View Full Version : Security Shield
teresamay
2012-02-05, 13:20
Hi,
I was wondering if someone could help me please. Security Shield installed itself on my laptop last night. This forum came up as a possible help solution on Google so I thought I would give it a try.
I apologise if I am in the wrong place or if I have/havent done something I was/was not supposed to do before posting this here - but I have tried to read through the post suggested and I have no idea what ERUNT or DDS etc means??
Security Shield instaled itself on my laptop last night. I was not able to Ctrl, Alt, Del as it stopped me. I couuld not run my Avir Antivirus because it stopped that too. This morning (with advice from a friend) I have tried system restore, which has seemingly erased the program. I have had no pop ups since, however I am aware that this does not mean that it has gone forever. I have since downloaded AVG and am currently running a full system scan on that.
Could someone please advise as to whether this is ok, or whether there is a better solution out there? Please please don't tell me off if I'm in the wrong place. I did try and read your intro thread but its so confusing to someone who is not computer literate like me.
Thank you so much in advance.
Hi,
Download DDS and save it to your desktop from here (http://download.bleepingcomputer.com/sUBs/dds.com) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds file to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
teresamay
2012-02-09, 00:45
Thank you so much. Here we go..
Hi,
Please post attach.txt contents too (no need to use attachments but copy-paste contents to your reply :)).
teresamay
2012-02-09, 12:23
Ok sorry :)
Here is what it came up with? Is this right?
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Elisha at 10:21:32 on 2012-02-09
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3068.1661 [GMT 0:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIFIE.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Activ Software\ActivDriver\activmgr.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIFBE.EXE
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Epson Stylus SX510W(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIE.EXE /FU "C:\Windows\TEMP\E_S5996.tmp" /EF "HKCU"
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [EPSON SX110 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_S1F6C.tmp" /EF "HKCU"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\Elisha\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Elisha\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 131.1.2.14 131.1.2.15
TCP: Interfaces\{10BD0976-4389-430D-99AD-E7F216DFE178} : DhcpNameServer = 131.1.2.14 131.1.2.15
TCP: Interfaces\{10BD0976-4389-430D-99AD-E7F216DFE178}\05C65737E6564775962756C6563737 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{10BD0976-4389-430D-99AD-E7F216DFE178}\553475F575962756C6563737 : DhcpNameServer = 131.1.2.14 131.1.2.15
TCP: Interfaces\{10BD0976-4389-430D-99AD-E7F216DFE178}\65963647F6279616 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{10BD0976-4389-430D-99AD-E7F216DFE178}\D4363416E6E6 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Elisha\AppData\Roaming\Mozilla\Firefox\Profiles\uaaik3d2.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2010-10-29 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-1-26 136360]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-1-26 269480]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-9 1692480]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-3 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-3 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-22 30963576]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-12-14 25072]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-02-09 10:11:09 -------- d-----w- C:\Users\Elisha\AppData\Local\{3D2EB61D-B135-4940-9B3D-3230A8BB6B03}
2012-02-08 16:30:51 -------- d-----w- C:\Users\Elisha\AppData\Local\{DABC1D76-3E92-403D-8691-105ED781A36A}
2012-02-08 16:30:37 -------- d-----w- C:\Users\Elisha\AppData\Local\{08B96923-A7AC-426B-B0D4-31E6A439FA36}
2012-02-06 10:06:17 -------- d-----w- C:\Users\Elisha\AppData\Local\{14A5454E-FA6D-409C-A1C4-DC1801E51DE3}
2012-02-06 10:06:06 -------- d-----w- C:\Users\Elisha\AppData\Local\{34586C91-E5E4-4278-AA0B-B2A0F5747AB6}
2012-02-05 10:45:59 -------- d-----w- C:\Users\Elisha\AppData\Roaming\AVG2012
2012-02-05 10:40:28 -------- d--h--w- C:\ProgramData\Common Files
2012-02-05 10:40:14 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-02-05 10:39:43 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-02-05 10:39:43 -------- d-----w- C:\ProgramData\AVG2012
2012-02-05 10:38:27 -------- d-----w- C:\Program Files (x86)\AVG
2012-02-05 10:33:23 -------- d-----w- C:\ProgramData\MFAData
2012-02-05 09:57:43 -------- d-----w- C:\Users\Elisha\AppData\Local\{AECF8EE6-BD4E-4AC2-82B3-49B04686262A}
2012-02-05 09:51:15 -------- d-----w- C:\Users\Elisha\AppData\Local\{61BEE903-C32B-4FD6-81AE-4E9C38E4C077}
2012-02-05 09:42:34 -------- d-----w- C:\Users\Elisha\AppData\Local\{20C6553C-3BDD-4B5C-A8A1-D4E06BBD20F9}
2012-02-04 20:22:22 323072 ----a-w- C:\Users\Elisha\AppData\Local\zqpyd.exe
2012-02-04 13:28:28 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{898F56A5-679F-47A4-A346-E3C8C0315DF5}\mpengine.dll
2012-02-04 13:23:56 -------- d-----w- C:\Users\Elisha\AppData\Local\{AE35AD95-9171-4324-8D02-67DBA2897EA1}
2012-02-04 13:23:45 -------- d-----w- C:\Users\Elisha\AppData\Local\{87405D0D-90FE-41A0-B187-0234762489A8}
2012-02-01 19:16:22 -------- d-----w- C:\Users\Elisha\AppData\Local\{F13A4085-1911-47AF-9D8C-486AE98DEED1}
2012-02-01 19:16:12 -------- d-----w- C:\Users\Elisha\AppData\Local\{E655EFC5-939F-4A4C-8EB7-B3EAFE70CED4}
2012-01-31 11:15:40 -------- d-----w- C:\Users\Elisha\AppData\Local\{53DD7C59-797C-49A0-802A-E21218773022}
2012-01-29 09:11:08 -------- d-----w- C:\Users\Elisha\AppData\Local\{75B989FE-0248-49EA-89AA-E45639288B64}
2012-01-29 09:10:56 -------- d-----w- C:\Users\Elisha\AppData\Local\{D3C0B97F-D348-4736-9B3D-F845A90F0CDD}
2012-01-24 19:50:59 -------- d-----w- C:\Users\Elisha\AppData\Local\{AB54CEDD-A069-4C1C-A3E2-DB79E2964D5E}
2012-01-24 19:50:48 -------- d-----w- C:\Users\Elisha\AppData\Local\{6794C192-7B4D-4D96-A902-168F1C7DAAEE}
2012-01-19 17:23:23 -------- d-----w- C:\Users\Elisha\AppData\Local\{5DC5D794-5832-483C-874E-B3B71284CB46}
2012-01-19 17:23:13 -------- d-----w- C:\Users\Elisha\AppData\Local\{08B3D2C6-8EE7-4DD0-88A7-4C63A877125D}
2012-01-18 19:33:48 -------- d-----w- C:\Users\Elisha\AppData\Local\{DF697CE1-B948-42F9-9E4E-61E7CABE0C63}
2012-01-18 19:33:37 -------- d-----w- C:\Users\Elisha\AppData\Local\{BEE97DDC-20D1-4AB7-A780-A9A19559037D}
2012-01-17 09:30:01 -------- d-----w- C:\Users\Elisha\AppData\Local\{CBB4B321-711A-4F19-A807-90AF7D46D468}
2012-01-17 09:28:25 -------- d-----w- C:\Users\Elisha\AppData\Local\{81D5ADA8-3239-414B-8934-C92DD66DE4D0}
2012-01-16 17:28:38 -------- d-----w- C:\Users\Elisha\AppData\Local\{C95399C4-BA25-4424-9729-8F0329F6EDFF}
2012-01-16 17:28:27 -------- d-----w- C:\Users\Elisha\AppData\Local\{4D3B5FB4-2497-49C8-BBA4-B1A7A128377A}
2012-01-15 17:54:55 -------- d-----w- C:\Users\Elisha\AppData\Local\{4BA83EAB-8368-4DDD-9FE9-4D467FCC3214}
2012-01-15 17:54:44 -------- d-----w- C:\Users\Elisha\AppData\Local\{C127371D-BA4E-4BA0-830D-EAA30CDF66AE}
2012-01-13 09:23:30 -------- d-----w- C:\Users\Elisha\AppData\Local\{1D18AB4F-7BA3-4533-8127-0E73E9CF3948}
2012-01-13 09:23:19 -------- d-----w- C:\Users\Elisha\AppData\Local\{41227ED4-9ED2-4E5E-9069-E04B322286C8}
2012-01-12 19:32:26 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-12 19:32:26 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-12 19:32:26 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-12 19:32:26 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-12 19:32:11 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-12 19:32:11 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-12 19:31:58 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-12 19:31:58 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-12 18:30:17 -------- d-----w- C:\Users\Elisha\AppData\Local\{E15B3221-2F09-401F-96F2-2CC20D31DBE6}
.
==================== Find3M ====================
.
2012-01-27 00:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-06 22:27:23 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 10:22:32.09 ===============
Hi,
That's contents of dds.txt. There should be attach.txt file created also as a result of DDS run.
teresamay
2012-02-09, 12:38
Oh ok sorry :/ Where would I find that please?
Run DDS and after program has finished process two logs will open in separate notepad windows. One of those is mentioned attach.txt file.
teresamay
2012-02-09, 13:15
Aha! Thank you
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 24/01/2011 09:24:00
System Uptime: 09/02/2012 10:08:47 (1 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz | Microprocessor | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 222.67 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP388: 16/01/2012 22:38:48 - Windows Update
RP389: 17/01/2012 12:03:13 - Windows Update
RP390: 18/01/2012 19:38:55 - Windows Update
RP391: 18/01/2012 22:33:08 - Windows Update
RP392: 24/01/2012 19:53:42 - Windows Update
RP393: 24/01/2012 19:55:22 - Windows Update
RP394: 24/01/2012 22:05:20 - Windows Update
RP395: 29/01/2012 09:15:01 - Windows Update
RP396: 31/01/2012 11:26:07 - Windows Update
RP397: 01/02/2012 19:18:59 - Windows Update
RP398: 02/02/2012 00:18:27 - Windows Update
RP399: 04/02/2012 13:28:01 - Windows Update
RP400: 04/02/2012 20:25:45 - Windows Update
RP401: 05/02/2012 09:44:15 - Restore Operation
RP402: 05/02/2012 09:44:34 - Windows Update
RP403: 05/02/2012 09:51:57 - Restore Operation
RP404: 05/02/2012 10:37:09 - Installed AVG 2012
RP405: 05/02/2012 10:38:47 - Installed AVG 2012
RP406: 05/02/2012 22:25:19 - Windows Update
RP407: 08/02/2012 11:17:02 - Windows Update
RP408: 08/02/2012 19:23:46 - Windows Update
RP409: 09/02/2012 10:13:08 - Windows Update
.
==== Installed Programs ======================
.
ABBYY FineReader 6.0 Sprint
ActivInspire Core Resources (ENU) v1
ActivInspire Help (GBR) v1
ActivInspire HWR Resources (ENU) v1
ActivInspire v1
Adobe Reader 9.4.7
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
ATI Catalyst Control Center
Avira AntiVir Personal - Free Antivirus
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Dock
Dell Getting Started Guide
DHTML Editing Component
Epson Easy Photo Print 2
Epson Event Manager
Epson Printer Software Downloader
EPSON Scan
Epson Stylus SX510W_TX550W Manual
EpsonNet Print
EpsonNet Setup
Google Toolbar for Internet Explorer
Google Update Helper
InterActual Player
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
Mesh Runtime
Messenger Companion
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 9.0.1 (x86 en-GB)
MSVCRT
MSVCRT_amd64
Norton Security Scan
QuickTime
Roxio Burn
Safari
SecondLifeViewer2 (remove only)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Skins
Skype Toolbars
Skype™ 4.2
Turbo Lister 2
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Visual Studio 2008 x64 Redistributables
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WYSIWYG Web Builder 5.5
WYSIWYG Web Builder 7
.
==== Event Viewer Messages From Past Week ========
.
09/02/2012 10:14:36, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800b0100: Update for Windows 7 for x64-based Systems (KB2641690).
04/02/2012 13:22:48, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
.
==== End Of File ===========================
Hi again,
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
teresamay
2012-02-10, 14:02
Hi, I have just ran PC Performer on my laptop. It says I have 700+ errorsd. There is no report/notepad showing?
Hi,
Sounds like you didn't download ComboFix but instead some program advertised at Bleeping Computer site. Did you read the linked tutorial thru like instructed? If you did then you shouldn't had ended up with "PC Performer" program running.
teresamay
2012-02-10, 17:58
Ok, sorry I must have clicked on a banner rather than Combofix. I have deleted that now.
i have followed the link and read through the guide. Combofix came up with a box with green writing in. It scanned, but then disappeared. I have no log file?? :confused:
teresamay
2012-02-10, 18:34
Sorry, had antivirus running. Its scanning as we speak..
teresamay
2012-02-10, 20:26
Ok, heres the combofix report :)
ComboFix 12-02-10.01 - Elisha 10/02/2012 16:05:00.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3068.1590 [GMT 0:00]
Running from: c:\users\Elisha\Documents\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\82c29976-999d-4c8f-bac9-590e78eef64b.dll
c:\programdata\PCDr\5907\Downloads\8d357f17-07ad-4392-ba06-fb67564c98cd.dll
c:\programdata\PCDr\5907\Downloads\b9ce760f-6209-48f2-a4a3-695324591c45.dll
c:\programdata\PCDr\5907\Downloads\d1f4dc82-bc4c-4916-b37c-3ab9c30ae468.dll
c:\programdata\PCDr\5907\Downloads\f8338de4-40cb-4494-bc70-93db3ab9e32d.dll
c:\programdata\PCDr\5907\Downloads\fa2ff61b-2c58-4071-916b-f881289a3959.dll
c:\users\Elisha\AppData\Local\zqpyd.exe
c:\users\Elisha\Documents\~WRL0523.tmp
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-10 to 2012-02-10 )))))))))))))))))))))))))))))))
.
.
2012-02-10 17:08 . 2012-02-10 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-10 11:57 . 2012-02-10 11:57 -------- d-----w- c:\users\Elisha\AppData\Roaming\PerformerSoft
2012-02-10 11:57 . 2012-01-03 19:11 16752 ----a-w- c:\windows\system32\roboot64.exe
2012-02-10 11:57 . 2012-02-10 11:57 -------- d-----w- c:\program files (x86)\PC Performer
2012-02-10 11:56 . 2012-02-10 11:56 -------- d-----w- c:\program files (x86)\InstallBrainService
2012-02-05 10:45 . 2012-02-05 10:45 -------- d-----w- c:\users\Elisha\AppData\Roaming\AVG2012
2012-02-05 10:40 . 2012-02-05 10:40 -------- d--h--w- c:\programdata\Common Files
2012-02-05 10:40 . 2012-02-05 10:40 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-02-05 10:39 . 2012-02-10 11:03 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-05 10:39 . 2012-02-05 10:55 -------- d-----w- c:\programdata\AVG2012
2012-02-05 10:38 . 2012-02-05 10:38 -------- d-----w- c:\program files (x86)\AVG
2012-02-05 10:33 . 2012-02-10 11:03 -------- d-----w- c:\programdata\MFAData
2012-02-04 13:28 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{898F56A5-679F-47A4-A346-E3C8C0315DF5}\mpengine.dll
2012-01-12 19:32 . 2011-10-26 05:33 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-12 19:32 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-12 19:32 . 2011-10-26 04:33 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-12 19:32 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-12 19:32 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-01-12 19:32 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-12 19:31 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-12 19:31 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-27 00:52 . 2011-01-26 17:45 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 22:27 . 2011-09-28 15:55 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 05:00 . 2011-12-15 17:46 3141632 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-09-21 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-08-01 165184]
.
c:\users\Elisha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-1-21 226176]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-19 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-02-01 25072]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 InstallBrainService;InstallBrain Updater Service;c:\program files (x86)\InstallBrainService\InstallBrainService.exe [2012-02-10 273912]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-10 c:\windows\Tasks\Epson Printer Software Downloader.job
- c:\program files (x86)\EPSON\EPAPDL\E_SAPDL2.EXE [2009-05-26 23:43]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 18:28]
.
2012-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-03 18:28]
.
2011-12-19 c:\windows\Tasks\Norton Security Scan for Elisha.job
- c:\progra~2\NORTON~2\Engine\311~1.6\Nss.exe [2011-05-14 08:22]
.
2012-02-10 c:\windows\Tasks\PC Performer_DEFAULT.job
- c:\program files (x86)\PC Performer\PCPerformer.exe [2012-02-10 19:11]
.
2012-02-10 c:\windows\Tasks\PC Performer_UPDATES.job
- c:\program files (x86)\PC Performer\PCPerformer.exe [2012-02-10 19:11]
.
2012-01-31 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-02-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-02-10 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-02-25 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2x64.exe" [2010-12-17 1240944]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Elisha\AppData\Roaming\Mozilla\Firefox\Profiles\uaaik3d2.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-WYSIWYG_Web_Builder_5 - c:\windows\iun6002.exe
AddRemove-WYSIWYG_Web_Builder_7 - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
c:\program files\Activ Software\ActivDriver\activmgr.exe
c:\program files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
.
**************************************************************************
.
Completion time: 2012-02-10 17:42:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-10 17:42
.
Pre-Run: 242,343,628,800 bytes free
Post-Run: 242,885,361,664 bytes free
.
- - End Of File - - 66CAB91C7C96FF6321EADA1118B727B2
teresamay
2012-02-10, 20:31
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Elisha at 18:26:45 on 2012-02-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3068.1576 [GMT 0:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\InstallBrainService\InstallBrainService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Activ Software\ActivDriver\ActivControl2x64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Activ Software\ActivDriver\activmgr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Roxio\Roxio Burn\Roxio Burn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\Elisha\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Elisha\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{10BD0976-4389-430D-99AD-E7F216DFE178} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{10BD0976-4389-430D-99AD-E7F216DFE178}\05C65737E6564775962756C6563737 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{10BD0976-4389-430D-99AD-E7F216DFE178}\553475F575962756C6563737 : DhcpNameServer = 131.1.2.14 131.1.2.15
TCP: Interfaces\{10BD0976-4389-430D-99AD-E7F216DFE178}\D4363416E6E6 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Elisha\AppData\Roaming\Mozilla\Firefox\Profiles\uaaik3d2.default\
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [2010-10-29 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 InstallBrainService;InstallBrain Updater Service;C:\Program Files (x86)\InstallBrainService\InstallBrainService.exe [2012-2-10 273912]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-12-9 1692480]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-3 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-3 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-22 30963576]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-10 4925184]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-2-1 25072]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-02-10 17:11:35 -------- d-----w- C:\$RECYCLE.BIN
2012-02-10 16:03:12 98816 ----a-w- C:\Windows\sed.exe
2012-02-10 16:03:12 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-10 16:03:12 256000 ----a-w- C:\Windows\PEV.exe
2012-02-10 16:03:12 208896 ----a-w- C:\Windows\MBR.exe
2012-02-10 11:57:13 -------- d-----w- C:\Users\Elisha\AppData\Roaming\PerformerSoft
2012-02-10 11:57:12 16752 ----a-w- C:\Windows\System32\roboot64.exe
2012-02-10 11:57:10 -------- d-----w- C:\Program Files (x86)\PC Performer
2012-02-10 11:56:58 -------- d-----w- C:\Program Files (x86)\InstallBrainService
2012-02-10 10:59:43 -------- d-----w- C:\Users\Elisha\AppData\Local\{D7DCC2A4-E025-43A3-B31F-13B5C1830454}
2012-02-09 10:11:09 -------- d-----w- C:\Users\Elisha\AppData\Local\{3D2EB61D-B135-4940-9B3D-3230A8BB6B03}
2012-02-08 16:30:51 -------- d-----w- C:\Users\Elisha\AppData\Local\{DABC1D76-3E92-403D-8691-105ED781A36A}
2012-02-08 16:30:37 -------- d-----w- C:\Users\Elisha\AppData\Local\{08B96923-A7AC-426B-B0D4-31E6A439FA36}
2012-02-06 10:06:17 -------- d-----w- C:\Users\Elisha\AppData\Local\{14A5454E-FA6D-409C-A1C4-DC1801E51DE3}
2012-02-06 10:06:06 -------- d-----w- C:\Users\Elisha\AppData\Local\{34586C91-E5E4-4278-AA0B-B2A0F5747AB6}
2012-02-05 10:45:59 -------- d-----w- C:\Users\Elisha\AppData\Roaming\AVG2012
2012-02-05 10:40:28 -------- d--h--w- C:\ProgramData\Common Files
2012-02-05 10:40:14 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-02-05 10:39:43 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-02-05 10:39:43 -------- d-----w- C:\ProgramData\AVG2012
2012-02-05 10:38:27 -------- d-----w- C:\Program Files (x86)\AVG
2012-02-05 10:33:23 -------- d-----w- C:\ProgramData\MFAData
2012-02-05 09:57:43 -------- d-----w- C:\Users\Elisha\AppData\Local\{AECF8EE6-BD4E-4AC2-82B3-49B04686262A}
2012-02-05 09:51:15 -------- d-----w- C:\Users\Elisha\AppData\Local\{61BEE903-C32B-4FD6-81AE-4E9C38E4C077}
2012-02-05 09:42:34 -------- d-----w- C:\Users\Elisha\AppData\Local\{20C6553C-3BDD-4B5C-A8A1-D4E06BBD20F9}
2012-02-04 13:28:28 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{898F56A5-679F-47A4-A346-E3C8C0315DF5}\mpengine.dll
2012-02-04 13:23:56 -------- d-----w- C:\Users\Elisha\AppData\Local\{AE35AD95-9171-4324-8D02-67DBA2897EA1}
2012-02-04 13:23:45 -------- d-----w- C:\Users\Elisha\AppData\Local\{87405D0D-90FE-41A0-B187-0234762489A8}
2012-02-01 19:16:22 -------- d-----w- C:\Users\Elisha\AppData\Local\{F13A4085-1911-47AF-9D8C-486AE98DEED1}
2012-02-01 19:16:12 -------- d-----w- C:\Users\Elisha\AppData\Local\{E655EFC5-939F-4A4C-8EB7-B3EAFE70CED4}
2012-01-31 11:15:40 -------- d-----w- C:\Users\Elisha\AppData\Local\{53DD7C59-797C-49A0-802A-E21218773022}
2012-01-29 09:11:08 -------- d-----w- C:\Users\Elisha\AppData\Local\{75B989FE-0248-49EA-89AA-E45639288B64}
2012-01-29 09:10:56 -------- d-----w- C:\Users\Elisha\AppData\Local\{D3C0B97F-D348-4736-9B3D-F845A90F0CDD}
2012-01-24 19:50:59 -------- d-----w- C:\Users\Elisha\AppData\Local\{AB54CEDD-A069-4C1C-A3E2-DB79E2964D5E}
2012-01-24 19:50:48 -------- d-----w- C:\Users\Elisha\AppData\Local\{6794C192-7B4D-4D96-A902-168F1C7DAAEE}
2012-01-19 17:23:23 -------- d-----w- C:\Users\Elisha\AppData\Local\{5DC5D794-5832-483C-874E-B3B71284CB46}
2012-01-19 17:23:13 -------- d-----w- C:\Users\Elisha\AppData\Local\{08B3D2C6-8EE7-4DD0-88A7-4C63A877125D}
2012-01-18 19:33:48 -------- d-----w- C:\Users\Elisha\AppData\Local\{DF697CE1-B948-42F9-9E4E-61E7CABE0C63}
2012-01-18 19:33:37 -------- d-----w- C:\Users\Elisha\AppData\Local\{BEE97DDC-20D1-4AB7-A780-A9A19559037D}
2012-01-17 09:30:01 -------- d-----w- C:\Users\Elisha\AppData\Local\{CBB4B321-711A-4F19-A807-90AF7D46D468}
2012-01-17 09:28:25 -------- d-----w- C:\Users\Elisha\AppData\Local\{81D5ADA8-3239-414B-8934-C92DD66DE4D0}
2012-01-16 17:28:38 -------- d-----w- C:\Users\Elisha\AppData\Local\{C95399C4-BA25-4424-9729-8F0329F6EDFF}
2012-01-16 17:28:27 -------- d-----w- C:\Users\Elisha\AppData\Local\{4D3B5FB4-2497-49C8-BBA4-B1A7A128377A}
2012-01-15 17:54:55 -------- d-----w- C:\Users\Elisha\AppData\Local\{4BA83EAB-8368-4DDD-9FE9-4D467FCC3214}
2012-01-15 17:54:44 -------- d-----w- C:\Users\Elisha\AppData\Local\{C127371D-BA4E-4BA0-830D-EAA30CDF66AE}
2012-01-13 09:23:30 -------- d-----w- C:\Users\Elisha\AppData\Local\{1D18AB4F-7BA3-4533-8127-0E73E9CF3948}
2012-01-13 09:23:19 -------- d-----w- C:\Users\Elisha\AppData\Local\{41227ED4-9ED2-4E5E-9069-E04B322286C8}
2012-01-12 19:32:26 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-01-12 19:32:26 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-01-12 19:32:26 1572864 ----a-w- C:\Windows\System32\quartz.dll
2012-01-12 19:32:26 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
2012-01-12 19:32:11 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-01-12 19:32:11 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-01-12 19:31:58 77312 ----a-w- C:\Windows\System32\packager.dll
2012-01-12 19:31:58 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-01-12 18:30:17 -------- d-----w- C:\Users\Elisha\AppData\Local\{E15B3221-2F09-401F-96F2-2CC20D31DBE6}
.
==================== Find3M ====================
.
2012-01-27 00:52:58 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-06 22:27:23 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys
2011-11-17 07:17:03 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2011-11-17 07:17:02 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-11-17 07:15:08 460296 ----a-w- C:\Windows\System32\drivers\cng.sys
2011-11-17 07:12:02 395776 ----a-w- C:\Windows\System32\webio.dll
2011-11-17 07:11:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2011-11-17 07:11:33 136192 ----a-w- C:\Windows\System32\sspicli.dll
2011-11-17 07:11:02 28160 ----a-w- C:\Windows\System32\secur32.dll
2011-11-17 07:10:58 340992 ----a-w- C:\Windows\System32\schannel.dll
2011-11-17 07:08:18 1446912 ----a-w- C:\Windows\System32\lsasrv.dll
2011-11-17 07:05:16 31232 ----a-w- C:\Windows\System32\lsass.exe
2011-11-17 05:39:28 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2011-11-17 05:39:21 224768 ----a-w- C:\Windows\SysWow64\schannel.dll
2011-11-17 05:39:21 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2011-11-17 05:35:13 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 18:27:10.38 ===============
Good. Let's continue :)
Open notepad and copy/paste the text in the quotebox below into it:
Folder::
C:\Users\Elisha\AppData\Roaming\PerformerSoft
C:\Program Files (x86)\PC Performer
C:\Program Files (x86)\InstallBrainService
File::
c:\windows\Tasks\PC Performer_DEFAULT.job
c:\windows\Tasks\PC Performer_UPDATES.job
C:\Windows\System32\roboot64.exe
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows, disable antivirus protection and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1 10.1.2 updates for it) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Uninstall your current Adobe shockwave player and get the fresh one here (http://get.adobe.com/shockwave/) if needed.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 7 Update 2 (http://www.oracle.com/technetwork/java/javase/downloads/index.html).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7u2-windows-i586.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish.
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
Due to inactivity, this thread will now be closed.
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.