exe (PUP.MyWebSearch) -> No action taken.
C:\Users\Frances\Documents\Guffins.exe (PUP.FunWebProducts) -> No action taken.
C:\Users\loulou rocks\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3H5I6KQ2\SoftonicDownloader_for_windows-live-messenger[1].exe (PUP.OfferBundler.ST) -> No action taken.
C:\Users\loulou rocks\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3H5I6KQ2\SoftonicDownloader_for_windows-live-messenger[2].exe (PUP.OfferBundler.ST) -> No action taken.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> No action taken.
C:\ProgramData\TheBflix\ajhcekcffkpnaednoeoegnmnjdlnjjmg.crx (PUP.BFlix) -> No action taken.
C:\ProgramData\TheBflix\jcofcecapcnoifbaamjdakjclmllfpni.crx (PUP.BFlix) -> No action taken.
C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\Aircraft\ukmilch47aifs9\UKMILch47aiFS9.exe (Adware.Onlinegames) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\Scenery\Mid-Ocean.exe (Adware.Onlinegames) -> Quarantined and deleted successfully.
C:\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3BPDISL6\Impress_Setup[1].exe (Adware.IBryte) -> Quarantined and deleted successfully.
C:\Users\Frances\AppData\Local\Temp\Temp1_Mid-Ocean[1].zip\Mid-Ocean.exe (Adware.Onlinegames) -> Quarantined and deleted successfully.
C:\Users\Frances\AppData\Local\Temp\Temp2_Mid-Ocean[1].zip\Mid-Ocean.exe (Adware.Onlinegames) -> Quarantined and deleted successfully.
C:\Users\Frances\Documents\Adam\Flight Simulator X Files\Mid-Ocean.exe (Adware.Onlinegames) -> Quarantined and deleted successfully.
C:\Windows\Installer\{e756ea73-0e56-2e32-4257-3d76411ff3f5}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.27.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Frances :: FRANCES-PC [administrator]

28/06/2012 00:09:11
mbam-log-2012-06-28 (00-09-11).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 570770
Time elapsed: 1 hour(s), 32 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 7
HKCR\CLSID\{0e32fcd4-7f06-4768-9f2b-869dc2ffffae} (PUP.FunWebProducts) -> No action taken.
HKCR\TypeLib\{af25082c-7883-4ac5-9d15-784f3cfc78df} (PUP.FunWebProducts) -> No action taken.
HKCR\Interface\{7906EEF8-33D6-442A-A07A-11A9A5701935} (PUP.FunWebProducts) -> No action taken.
HKCR\GuffinsInstaller.Start.1 (PUP.FunWebProducts) -> No action taken.
HKCR\GuffinsInstaller.Start (PUP.FunWebProducts) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E32FCD4-7F06-4768-9F2B-869DC2FFFFAE} (PUP.FunWebProducts) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E32FCD4-7F06-4768-9F2B-869DC2FFFFAE} (PUP.FunWebProducts) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\ProgramData\TheBflix (PUP.BFlix) -> No action taken.
C:\ProgramData\TheBflix\data (PUP.BFlix) -> No action taken.

Files Detected: 16
C:\Program Files (x86)\GuffinsEI\Installr\4.bin\u4EZSETP.dll (PUP.FunWebProducts) -> No action taken.
C:\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G4VEY6MT\SoftonicDownloader_for_zoo-empire[1].exe (PUP.OfferBundler.ST) -> No action taken.
C:\Users\Frances\AppData\LocalLow\GuffinsEI\Installr\Cache\008F3574.exe (PUP.MyWebSearch) -> No action taken.
C:\Users\Frances\Documents\Guffins.exe (PUP.FunWebProducts) -> No action taken.
C:\Users\loulou rocks\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3H5I6KQ2\SoftonicDownloader_for_windows-live-messenger[1].exe (PUP.OfferBundler.ST) -> No action taken.
C:\Users\loulou rocks\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3H5I6KQ2\SoftonicDownloader_for_windows-live-messenger[2].exe (PUP.OfferBundler.ST) -> No action taken.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> No action taken.
C:\ProgramData\TheBflix\ajhcekcffkpnaednoeoegnmnjdlnjjmg.crx (PUP.BFlix) -> No action taken.
C:\ProgramData\TheBflix\jcofcecapcnoifbaamjdakjclmllfpni.crx (PUP.BFlix) -> No action taken.
C:\Program Files (x86)\Microsoft Games\Flight Simulator 9\Aircraft\ukmilch47aifs9\UKMILch47aiFS9.exe (Adware.Onlinegames) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\Scenery\Mid-Ocean.exe (Adware.Onlinegames) -> Quarantined and deleted successfully.
C:\Users\Frances\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3BPDISL6\Impress_Setup[1].exe (Adware.IBryte) -> Quarantined and deleted successfully.
C:\Users\Frances\AppData\Local\Temp\Temp1_Mid-Ocean[1].zip\Mid-Ocean.exe (Adware.Onlinegames) -> Quarantined and deleted successfully.
C:\Users\Frances\AppData\Local\Temp\Temp2_Mid-Ocean[1].zip\Mid-Ocean.exe (Adware.Onlinegames) -> Quarantined and deleted successfully.
C:\Users\Frances\Documents\Adam\Flight Simulator X Files\Mid-Ocean.exe (Adware.Onlinegames) -> Quarantined and deleted successfully.
C:\Windows\Installer\{e756ea73-0e56-2e32-4257-3d76411ff3f5}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)
Will run dds now and get back to you!

oohgreta · 28 June 2012 at 9:44PM

Sorry think i pasted twice - sorry. just goes to show how inept i am with I.T. in general!!

waddler_8 · 28 June 2012 at 9:48PM

oohgreta wrote: »

Will run dds now and get back to you!

Ok. There's things to address with the mbam log but post DDS first.

oohgreta · 28 June 2012 at 9:57PM

Here's the first part of the dds log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Frances at 21:52:39 on 2012-06-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4029.2406 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Frances\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\splwow64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\splwow64.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\SymcPCCULaunchSvc.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe
C:\windows\system32\prevhost.exe
C:\PROGRA~2\MICROS~1\Office14\WINWORD.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\splwow64.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\11.1.0\ScriptHelper.exe
[URL="file://\\.\globalroot\systemroot\Installer\{e756ea73-0e56-2e32-4257-3d76411ff3f5}\U"]\\.\globalroot\systemroot\Installer\{e756ea73-0e56-2e32-4257-3d76411ff3f5}\U[/URL]
C:\windows\SysWOW64\rundll32.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.

oohgreta · 28 June 2012 at 10:03PM

.
uStart Page = hxxp://www.google.co.uk/
uSearch Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
uSearch Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: !{ae07101b-46d4-4a98-af68-0333ea26e113} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
TB: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [5dd361d0d68c96da4328dd58adffd4d4] C:\Users\Public\DOWNLO~1\AIRPOR~1.EXE /r
uRun: [vProt] C:\Program Files (x86)\GameBox\vprot.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Spotify] "C:\Users\Frances\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Frances\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Facebook Update] "C:\Users\Frances\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
StartupFolder: C:\Users\Frances\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{56639450-C8B2-433F-961F-EDE9DABDED9D} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EB84B0F8-FADD-4C58-A2E8-443FA8786038} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{EB84B0F8-FADD-4C58-A2E8-443FA8786038}\4514C4B44514C4B4D2641454544483 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB-X64: {0FEF2D2C-CDA6-45E4-B2ED-9DF7C50C95FF} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.

oohgreta · 28 June 2012 at 10:04PM

============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 funfrm;funfrm;C:\windows\system32\drivers\funfrm.sys --> C:\windows\system32\drivers\funfrm.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IGRS;IGRS;C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe [2009-7-14 38152]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-28 654408]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\SymcPCCULaunchSvc.exe [2011-6-6 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.11.20\ccSvcHst.exe [2011-6-6 126392]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-12 935480]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 wdmirror;wdmirror;C:\windows\system32\DRIVERS\WDMirror.sys --> C:\windows\system32\DRIVERS\WDMirror.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?]
S2 ReadyComm.DirectRouter;ReadyComm.DirectRouter;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 Bridge0;Bridge0;C:\windows\system32\drivers\WDBridge.sys --> C:\windows\system32\drivers\WDBridge.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudbus.sys --> C:\windows\system32\DRIVERS\ssudbus.sys [?]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc --> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [?]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?]
S3 Lenovo ReadyComm AppSvc;Lenovo ReadyComm AppSvc;C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [2010-5-31 509192]
S3 Lenovo ReadyComm ConnSvc;Lenovo ReadyComm ConnSvc;C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [2010-5-31 579400]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?]
S3 PS_MDP;ReadyComm Presentation Space Helper Service;C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs --> C:\windows\System32\IgrsSvcs.exe -k IgrsSvcs [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudmdm.sys --> C:\windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
.
=============== Created Last 30 ================
.
2012-06-28 20:35:38

d

w- C:\Users\Frances\AppData\Local\{6CF8C608-4E22-4A9A-ABD6-0B0F1819DDBC}
2012-06-28 20:35:23

d

w- C:\Users\Frances\AppData\Local\{50EEED53-5F2C-4528-B209-58C391438EFC}
2012-06-27 15:19:15

d

w- C:\Users\Frances\AppData\Local\{30EB8F87-1F7E-4C76-9BC0-5B19D53D02C3}
2012-06-26 22:19:45 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-26 22:19:31 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-26 22:19:13 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-26 22:19:13 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-26 22:15:05

d

w- C:\Users\Frances\AppData\Local\{216CE899-B179-4E17-A3D4-24350DF451C9}
2012-06-26 22:14:47

d

w- C:\Users\Frances\AppData\Local\{0EC0F80D-4E50-47C6-92D3-2BD454319096}
2012-06-26 17:21:15

d

w- C:\Users\Frances\AppData\Local\{6A3AF374-156B-4BA1-9BFC-FDE7BD41081E}
2012-06-26 17:21:04

d

w- C:\Users\Frances\AppData\Local\{2B729572-2F56-4D4E-A036-0EDD7984156B}
2012-06-26 17:11:38

d

w- C:\Users\Frances\AppData\Local\{B277BACE-409B-4A9C-967E-485E3A624677}
2012-06-26 17:11:28

d

w- C:\Users\Frances\AppData\Local\{E94A2EE1-5CB6-499D-B655-A2A7DE3D53BC}
2012-06-26 17:10:55

d

w- C:\Users\Frances\AppData\Local\{C031A19D-F1CA-4267-8B20-91C332227709}
2012-06-26 17:10:45

d

w- C:\Users\Frances\AppData\Local\{E9C8B8B8-9A62-4151-8C0B-BE3C41A66FAC}
2012-06-26 17:06:57

d

w- C:\Users\Frances\AppData\Local\{929DB97F-AD0C-4219-86A0-76EF87B86329}
2012-06-26 17:06:46

d

w- C:\Users\Frances\AppData\Local\{ABC3639B-0D79-4ECA-BBB5-D92A565E28D6}
2012-06-26 13:12:12

d

w- C:\Users\Frances\AppData\Local\{E7E96946-7D82-4066-B93F-67C8FBBF92BF}
2012-06-26 11:46:52

d

w- C:\Users\Frances\AppData\Local\{34DE71A3-73B5-4598-AC80-14CA5C698723}
2012-06-26 11:46:35

d

w- C:\Users\Frances\AppData\Local\{8FB97187-192D-44E9-9262-1D8EE4978012}
2012-06-25 21:57:09

d

w- C:\Users\Frances\AppData\Roaming\AVG
2012-06-25 20:40:41

d

w- C:\Users\Frances\AppData\Local\{9E6B67F2-F48C-4A76-80CE-D6E47314E746}
2012-06-25 20:40:35

d

w- C:\Users\Frances\AppData\Local\{6DD99272-DA37-4E28-B1D2-7C870A904396}
2012-06-24 20:46:59

d

w- C:\Users\Frances\AppData\Local\{9F243433-4468-4A41-8E3C-7F53B2A10642}
2012-06-24 20:46:41

d

w- C:\Users\Frances\AppData\Local\{FE4A7AFA-D6B5-4E51-80BA-84E441D29C9C}
2012-06-23 22:48:13

d

w- C:\Users\Frances\AppData\Local\{30A0989E-96FD-4C11-8211-47691EC5577C}
2012-06-23 17:49:39

d-sh--w- C:\windows\System32\%APPDATA%
2012-06-23 10:47:25

d

w- C:\Users\Frances\AppData\Local\{29D7DA2B-8A45-4E94-B17D-92B30BEFE9C7}
2012-06-23 10:47:07

d

w- C:\Users\Frances\AppData\Local\{1D19F865-2F7C-472B-B8D7-1543C60A21B4}
2012-06-20 14:57:58

d

w- C:\Users\Frances\AppData\Local\{084713CC-D959-409D-82AB-6E5402295B48}
2012-06-20 14:57:40

d

w- C:\Users\Frances\AppData\Local\{C75C2985-265A-4A95-B7B4-B8D36B1222C1}
2012-06-19 23:40:22

d

w- C:\windows\en
2012-06-19 23:35:42 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3d80fbcd1cd4e7401\DSETUP.dll
2012-06-19 23:35:42 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3d80fbcd1cd4e7401\DXSETUP.exe
2012-06-19 23:35:42 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3d80fbcd1cd4e7401\dsetup32.dll
2012-06-19 22:04:35

d

w- C:\Users\Frances\AppData\Local\{9368C679-E065-4D83-B55C-D1D44C4B0301}
2012-06-19 22:04:12

d

w- C:\Users\Frances\AppData\Local\{AC5C43A6-FFDA-4516-9954-B00AD7583980}
2012-06-19 18:12:48

d

w- C:\Users\Frances\AppData\Local\{C70AE373-CF2D-4F7A-9CD2-63A76D7B5B7A}
2012-06-19 18:12:25

d

w- C:\Users\Frances\AppData\Local\{0E8CDD1C-4EBA-4BFD-BEB9-84623CAC0D23}
2012-06-18 16:43:27

d

w- C:\Users\Frances\AppData\Local\Facebook
2012-06-18 16:34:42

d

w- C:\Users\Frances\AppData\Local\{67DD2FA3-910C-4E73-A3E1-41DD05BC42A5}
2012-06-17 12:31:32

d

w- C:\Users\Frances\AppData\Local\{11651BE2-82E7-42AB-AEBB-4FC813074548}
2012-06-16 14:23:13

d

w- C:\Users\Frances\AppData\Local\{1F38A83B-B1DB-4274-93B3-DD6F1FF898CB}
2012-06-15 17:53:00

d

w- C:\Users\Frances\AppData\Local\{76835743-B18F-40D9-B267-420CBB024074}
2012-06-14 08:01:45 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-06-12 20:13:10

d

w- C:\Users\Frances\AppData\Local\{844160C7-5009-4370-BD9C-628A9E3000CF}
2012-06-12 20:12:57

d

w- C:\Users\Frances\AppData\Local\{9499A144-6586-437B-A39D-E1F2F136E515}
2012-06-12 20:11:55

d

w- C:\Users\Frances\AppData\Local\AVG Secure Search
2012-06-12 17:41:06

d

w- C:\Users\Frances\AppData\Local\{50D13E4F-4475-40C1-A07D-B5A5B29480BA}
2012-06-12 17:40:44

d

w- C:\Users\Frances\AppData\Local\{A89CF99D-C95B-4A83-95A7-26800BC7FCA7}
2012-06-12 12:23:28

d

w- C:\Users\Frances\AppData\Local\{F5CF3913-902A-4DB3-9955-8137A7017D48}
2012-06-12 12:23:18

d

w- C:\Users\Frances\AppData\Local\{685511BA-EB50-4409-82C1-0E215BB4A7B2}
2012-06-12 12:10:20

d

w- C:\Users\Frances\AppData\Local\{4B108860-0257-4C9F-8C98-CFD92D5E856B}
2012-06-12 12:10:05

d

w- C:\Users\Frances\AppData\Local\{A34D5071-295B-4BE3-8FCD-AEAE4C353E3C}
2012-06-11 21:16:33

d

w- C:\Users\Frances\AppData\Local\{807497F6-75C6-4BFF-A371-789A4FA307C3}
2012-06-11 21:16:18

d

w- C:\Users\Frances\AppData\Local\{1A8EB04A-0E73-42BD-BBF0-A909D7DD9EBD}
2012-06-11 15:58:09

d

w- C:\Users\Frances\AppData\Local\{8FF9E99F-9E8B-4E0B-87D5-47B6BC47A307}
2012-06-11 15:57:49

d

w- C:\Users\Frances\AppData\Local\{4805CF02-76B8-4081-8336-78190805654C}
2012-06-10 23:16:23

d

w- C:\Users\Frances\AppData\Local\{2B1E86BF-1835-4E22-8039-9B60867C4270}
2012-06-10 23:16:13

d

w- C:\Users\Frances\AppData\Local\{368569FC-27C3-4B48-9970-FA889E4E2E6B}
2012-06-10 21:15:19

d

w- C:\Users\Frances\AppData\Local\{DF7D1136-1382-4074-8C7A-78A3612FA596}
2012-06-10 21:15:05

d

w- C:\Users\Frances\AppData\Local\{2A38E9E4-29E3-46F9-A938-8BC94914AD94}
2012-06-10 16:51:27

d

w- C:\Users\Frances\AppData\Local\{4B14D079-7B88-4C12-B6BE-74AFA2D78755}
2012-06-10 16:50:50

d

w- C:\Users\Frances\AppData\Local\{85FB796B-146F-422C-B47C-F95929BF7210}
2012-06-10 09:37:17

d

w- C:\Users\Frances\AppData\Local\{F45C2EB9-3AB0-4EB3-8BB6-5C30982A695A}
2012-06-10 09:36:41

d

w- C:\Users\Frances\AppData\Local\{D5E7BA15-C308-472D-8658-F80A267AF7C0}
2012-06-09 21:55:21

d

w- C:\Users\Frances\AppData\Local\{2B5E6246-EC2E-49F5-9E8F-7002FAD8043D}
2012-06-09 21:55:05

d

w- C:\Users\Frances\AppData\Local\{C535A296-798B-4CD2-98D0-16A8D1238EE9}
2012-06-09 19:13:55

d

w- C:\Users\Frances\AppData\Local\{EB0C4430-9752-44DD-A711-34517A987F48}
2012-06-09 19:13:45

d

w- C:\Users\Frances\AppData\Local\{93010EBC-D497-4BE6-9511-55F0E65A36DA}
2012-06-09 18:50:19

d

w- C:\Users\Frances\AppData\Local\{B371C33C-9634-41B0-A3AF-F8B98D4F1D99}
2012-06-09 18:49:57

d

w- C:\Users\Frances\AppData\Local\{432DD1F5-6D61-492D-8114-3E751413C4F5}
2012-06-09 16:44:12

d

w- C:\Users\Frances\AppData\Local\{293D52BD-49A4-43C1-849B-BE27825EE6A6}
2012-06-09 16:43:45

d

w- C:\Users\Frances\AppData\Local\{0906A613-3CD6-4F91-B9C5-E1F862F69503}
2012-06-09 16:42:00

d

w- C:\Users\Frances\AppData\Local\{422857E8-B766-4E44-8EFC-40014B6E8551}
2012-06-09 16:41:40

d

w- C:\Users\Frances\AppData\Local\{6981302F-42AB-4681-82FD-11FA4C5B250B}
2012-06-09 12:00:09

d

w- C:\Users\Frances\AppData\Local\{1C18EDC5-B98E-4E70-8D9B-CFC49F9554C9}
2012-06-09 11:59:48

d

w- C:\Users\Frances\AppData\Local\{D1035624-F325-4E68-8115-EBEFDED7F987}
2012-06-09 08:25:55

d

w- C:\Users\Frances\AppData\Local\{3B003680-F96C-451A-B970-DC6A78DBF455}
2012-06-09 08:25:19

d

w- C:\Users\Frances\AppData\Local\{F93E46A7-A084-4D3B-A8A4-4C525198589C}
2012-06-08 21:30:44

d

w- C:\Users\Frances\AppData\Local\{FF4E8FE7-1AB5-4D05-92D6-332F62C43187}
2012-06-08 21:30:25

d

w- C:\Users\Frances\AppData\Local\{5505D2CF-213F-4A87-A8E0-B76130513225}
2012-06-08 15:47:43

d

w- C:\Users\Frances\AppData\Local\{09606FF2-DB6A-4063-BF89-860308EB79F8}
2012-06-08 15:47:32

d

w- C:\Users\Frances\AppData\Local\{7398A0D8-EC8A-4305-9D31-4FEAAB43FA80}
2012-06-08 15:27:19

d

w- C:\Users\Frances\AppData\Local\{12B41B46-1117-409D-B62D-9FDFA32EC774}
2012-06-08 15:27:04

d

w- C:\Users\Frances\AppData\Local\{BFC42163-0FEA-44EF-AB21-2052C0D45933}
2012-06-06 14:16:16

d

w- C:\Users\Frances\AppData\Local\{5C1C468E-3C38-4955-804E-479376C9DC2F}
2012-06-06 14:15:35

d

w- C:\Users\Frances\AppData\Local\{B562910A-4099-4FF5-AB43-766EAC66030E}
2012-06-05 19:26:02

d

w- C:\Users\Frances\AppData\Local\{2C3DD778-B4E8-4AD7-8735-C1E6F4DF8839}
2012-06-05 19:25:50

d

w- C:\Users\Frances\AppData\Local\{335970F0-4924-40F8-8265-C70BFD08BD38}
2012-06-05 19:24:58

d

w- C:\Users\Frances\AppData\Local\{BBFA7032-4961-4812-88F1-D4E86850FBEC}
2012-06-05 19:24:26

d

w- C:\Users\Frances\AppData\Local\{961F55A1-7FC7-4387-B01F-EE0F0BC146BD}
2012-06-05 16:49:52

d

w- C:\Users\Frances\AppData\Local\{033D2EDA-9D35-46D3-BB51-93DD23B1EEAD}
2012-06-05 16:49:23

d

w- C:\Users\Frances\AppData\Local\{987AC34F-FD90-408A-8B84-5ED642C6414B}
2012-06-05 11:08:04

d

w- C:\Users\Frances\AppData\Local\{DF53635B-3662-4F31-8C83-6BE87418369A}
2012-06-05 11:07:52

d

w- C:\Users\Frances\AppData\Local\{53C5C691-6167-4AB2-A843-C023095712ED}
2012-06-05 11:06:49

d

w- C:\Users\Frances\AppData\Local\{04758654-3DBD-4E0D-B2F3-093B10ED7164}
2012-06-05 11:06:36

d

w- C:\Users\Frances\AppData\Local\{C76C0951-5E3E-4825-A166-3ED572537161}
2012-06-04 08:27:21

d

w- C:\Users\Frances\AppData\Local\{E22E3579-F120-4B13-AA7D-2358736DB1CC}
2012-06-04 08:26:56

d

w- C:\Users\Frances\AppData\Local\{359B1D18-C3B3-4025-91EA-0EE908B746B7}
2012-06-03 22:04:23

d

w- C:\Users\Frances\AppData\Local\{167D75E8-85E0-4502-BF2D-F78D06382452}
2012-06-03 22:04:12

d

w- C:\Users\Frances\AppData\Local\{A1E03B42-D87B-4D00-B9BF-F1D68D65D62D}
2012-06-03 21:43:08

d

w- C:\Users\Frances\AppData\Local\{F6EB32C8-FB5B-4B49-95FC-8C13E53B830A}
2012-06-03 21:32:37

d

w- C:\Users\Frances\KironRaceViewer
2012-06-03 21:21:27

d

w- C:\Users\Frances\AppData\Roaming\Hrsim
2012-06-03 20:34:17

d

w- C:\Users\Frances\AppData\Local\{A01B54AC-4C29-48EC-A1EA-63E653EAA1D1}
2012-06-03 20:34:05

d

w- C:\Users\Frances\AppData\Local\{A20B175D-A4D2-4EF3-B42F-5E8A908AB584}
2012-06-03 17:30:51

d

w- C:\Users\Frances\AppData\Local\{EA05531E-7927-4E96-BC66-08CAD5D3EB57}
2012-06-03 17:30:41

d

w- C:\Users\Frances\AppData\Local\{3039957B-A459-4133-8ECB-96AF88E09F59}
2012-06-03 16:50:06

d

w- C:\Users\Frances\AppData\Local\{CBC28885-4FF4-4EF2-A580-F82E26FD0AE6}
2012-06-03 16:49:56

d

w- C:\Users\Frances\AppData\Local\{E408A6D5-A8E9-46A1-BAA8-21A9496466BF}
2012-06-03 16:44:08

d

w- C:\Users\Frances\AppData\Local\{3EA6540F-DFF9-4A30-A136-D57D86D65970}
2012-06-03 16:43:57

d

w- C:\Users\Frances\AppData\Local\{F0BBA7BA-55E6-4092-BC4B-34E9D657FF0F}
2012-06-03 15:19:59

d

w- C:\Users\Frances\AppData\Local\SecondLife
2012-06-03 11:07:25

d

w- C:\Users\Frances\AppData\Local\{655855B9-37D6-4603-82D9-EF48EF56B048}
2012-06-03 11:07:07

d

w- C:\Users\Frances\AppData\Local\{EC2671AA-04ED-470B-8A9D-1DC92B294059}
2012-06-03 09:47:59

d

w- C:\Users\Frances\AppData\Local\{0E0167CA-3DEA-4395-AD33-629FAD0EF023}
2012-06-03 09:47:43

d

w- C:\Users\Frances\AppData\Local\{C70980AA-0C15-4A71-A5BF-3094C74CDE7C}
2012-06-02 19:19:42

d

w- C:\Users\Frances\AppData\Local\{88F7911F-2A12-43FB-BE8D-63823114E663}
2012-06-02 19:19:14

d

w- C:\Users\Frances\AppData\Local\{9E2B1101-B094-4D05-B071-4163278CD80F}
2012-06-01 20:56:47

d

w- C:\Users\Frances\AppData\Local\{03A21390-02BA-449C-86E0-05771F80D227}
2012-06-01 20:56:37

d

w- C:\Users\Frances\AppData\Local\{7C4811AF-95A1-4C3A-8D1D-95422EA450AE}
2012-06-01 15:21:39

d

w- C:\Users\Frances\AppData\Local\{83FE05C0-CDE7-451D-9151-50BA60AB91C5}
2012-06-01 15:21:29

d

w- C:\Users\Frances\AppData\Local\{DCC3CE6E-74AA-48FE-981E-9784F1C33D47}
2012-06-01 08:52:44

d

w- C:\Users\Frances\AppData\Local\{0EA620A0-88D8-4ED4-BBFD-347DC1602909}
2012-06-01 08:52:19

d

w- C:\Users\Frances\AppData\Local\{36167E76-9FC3-4FD6-B72E-326FEB25B267}
2012-05-31 19:25:35

d

w- C:\Users\Frances\AppData\Local\{DCA927AC-62AA-4957-BC8E-EC386614C708}
2012-05-31 19:25:25

d

w- C:\Users\Frances\AppData\Local\{FA70B3AB-2A69-4049-B6D0-B59BC820B0A5}
2012-05-31 19:13:13

d

w- C:\Users\Frances\AppData\Local\{473D58DB-AB1C-476C-8D83-E03674CDE9B2}
2012-05-31 19:12:50

d

w- C:\Users\Frances\AppData\Local\{1B351A1B-DDF9-4C1E-85B9-08A5657D550C}
.
==================== Find3M ====================
.
2012-05-15 04:01:31 1188864 ----a-w- C:\windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-15 01:32:33 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-04-20 03:45:41 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2012-04-20 03:16:44 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-04-19 03:50:26 28480 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2012-04-08 20:05:52 30520 ----a-w- C:\windows\SysWow64\daudioinp3220.deu
2012-04-07 12:31:40 3216384 ----a-w- C:\windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\windows\SysWow64\msi.dll
2012-04-04 14:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 21:54:22.02 ===============

oohgreta · 28 June 2012 at 10:12PM

and finally!!

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 24/11/2010 20:04:10
System Uptime: 28/06/2012 21:33:37 (1 hours ago)
.
Motherboard: LENOVO | | NITU1
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | U2E1 | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 421 GiB total, 330.431 GiB free.

is FIXED (NTFS) - 30 GiB total, 29.513 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP222: 26/06/2012 13:28:44 - Restore Operation
RP223: 26/06/2012 13:43:22 - Windows Update
RP224: 26/06/2012 13:49:46 - Windows Backup
RP225: 26/06/2012 18:15:24 - Windows Live Essentials
RP226: 26/06/2012 18:16:12 - Installed DirectX
RP227: 26/06/2012 18:16:32 - Installed DirectX
RP228: 26/06/2012 18:16:51 - WLSetup
RP229: 26/06/2012 19:58:45 - Restore Operation
RP230: 26/06/2012 23:18:42 - Windows Update
RP231: 27/06/2012 16:25:54 - Removed Bonjour
RP232: 27/06/2012 22:52:06 - Windows Backup
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.5
Airbus A380 Second Edition
Apple Application Support
Apple Software Update
AVG Security Toolbar
Broadcom 802.11 Wireless Driver
Canon Easy-PhotoPrint EX
Canon Easy-WebPrint EX
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 4.0
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
Cheat Engine 6.1
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Easy audio mixer 1.0.1
EasyCapture
Energy Management
Facebook Video Calling 1.2.0.159
Google Update Helper
Java Auto Updater
Java(TM) 6 Update 30
Junk Mail filter update
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo ReadyComm 5
Lenovo ReadyComm 5.0 Service
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Flight Simulator X
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Home and Business 2010 - English
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2010
Microsoft PowerPoint Viewer
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Norton PC Checkup
Norton Security Scan
Power2Go
QuickTime
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype Toolbars
Skype™ 5.3
Spotify
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VeriFace
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
Zoo Empire Demo
.
==== Event Viewer Messages From Past Week ========
.
28/06/2012 21:36:42, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
28/06/2012 21:35:09, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
28/06/2012 21:35:09, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
28/06/2012 21:34:13, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
28/06/2012 21:34:13, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
28/06/2012 21:34:13, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
28/06/2012 21:34:13, Error: Service Control Manager [7000] - The ReadyComm.DirectRouter service failed to start due to the following error: The system cannot find the file specified.
23/06/2012 21:28:26, Error: Service Control Manager [7000] - The Symantec Eraser Control driver service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

I hope I have done everything right ..and thanks again for helping

waddler_8 · 28 June 2012 at 10:12PM

Thanks.

I can see straight away you are infected with the sirefef rootkit (aka ZeroAccess)

Go here and read through the instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

Ensure you temporarily turn off your antivirus (AVG) before running. Instructions here
Double click combofix.exe & follow the prompts closely.
When it's finished, it'll produce a log. Post the contents of that log.
It'll be found on your C:\ drive named combofix.txt

Above all, BE PATIENT! and let it run it's course.

oohgreta · 29 June 2012 at 4:51PM

Am going to do it now. Thanks so much

Trojan virus AVG 'threat detected'

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free