PDA

View Full Version : Looks like a Google redirect virus?



douglasvjohnson
2012-07-25, 03:03
Hello and please be patient, as I am not used to this format and process.
The machine is a HP G62 laptop runniing IE 9 and Windows 7 home premium.
Searches in google, and other browsers end up opening multiple unsolicited web pages. I am getting AVG multiple trojan alerts with warnings that deleting the file might crash the system.
Pasted below are the DDS log, the aswMBR log, and an AVG threat log.
Your assistance is greatly appreciated.
Thank you

DDS:

..
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by doug at 18:54:55 on 2012-07-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1208 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxducoms.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\doug\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\splwow64.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://kidshealth.org/teen/sexual_health/girls/menstruation.html
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Google Update] "C:\Users\doug\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\doug\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Video Converter... - C:\Program Files (x86)\Media Player Utilities 5.22\AVIConverter\grab.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{63125ED7-4121-4BD2-9811-309F5E911E4E} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{63125ED7-4121-4BD2-9811-309F5E911E4E}\2375942554432323 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{63125ED7-4121-4BD2-9811-309F5E911E4E}\342465D23547166666 : DhcpNameServer = 192.168.0.20 192.168.0.41
TCP: Interfaces\{63125ED7-4121-4BD2-9811-309F5E911E4E}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C05AD519-926E-46DA-A286-D6B3A0E85834} : DhcpNameServer = 40.6.1.100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109936&tt=060612_8_&babsrc=HP_ss&mntrId=e24b91780000000000006e0f6e310db9
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B04ae27d3-b243-48bd-b214-db703be9693b%7D&mid=dd937770430147d6914ab57816bfae0c-41703a7d52e139f598cda7297c5bbf77f1c1caa4&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2011-09-27%2019%3A08%3A03&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\doug\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\doug\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\doug\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109936&tt=060612_8_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e24b91780000000000006e0f6e310db9
FF - user.js: extensions.BabylonToolbar_i.hardId - e24b91780000000000006e0f6e310db9
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15503
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.176:57:16
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-18 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 lxdu_device;lxdu_device;C:\Windows\system32\lxducoms.exe -service --> C:\Windows\system32\lxducoms.exe -service [?]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-8 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-12 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-17 250056]
S3 CASprint;Sprint Con App Svc;"C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe" /n "CASprint" --> C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-8 136176]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-24 23:04:53 -------- d-----w- C:\Users\doug\AppData\Local\{55F822EA-D35E-4E87-B15B-0193FB2A6CC0}
2012-07-24 23:04:23 -------- d-----w- C:\Users\doug\AppData\Local\{ACC1CCF6-A046-4A1B-85CF-D722D692E01D}
2012-07-23 23:00:33 -------- d-----w- C:\Users\doug\AppData\Local\{D4A858C2-51C3-4FE0-88B6-C355DB6D7E8C}
2012-07-23 23:00:08 -------- d-----w- C:\Users\doug\AppData\Local\{D4D9214B-C67A-4624-9B83-F539DDB0F396}
2012-07-23 22:59:51 -------- d-----w- C:\Users\doug\AppData\Roaming\PerformerSoft
2012-07-21 02:31:10 -------- d-----w- C:\ProgramData\IBUpdaterService
2012-07-21 02:31:01 550048 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe
2012-07-21 02:30:34 550048 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_358\uninstall.exe
2012-07-21 02:30:29 -------- d-----w- C:\Program Files (x86)\Conduit
2012-07-21 02:30:27 19000 ----a-w- C:\Windows\System32\roboot64.exe
2012-07-21 02:26:42 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2012-07-21 02:26:41 -------- d-----w- C:\ProgramData\W3i
2012-07-21 02:26:41 -------- d-----w- C:\Program Files (x86)\W3i
2012-07-21 02:26:13 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-07-15 18:20:53 -------- d-----w- C:\Users\doug\AppData\Local\Macromedia
2012-07-15 17:56:42 -------- d-----w- C:\Users\doug\AppData\Local\{5B699BC4-7578-4233-85FD-1EF2C2AF6E69}
2012-07-15 17:56:26 -------- d-----w- C:\Users\doug\AppData\Local\{BFD953BA-4EE5-45CD-8006-5712BD3D1507}
2012-07-14 17:29:49 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-14 15:11:26 -------- d-----w- C:\Users\doug\AppData\Local\{06CEC55E-9177-437B-8FBB-E51C0DEADD93}
2012-07-13 21:27:24 -------- d-----w- C:\Users\doug\AppData\Local\{E97DF82E-E9FF-4C74-9C1D-DD1C3C665AAB}
2012-07-13 01:56:59 -------- d-----w- C:\Users\doug\AppData\Local\{E5E13261-2BE0-44A5-A47D-61ABA06EA83F}
2012-07-13 01:56:46 -------- d-----w- C:\Users\doug\AppData\Local\{D5782E74-ABEB-41C5-BDF9-040D2CB898B3}
2012-07-12 10:59:21 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 10:48:35 -------- d-----w- C:\Users\doug\AppData\Local\{CC8A390E-10EE-4BC4-854A-C685EE40DC99}
2012-07-11 21:57:07 -------- d-----w- C:\Users\doug\AppData\Local\{5B000D8A-BE94-42C2-99FD-2486B2573DA2}
2012-07-11 01:01:42 -------- d-----w- C:\Users\doug\AppData\Local\{F9778629-1A0E-448B-BC25-967C86DC4781}
2012-07-11 01:01:31 -------- d-----w- C:\Users\doug\AppData\Local\{279B1882-91A9-4F9D-895B-317A90EB5998}
2012-07-10 12:07:14 -------- d-----w- C:\Users\doug\AppData\Local\{458D767A-FAE3-4FB7-8B1D-0B54D788DA89}
2012-07-09 19:17:58 -------- d-----w- C:\Users\doug\AppData\Local\{546AEAB3-A202-404B-980F-87E39C2FE882}
2012-07-09 01:28:27 -------- d-----w- C:\Users\doug\AppData\Local\{1FBB05D5-05D7-42C0-B7CB-F44E973D0D35}
2012-07-08 13:27:39 -------- d-----w- C:\Users\doug\AppData\Local\{8C411B5B-31B0-488D-8922-E0261DE37AD7}
2012-07-08 00:42:25 -------- d-----w- C:\Users\doug\AppData\Local\{8ED515BE-FF8F-4E70-85E0-B186A11FB9B9}
2012-07-07 01:25:32 -------- d-----w- C:\Users\doug\AppData\Local\{378BB4DB-89F3-4646-916E-E674AEC5B127}
2012-07-06 11:38:46 -------- d-----w- C:\Users\doug\AppData\Local\{0223F3E8-CD14-4637-A9B9-2989652BF20B}
2012-07-05 19:52:37 -------- d-----w- C:\Users\doug\AppData\Local\{6F16E5E3-89DB-4B4E-8FC5-7D0F0BA25CAE}
2012-07-05 00:43:15 -------- d-----w- C:\Users\doug\AppData\Local\{0F7774C4-816B-4D2B-9273-FBB6BDA8BD80}
2012-07-05 00:43:04 -------- d-----w- C:\Users\doug\AppData\Local\{882C83F4-A053-4C2A-B2C2-49EAB22ADDF8}
2012-07-04 18:01:52 -------- d-----w- C:\Users\doug\AppData\Local\{16181CC8-B138-4FFC-9C34-F52C8AF08243}
2012-07-03 17:01:55 -------- d-----w- C:\Users\doug\AppData\Local\{F955B9EA-5422-41EB-8606-A991F2A98EE4}
2012-07-03 03:14:56 -------- d-----w- C:\Users\doug\AppData\Local\{56A7419B-45FD-43B5-BFDB-F96F01886E43}
2012-07-01 21:51:30 -------- d-----w- C:\Users\doug\AppData\Local\{A11D69F4-F8A7-4344-A664-920E8A809497}
2012-06-30 14:08:43 -------- d-----w- C:\Users\doug\AppData\Local\{CF5AAC20-81D4-4028-9878-3DF108C7F42B}
2012-06-29 21:34:09 -------- d-----w- C:\Users\doug\AppData\Local\{A61BA08F-415D-4372-A46C-3B016C0B21AE}
2012-06-29 00:21:59 -------- d-----w- C:\Users\doug\AppData\Local\{571471A4-40AA-423A-9AA4-BB51F2EE5B2D}
2012-06-28 10:35:09 -------- d-----w- C:\Users\doug\AppData\Local\{C5CED7BA-64F4-4171-8A1F-60BD0001AD91}
2012-06-28 10:34:58 -------- d-----w- C:\Users\doug\AppData\Local\{A0A623C1-56F8-456F-916E-B4A3FA947C3B}
2012-06-27 22:34:27 -------- d-----w- C:\Users\doug\AppData\Local\{DBF84FF5-E4AB-46E8-BCF4-DC04893706D6}
2012-06-27 22:34:17 -------- d-----w- C:\Users\doug\AppData\Local\{0CFF0F1B-40EC-451D-A64F-C6D8A747ABE8}
.
==================== Find3M ====================
.
2012-07-12 00:58:27 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 00:58:27 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
.
============= FINISH: 18:56:39.27 ===============

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-24 18:12:31
-----------------------------
18:12:31.122 OS Version: Windows x64 6.1.7601 Service Pack 1
18:12:31.122 Number of processors: 2 586 0x603
18:12:31.123 ComputerName: DOUG-HP UserName: doug
18:12:37.902 Initialize success
18:13:30.384 AVAST engine defs: 12072401
18:13:45.204 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
18:13:45.219 Disk 0 Vendor: ST932032 0005 Size: 305245MB BusType: 11
18:13:45.235 Disk 0 MBR read successfully
18:13:45.251 Disk 0 MBR scan
18:13:45.251 Disk 0 unknown MBR code
18:13:45.266 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:13:45.297 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287180 MB offset 409600
18:13:45.329 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17761 MB offset 588554240
18:13:45.360 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
18:13:45.422 Disk 0 scanning C:\Windows\system32\drivers
18:14:03.440 Service scanning
18:14:42.690 Modules scanning
18:14:42.714 Disk 0 trace - called modules:
18:14:42.758 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
18:14:42.770 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031de060]
18:14:42.780 3 CLASSPNP.SYS[fffff8800196b43f] -> nt!IofCallDriver -> [0xfffffa8003184040]
18:14:42.791 5 amdxata.sys[fffff880011227a8] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa800317e060]
18:14:45.770 AVAST engine scan C:\Windows
18:14:49.435 AVAST engine scan C:\Windows\system32
18:19:17.563 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:19:25.948 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:22:35.555 AVAST engine scan C:\Windows\system32\drivers
18:23:02.971 AVAST engine scan C:\Users\doug
18:24:04.521 Disk 0 MBR has been saved successfully to "C:\Users\doug\Desktop\MBR.dat"
18:24:04.537 The log file has been saved successfully to "C:\Users\doug\Desktop\aswMBR.txt"

END OF FILE

=================

AVG Threat log
Resident Shield detection
Infection;"Object";"Result";"Detection time";"Object Type";"Process"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/24/2012, 6:33:14 PM";"file";"C:\Windows\System32\svchost.exe"
Trojan horse Generic28.ANIC;"c:\Windows\assembly\GAC_64\Desktop.ini";"Infected";"7/24/2012, 6:19:25 PM";"file";"C:\Users\doug\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XSI4IK5\aswMBR.exe"
Trojan horse BackDoor.Generic15.AXLA;"c:\Windows\assembly\GAC_32\Desktop.ini";"Infected";"7/24/2012, 6:19:17 PM";"file";"C:\Users\doug\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XSI4IK5\aswMBR.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/24/2012, 6:17:30 PM";"file";"C:\Users\doug\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2XSI4IK5\aswMBR.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/24/2012, 6:03:06 PM";"file";"C:\Windows\System32\wininit.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/23/2012, 7:09:03 PM";"file";"C:\Windows\System32\svchost.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/23/2012, 6:55:44 PM";"file";"C:\Windows\System32\svchost.exe"
Trojan horse FakeAV_s.EP;"c:\Users\doug\AppData\Local\Temp\124kkk290347.exe";"Moved to Virus Vault";"7/23/2012, 6:42:55 PM";"file";"C:\Program Files (x86)\Java\jre6\bin\java.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/23/2012, 6:38:51 PM";"file";"C:\Windows\System32\wininit.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/23/2012, 6:27:56 PM";"file";"C:\Windows\System32\svchost.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/23/2012, 5:58:20 PM";"file";"C:\Windows\System32\wininit.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/20/2012, 9:36:43 PM";"file";"C:\Windows\System32\svchost.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/20/2012, 9:04:21 PM";"file";"C:\Windows\System32\wininit.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/19/2012, 10:26:38 PM";"file";"C:\Windows\System32\svchost.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/19/2012, 10:17:37 PM";"file";"C:\Windows\System32\taskmgr.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/17/2012, 10:33:31 PM";"file";"C:\Windows\System32\svchost.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/16/2012, 9:53:31 PM";"file";"C:\Windows\System32\svchost.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/16/2012, 9:09:37 PM";"file";"C:\Windows\System32\svchost.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/16/2012, 6:52:24 AM";"file";"C:\Windows\System32\svchost.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/15/2012, 11:05:13 PM";"file";"C:\Windows\System32\svchost.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/15/2012, 10:24:39 PM";"file";"C:\Windows\System32\svchost.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/15/2012, 6:54:05 PM";"file";"C:\Windows\System32\svchost.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/15/2012, 1:24:04 PM";"file";"C:\Windows\System32\svchost.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/14/2012, 4:03:40 PM";"file";"C:\Windows\System32\svchost.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/14/2012, 3:31:21 PM";"file";"C:\Windows\System32\svchost.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/14/2012, 3:08:50 PM";"file";"C:\Windows\System32\taskmgr.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/14/2012, 3:00:01 PM";"file";"C:\Windows\System32\wininit.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/14/2012, 1:41:27 PM";"file";"C:\Windows\System32\svchost.exe"
Trojan horse Dropper.Generic_c.MMI;"c:\Windows\System32\services.exe";"Object is white-listed (critical/system file that should not be removed)";"7/14/2012, 12:34:03 PM";"file";"C:\Windows\System32\svchost.exe"
The file is signed by an untrusted certificate, issued by: Generic.B89.;"c:\Users\doug\AppData\Local\Temp\STWSetup-IE.exe";"Potentially dangerous object";"11/16/2011, 11:01:40 PM";"file";"C:\Users\doug\Downloads\ooVooSetup.exe"
Virus identified Worm/AutoRun.BR;"f:\autorun.inf";"Infected";"6/29/2011, 10:16:59 PM";"file";"C:\Windows\System32\svchost.exe"
Virus identified Worm/AutoRun.BR;"f:\autorun.inf";"Infected";"6/29/2011, 9:53:20 PM";"file";"C:\Windows\System32\svchost.exe"
Adware Generic4.BHOW;"c:\Users\doug\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2HX28HTN\SetupPlaySushi[2].exe";"Potentially dangerous object";"4/11/2011, 10:01:20 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"

JonTom
2012-07-26, 02:45
Hello douglasvjohnson and :welcome:

My name is JonTom

Malware Logs can sometimes take a lot of time to research and interpret.

Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.

Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.

Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.

PLEASE NOTE: If you do not reply after 3 days your thread will be closed.



please be patient, as I am not used to this format and process No problem at all. We will take things step by step and if you have any questions, just ask (its what I am here for).


I am getting AVG multiple trojan alerts with warnings that deleting the file might crash the system One of your critical system files has been infected. DO NOT allow AVG to remove the file or your machine may well become unbootable (we will take care of the file in due course).

The infection on your machine has password stealing capabilities. If you use this machine for financial transactions, please go to an uninfected machine and change all of your passwords as soon as you can. It would also be wise to backup all of your important data before we begin any fixing.


When you ran DDS two logs would have been created. You have posted the dds.txt log, but I also need to see the attach.txt log.

Please post the attach.txt log in your next reply. If you have not saved it, just re-scan with DDS again to create a new one. There is no need to attach the log, just copy and paste it directly into your reply :)

douglasvjohnson
2012-07-26, 03:12
Thank You JonTom. I will advise the owner to reset any passwords she had used here.

I have attached what I believe is the correct file requested.

Thank you again.

JonTom
2012-07-26, 14:49
Hello douglasvjohnson

Thank you for the log.

There is no need to attach any logs, just copy and paste them directly into your replies :)

Lets proceed as follows:

Please disable Spybot Teatimer


Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
On the left hand side, click "Tools", then click on the "Resident" icon in the list.
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active" box.
Click the "System Startup" icon in the List.
Uncheck the "TeaTimer" box and "OK" any prompts.
If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
Exit Spybot S&D when done.



Combofix


Download ComboFix from one of the following locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216).
Right click on ComboFix.exe and select "Run as Administrator" to run the program. Follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Should there be issues with internet afterward:

In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.



Please post the Combofix log in your next reply.

If you encounter any problems with the scan just let me know.

douglasvjohnson
2012-07-28, 20:14
Hello, I opened spybot, Clicked / checked RESIDENT, opened SYTEM STARTUP from left column menu, but I cannot find a teatimer line....
Should I proceed with the next step?. Thank You

JonTom
2012-07-28, 20:58
Hello douglasvjohnson

Try opening Spybot as an Administrator (Right click on the Spybot icon and select "Run as Administrator"). If there is still no reference to Teatimer after trying this, go ahead and run Combofix :)

douglasvjohnson
2012-07-28, 23:51
Hello. This is the result of the combofix scan.
Again, Thank You!



ComboFix 12-07-27.03 - doug 07/28/2012 12:26:59.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1549 [GMT -5:00]
Running from: c:\users\doug\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL478D.tmp
c:\programdata\SPL718C.tmp
c:\programdata\SPLF3A1.tmp
c:\users\1\Documents\~WRL1610.tmp
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\chrome.manifest
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\chrome\content\background.html
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\chrome\content\browser.xul
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossrider.js
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossriderapi.js
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\chrome\content\dialog.js
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\faye-browser-min.js
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps-style.css
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps.html
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\chrome\content\messaging.js
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.js
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.xul
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\chrome\content\push.html
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\chrome\content\search_dialog.xul
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\chrome\content\update.html
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\defaults\preferences\prefs.js
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\install.rdf
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\locale\en-US\translations.dtd
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\skin\button1.png
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\skin\button2.png
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\skin\button3.png
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\skin\button4.png
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\skin\button5.png
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\skin\crossrider_statusbar.png
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\skin\icon128.png
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\skin\icon16.png
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\skin\icon24.png
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\skin\icon48.png
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\skin\panelarrow-up.png
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\skin\popup.css
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\skin\popup.html
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\skin\popup_binding.xml
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\skin\skin.css
c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\extensions\crossriderapp2258@crossrider.com\skin\update.css
c:\windows\Installer\{cd7802cc-a39a-b44f-b31f-f3425259e786}\@
c:\windows\Installer\{cd7802cc-a39a-b44f-b31f-f3425259e786}\L\00000004.@
c:\windows\Installer\{cd7802cc-a39a-b44f-b31f-f3425259e786}\L\1afb2d56
c:\windows\Installer\{cd7802cc-a39a-b44f-b31f-f3425259e786}\L\201d3dde
c:\windows\Installer\{cd7802cc-a39a-b44f-b31f-f3425259e786}\U\00000004.@
c:\windows\Installer\{cd7802cc-a39a-b44f-b31f-f3425259e786}\U\00000008.@
c:\windows\Installer\{cd7802cc-a39a-b44f-b31f-f3425259e786}\U\000000cb.@
c:\windows\Installer\{cd7802cc-a39a-b44f-b31f-f3425259e786}\U\80000000.@
c:\windows\Installer\{cd7802cc-a39a-b44f-b31f-f3425259e786}\U\80000032.@
c:\windows\Installer\{cd7802cc-a39a-b44f-b31f-f3425259e786}\U\80000064.@
.
c:\windows\system32\services.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 20:24 . 2012-07-28 20:24 -------- d-----w- c:\users\Elizabeth\AppData\Local\temp
2012-07-28 20:24 . 2012-07-28 20:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-28 20:24 . 2012-07-28 20:24 -------- d-----w- c:\users\Doug_2\AppData\Local\temp
2012-07-28 20:24 . 2012-07-28 20:24 -------- d-----w- c:\users\1\AppData\Local\temp
2012-07-23 23:45 . 2012-07-23 23:45 -------- d-----w- c:\program files (x86)\ERUNT
2012-07-23 23:42 . 2012-07-23 23:42 -------- d-----w- c:\windows\Sun
2012-07-23 23:03 . 2012-07-23 23:03 -------- d-----w- c:\users\doug\AppData\Roaming\Yahoo!
2012-07-23 22:59 . 2012-07-23 23:14 -------- d-----w- c:\users\doug\AppData\Roaming\PerformerSoft
2012-07-21 02:31 . 2012-07-21 02:31 -------- d-----w- c:\programdata\IBUpdaterService
2012-07-21 02:31 . 2012-07-21 02:29 550048 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe
2012-07-21 02:30 . 2012-07-21 02:29 550048 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_358\uninstall.exe
2012-07-21 02:30 . 2012-07-23 23:14 -------- d-----w- c:\users\Doug_2\AppData\Roaming\PerformerSoft
2012-07-21 02:30 . 2012-07-21 02:30 -------- d-----w- c:\program files (x86)\Conduit
2012-07-21 02:30 . 2012-03-14 20:47 19000 ----a-w- c:\windows\system32\roboot64.exe
2012-07-21 02:30 . 2012-07-23 23:12 -------- d-----w- c:\users\Doug_2\AppData\Local\Conduit
2012-07-21 02:27 . 2012-07-21 02:27 -------- d-----w- c:\users\Doug_2\AppData\Local\visi_coupon
2012-07-21 02:26 . 2012-07-21 02:26 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-07-21 02:26 . 2012-07-21 02:26 -------- d-----w- c:\programdata\W3i
2012-07-21 02:26 . 2012-07-21 02:26 -------- d-----w- c:\program files (x86)\W3i
2012-07-21 02:26 . 2012-07-21 02:26 -------- d-----w- c:\programdata\Yahoo!
2012-07-21 02:26 . 2012-07-21 02:26 -------- d-----w- c:\users\Doug_2\AppData\Roaming\Yahoo!
2012-07-21 02:26 . 2012-07-23 23:03 -------- d-----w- c:\programdata\Yahoo! Companion
2012-07-21 02:26 . 2012-07-21 02:26 -------- d-----w- c:\program files (x86)\Yahoo!
2012-07-21 02:07 . 2012-07-21 02:07 -------- d-----w- c:\users\Doug_2\AppData\Local\AVG Secure Search
2012-07-15 18:20 . 2012-07-15 18:20 -------- d-----w- c:\users\doug\AppData\Local\Macromedia
2012-07-14 17:29 . 2012-07-14 17:29 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-12 10:59 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 17:09 . 2012-04-17 23:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-28 17:09 . 2011-06-16 18:47 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 10:53 . 2011-08-14 16:23 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-02 23:43 . 2011-10-09 04:11 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-02 23:43 . 2012-01-21 19:00 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-07-02 23:43 . 2012-01-20 18:52 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-02 23:43 . 2011-12-10 17:13 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-02 22:19 . 2012-06-22 01:00 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 01:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 01:00 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 01:00 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 01:00 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 01:00 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 01:00 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-22 00:59 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-22 00:59 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-23 01:35 . 2011-10-09 04:11 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-23 01:35 . 2011-10-09 04:10 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-04 11:06 . 2012-06-14 03:59 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 03:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 03:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 03:59 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 014A9CB92514E27C0107614DF764BC06 . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 19:17 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 00:17 1487240 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-17 98304]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-23 928096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\users\doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-08 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 250056]
R3 CASprint;Sprint Con App Svc;c:\program files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-08 136176]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-15 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-09-13 37456]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-10-07 283728]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-08-08 46672]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-07-11 375376]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-17 202752]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-06-17 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-06-17 188928]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 120400]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 29776]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 17:09]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-08 14:31]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-08 14:31]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-828031243-2963740445-2646681652-1001Core.job
- c:\users\doug\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-17 23:54]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-828031243-2963740445-2646681652-1001UA.job
- c:\users\doug\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-17 23:54]
.
2012-07-28 c:\windows\Tasks\HPCeeScheduleFordoug.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
2012-07-14 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2011-03-12 21:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-03-21 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2010-02-04 676520]
"lxduamon"="c:\program files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [2010-02-04 16040]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://kidshealth.org/teen/sexual_health/girls/menstruation.html
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Video Converter... - c:\program files (x86)\Media Player Utilities 5.22\AVIConverter\grab.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109936&tt=060612_8_&babsrc=HP_ss&mntrId=e24b91780000000000006e0f6e310db9
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B04ae27d3-b243-48bd-b214-db703be9693b%7D&mid=dd937770430147d6914ab57816bfae0c-41703a7d52e139f598cda7297c5bbf77f1c1caa4&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2011-09-27%2019%3A08%3A03&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109936&tt=060612_8_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e24b91780000000000006e0f6e310db9
FF - user.js: extensions.BabylonToolbar_i.hardId - e24b91780000000000006e0f6e310db9
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15503
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.176:57
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"=hex:51,66,7a,6c,4c,1d,38,12,dc,dd,18,
cc,07,c9,a8,01,c2,43,e2,8c,d0,0b,22,6e
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{21608B66-026F-4DCB-9244-0DACA328DCED}"=hex:51,66,7a,6c,4c,1d,38,12,08,88,73,
25,5d,4c,a5,08,ed,52,4e,ec,a6,76,98,f9
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}"=hex:51,66,7a,6c,4c,1d,38,12,a5,b6,f7,
bb,c5,2d,3f,0f,ed,70,22,27,60,03,1f,5b
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}"=hex:51,66,7a,6c,4c,1d,38,12,7e,e6,d6,
d6,5f,f0,a2,07,e0,77,a7,b9,3c,59,c0,60
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
c:\program files (x86)\AVG\AVG2012\avgui.exe
.
**************************************************************************
.
Completion time: 2012-07-28 15:44:20 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-28 20:44
.
Pre-Run: 206,816,018,432 bytes free
Post-Run: 208,280,887,296 bytes free
.
- - End Of File - - C5387BC0B93C71FE3814881FB16CDF1D

JonTom
2012-07-29, 02:56
Hello douglasvjohnson

Thank you for the log.

Before we continue, we need to find a suitable replacement for the infected services.exe file on the machine.

Please work your way through the following steps:


Please download SystemLook by JPShortstuff


Please download SystemLook by JPShortstuff by clicking here (http://jpshortstuff.247fixes.com/SystemLook_x64.exe) and save the file (called SystemLook_x64.exe) to your desktop.
Right click on SystemLook.exe and select "Run as Administrator" to run the program.
Copy the content of the following codebox into the main textfield:


:filefind
services.ex*



Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


Please post the systemlook log in your next reply.

douglasvjohnson
2012-07-30, 05:49
SystemLook 30.07.11 by jpshortstuff
Log created at 21:46 on 29/07/2012 by doug
Administrator - Elevation successful

========== filefind ==========

Searching for "services.ex*"
C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 014A9CB92514E27C0107614DF764BC06
C:\Windows\System32\en-US\services.exe.mui --a---- 17408 bytes [05:35 14/07/2009] [02:25 14/07/2009] 6507BF0DC2D1F5F32493C288EAA59277
C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui --a---- 17408 bytes [05:35 14/07/2009] [02:25 14/07/2009] 6507BF0DC2D1F5F32493C288EAA59277
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

-= EOF =-

JonTom
2012-07-31, 00:57
Hello douglasvjohnson

Excellent. That log gives us the information we need. Lets ensure the replacement is clean before proceeding, and I would also like to take a closer look at a couple of files before we move on.

Please scan the following files


Please go to VirusTotal (http://www.virustotal.com/)


On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the File Upload window which opens, copy and paste this into the File Name box.



C:\Windows\System32\services.exe


Next, click the Open button.
Then click the "Send File" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now.
Once scanned, copy and paste the link to the results page in your next reply.
Repeat for the following files:




C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe


c:\program files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe


Please post the links to the Virus Total result pages in your next reply.

douglasvjohnson
2012-07-31, 04:31
This is exceptionally frustrating. I opened the VirusTotal site, clicked the choose file option, pasted the location, and was told this file could not be found. I searched for the file in the proper location and it was not shown. There is a services.msc file, but no .exe. When I search for the file using windows explorer, I see the services.exe file. Any ideas? Thanks as always

JonTom
2012-07-31, 15:04
Hello douglasvjohnson


I opened the VirusTotal site, clicked the choose file option, pasted the location, and was told this file could not be found. Thats most likely because of its location. Its nothing to worry about (I'm confident the replacement can be used).

Have you tried to scan the following file?

c:\program files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe


Please let me know how it goes in your next reply :)

douglasvjohnson
2012-08-01, 03:09
Hello again.
I really repect you for your dedication and ability to persevere.
Here is the result of file C:\Program Files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe



https://www.virustotal.com/file/c0cf83efd9787ce67ef56d46479e4595e8b0cf85153ab8f591145f6f3a321de6/analysis/1343778524/


Be aware that when I tried to scan this file VirusTotal gave me a message that the file had already been scanned. I selected rescan which generated this result.
===================
Here is the result of the other requested scan from VirusTotal for file named C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe


https://www.virustotal.com/file/63541e3432fce953f266ae553e7a394978d6ee3db52388d885f668cf42c5e7e2/analysis/1343779429/

This scan also indicated the file had been previously scanned, and this is the rescan result.

I sure hope one of these can help you in your quest!!

Thanks again for your attention to this matter

JonTom
2012-08-01, 11:31
Hello douglasvjohnson

Thank you for the scan data.


Be aware that when I tried to scan this file VirusTotal gave me a message that the file had already been scanned Thats nothing to worry about. Selecting rescan was the right things to do.


Please make sure that Combofix is placed directly on your desktop (it is presently located in your downloads folder: c:\users\doug\Downloads\ComboFix.exe).

We need to use Combofix again but this time, we will be running it in a slightly different way.


Please work through the following steps


Hold down the Windows key (has the Windows symbol on it) and press the "R" key. A Run box will open. Type in Notepad and press Enter or click on "OK").

NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.

Copy and Paste the text in the quotebox below into the open Notepad window:



FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe | C:\Windows\System32\services.exe

Reglock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

Firefox::
FF - ProfilePath - c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109936&tt=060612_8_&babsrc=HP_ss&mntrId=e24b91780000000000006e0f6e310db9
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109936&tt=060612_8_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e24b91780000000000006e0f6e310db9
FF - user.js: extensions.BabylonToolbar_i.hardId - e24b91780000000000006e0f6e310db9
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15503
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.176:57
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

File::
c:\program files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe
c:\program files (x86)\Uninstall Information\ib_uninst_358\uninstall.exe




Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.

Close any open browsers.

Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Refering to the picture below, drag CFScript.txt into ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif



When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Once the log is produced, re-engage your resident anti virus.

douglasvjohnson
2012-08-02, 04:51
Hello and thank you again for your attention and patience in this matter.
The log for this combofix session is attached.
Further information is that the owner of this infected laptop has just advised me that she has a set of back up cds that were created when the pc was given to her, could these be of use in this instance?
Sorry for this late news, I was just made aware of this myself....
As always, super many thanks

JonTom
2012-08-02, 14:42
Hello douglasvjohnson

Thank you for the log.


Further information is that the owner of this infected laptop has just advised me that she has a set of back up cds that were created when the pc was given to her, could these be of use in this instance?
Sorry for this late news, I was just made aware of this myself.... No problem. Those disks are always good to have in case a factory reset is required, but right now I don't think we will need them.

Is the machine still redirecting?


Please perform the following scan:


Please download MalwareBytes AntiMalware by clicking here (http://www.besttechie.net/tools/mbam-setup.exe) and save the file (called mbam-setup.exe) to your desktop.

Right click on the mbam-setup.exe icon and select "Run as Administrator" to install the program.
Follow the prompts during installation and have the Installation Wizzard create a desktop icon.
Once installed, double click on the MalwareBytes AntiMalware icon to launch the program.
Click on the "Update" tab and then on "Check for Updates".
The program will now install the latest Malware definition files.
Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
Once the program has scanned your computer, a log file will be created in Notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.


If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
Come back here to this thread and Paste the log in your next reply.



Temporary File Cleaner


Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop.
Close any open windows.
Right click the TFC icon and select "Run as Administrator" to run the program.
TFC will close all open programs itself in order to run.
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish.
Once complete it should automatically reboot your machine.
If your machine does not reboot automatically, manually reboot to ensure a complete clean.
Note: After running TFC your machine may take slightly longer to boot the first time. This is normal.



Please run the following scan


Note: You will need to use Internet Explorer for this scan.
Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
Please disable your real time security programs before performing the scan.



Scan your system with Eset Online Scanner (http://www.eset.com/onlinescan/)
Place a check mark in the box YES, I accept the Terms Of Use.
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.



Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option to "Remove Found Threats" is UN checked.
Push the "Start" button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png


Please post the MBAM log and the ESET log in your next reply and let me know how the machine is running now.

douglasvjohnson
2012-08-03, 05:23
Hello Again. I tried but may have screwed up the last step.
The 1st 2 steps went fine.
The ESET scan not so much.
I opened the site, and only options I saw were to run it online. Which I did. But I neglected to check the archive box, and never did see an option to not fix. SO... the scan ran, did not scan archives, and it deleted the 8 items it found. You asked how the machine is running. Know that I am very reluctant to do ANYTHING on this set for fear of compounding the problem.
So here is what I have:
MWB log
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.02.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Doug_2 :: DOUG-HP [administrator]

Protection: Enabled

8/2/2012 6:53:19 PM
mbam-log-2012-08-02 (18-53-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 272236
Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Doug_2\Desktop\soft_pcp_conduit.exe (PUP.BundleInstaller.IB) -> Quarantined and deleted successfully.
C:\Users\doug\Downloads\Unconfirmed 79974.crdownload (Adware.Gamevance) -> Quarantined and deleted successfully.

(end)

Here is the result of the REMOVED files from ESET:
C:\Qoobox\Quarantine\C\Windows\Installer\{cd7802cc-a39a-b44f-b31f-f3425259e786}\U\00000008.@.vir Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{cd7802cc-a39a-b44f-b31f-f3425259e786}\U\000000cb.@.vir Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{cd7802cc-a39a-b44f-b31f-f3425259e786}\U\80000000.@.vir Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\Installer\{cd7802cc-a39a-b44f-b31f-f3425259e786}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan deleted - quarantined
C:\Users\doug\Downloads\mahjongg (1).exe a variant of Win32/InstallCore.W application cleaned by deleting - quarantined
C:\Users\doug\Downloads\mahjongg.exe a variant of Win32/InstallCore.W application cleaned by deleting - quarantined
C:\Users\Doug_2\AppData\LocalLow\FCTB000060231\Toolbar\Toolbar.dll Win32/Toolbar.BHO.B application cleaned by deleting - quarantined
=======================
Thank You for all, always!

JonTom
2012-08-03, 23:56
Hello douglasvjohnson

Thank you for the logs.


I tried but may have screwed up the last step It looks fine to me.

Lets take care of the following leftovers:


Please work through the following steps


Hold down the Windows key (has the Windows symbol on it) and press the "R" key. A Run box will open. Type in Notepad and press Enter then click on "OK").

NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.

Copy and Paste the text in the quotebox below into the open Notepad window:



File::
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini




Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.

Close any open browsers.

Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Refering to the picture below, drag CFScript.txt into ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif



When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Once the log is produced, re-engage your resident anti virus.


Please post the Combofix log along with a new aswMBR log in your next reply.


You asked how the machine is running. Know that I am very reluctant to do ANYTHING on this set for fear of compounding the problem Once you have ran the Combofix script and a log has been saved, post it up for me to review. After you have posted it, please run the machine normally and see if it is still redirecting, then post back here to tell me how it is running. You will not make the problem worse. There's only one way to find out if the fix has worked and thats to see how things are running :)

douglasvjohnson
2012-08-05, 01:31
Hello Again.
Once again, I have to thank you for your attention and patience.
I will hook it up and see how she works.

Here is the Combofix log as requested:
ComboFix 12-08-05.01 - Doug_2 08/04/2012 16:59:29.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1336 [GMT -5:00]
Running from: c:\users\Doug_2\Desktop\ComboFix.exe
Command switches used :: c:\users\Doug_2\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\assembly\GAC_32\Desktop.ini"
"c:\windows\assembly\GAC_64\Desktop.ini"
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 22:17 . 2012-08-04 22:17 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-08-04 22:17 . 2012-08-04 22:17 -------- d-----w- c:\users\Elizabeth\AppData\Local\temp
2012-08-04 22:17 . 2012-08-04 22:17 -------- d-----w- c:\users\doug\AppData\Local\temp
2012-08-04 22:17 . 2012-08-04 22:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 22:17 . 2012-08-04 22:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-04 22:17 . 2012-08-04 22:17 -------- d-----w- c:\users\1\AppData\Local\temp
2012-08-03 00:29 . 2012-08-03 00:29 -------- d-----w- c:\program files (x86)\ESET
2012-08-02 23:51 . 2012-08-02 23:51 -------- d-----w- c:\users\Doug_2\AppData\Roaming\Malwarebytes
2012-08-02 23:51 . 2012-08-02 23:51 -------- d-----w- c:\programdata\Malwarebytes
2012-08-02 23:51 . 2012-08-02 23:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-02 23:51 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-28 20:44 . 2012-08-04 22:18 -------- d-----w- c:\users\Doug_2\AppData\Local\temp
2012-07-23 23:45 . 2012-07-23 23:45 -------- d-----w- c:\program files (x86)\ERUNT
2012-07-23 23:42 . 2012-07-23 23:42 -------- d-----w- c:\windows\Sun
2012-07-23 23:03 . 2012-07-23 23:03 -------- d-----w- c:\users\doug\AppData\Roaming\Yahoo!
2012-07-23 22:59 . 2012-07-23 23:14 -------- d-----w- c:\users\doug\AppData\Roaming\PerformerSoft
2012-07-21 02:31 . 2012-07-21 02:31 -------- d-----w- c:\programdata\IBUpdaterService
2012-07-21 02:31 . 2012-07-21 02:29 550048 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe
2012-07-21 02:30 . 2012-07-21 02:29 550048 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_358\uninstall.exe
2012-07-21 02:30 . 2012-07-23 23:14 -------- d-----w- c:\users\Doug_2\AppData\Roaming\PerformerSoft
2012-07-21 02:30 . 2012-07-21 02:30 -------- d-----w- c:\program files (x86)\Conduit
2012-07-21 02:30 . 2012-03-14 20:47 19000 ----a-w- c:\windows\system32\roboot64.exe
2012-07-21 02:30 . 2012-07-23 23:12 -------- d-----w- c:\users\Doug_2\AppData\Local\Conduit
2012-07-21 02:27 . 2012-07-21 02:27 -------- d-----w- c:\users\Doug_2\AppData\Local\visi_coupon
2012-07-21 02:26 . 2012-07-21 02:26 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-07-21 02:26 . 2012-07-21 02:26 -------- d-----w- c:\programdata\W3i
2012-07-21 02:26 . 2012-07-21 02:26 -------- d-----w- c:\program files (x86)\W3i
2012-07-21 02:26 . 2012-07-21 02:26 -------- d-----w- c:\programdata\Yahoo!
2012-07-21 02:26 . 2012-07-21 02:26 -------- d-----w- c:\users\Doug_2\AppData\Roaming\Yahoo!
2012-07-21 02:26 . 2012-07-23 23:03 -------- d-----w- c:\programdata\Yahoo! Companion
2012-07-21 02:26 . 2012-07-21 02:26 -------- d-----w- c:\program files (x86)\Yahoo!
2012-07-21 02:07 . 2012-07-21 02:07 -------- d-----w- c:\users\Doug_2\AppData\Local\AVG Secure Search
2012-07-15 18:20 . 2012-07-15 18:20 -------- d-----w- c:\users\doug\AppData\Local\Macromedia
2012-07-14 17:29 . 2012-07-14 17:29 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-12 10:59 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 02:09 . 2012-04-17 23:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 02:09 . 2011-06-16 18:47 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 10:53 . 2011-08-14 16:23 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-02 23:43 . 2011-10-09 04:11 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-02 23:43 . 2012-01-21 19:00 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-07-02 23:43 . 2012-01-20 18:52 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-02 23:43 . 2011-12-10 17:13 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-02 22:19 . 2012-06-22 01:00 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 01:00 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 01:00 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 01:00 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 01:00 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 01:00 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 01:00 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-22 00:59 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-22 00:59 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-23 01:35 . 2011-10-09 04:11 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-23 01:35 . 2011-10-09 04:10 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-28_20.33.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-03 00:20 . 2012-08-04 21:48 32768 c:\windows\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-08-03 00:20 . 2012-08-04 21:48 16384 c:\windows\Temp\History\History.IE5\index.dat
+ 2012-08-03 00:20 . 2012-08-04 21:48 16384 c:\windows\Temp\Cookies\index.dat
+ 2010-07-11 03:12 . 2012-08-04 21:50 59566 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-04 21:49 50430 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-13 02:22 . 2012-07-31 23:43 18104 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-828031243-2963740445-2646681652-1001_UserData.bin
+ 2011-06-13 13:38 . 2012-08-04 21:49 7022 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-828031243-2963740445-2646681652-1004_UserData.bin
- 2012-07-28 20:26 . 2012-07-28 20:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-04 21:47 . 2012-08-04 21:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-04 21:47 . 2012-08-04 21:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-28 20:26 . 2012-07-28 20:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-03 02:09 . 2012-08-03 02:09 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_Plugin.exe
+ 2012-08-03 01:09 . 2012-08-03 01:09 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe
+ 2012-08-03 01:09 . 2012-08-03 01:09 466632 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.dll
+ 2012-04-17 23:35 . 2012-08-03 02:09 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2012-04-17 23:35 . 2012-07-28 17:09 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-03-13 15:05 . 2012-08-04 22:15 354986 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-08-04 22:17 663816 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-04 22:17 122838 c:\windows\system32\perfc009.dat
+ 2012-08-03 02:09 . 2012-08-03 02:09 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_Plugin.exe
+ 2012-08-03 01:09 . 2012-08-03 01:09 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_ActiveX.exe
+ 2012-08-03 01:09 . 2012-08-03 01:09 513224 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_270_ActiveX.dll
+ 2009-07-14 05:01 . 2012-08-03 02:24 258200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-28 20:25 258200 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-31 23:30 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\7-31-2012\ERDNT.EXE
+ 2012-07-31 00:51 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\7-30-2012\ERDNT.EXE
+ 2012-07-30 02:38 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\7-29-2012\ERDNT.EXE
+ 2012-08-03 02:09 . 2012-08-03 02:09 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
+ 2012-08-03 02:09 . 2012-08-03 02:09 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
+ 2010-10-18 09:29 . 2012-08-03 00:01 2117776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-10-18 09:29 . 2012-07-28 20:25 2117776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-07-21 02:38 . 2012-08-03 02:24 2521960 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-828031243-2963740445-2646681652-1004-12288.dat
+ 2011-03-14 04:10 . 2012-08-01 00:14 2667136 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-828031243-2963740445-2646681652-1001-12288.dat
+ 2012-07-31 23:30 . 2012-07-31 23:30 2912256 c:\windows\ERDNT\AutoBackup\7-31-2012\Users\00000002\UsrClass.dat
+ 2012-07-31 23:30 . 2012-07-31 23:30 3264512 c:\windows\ERDNT\AutoBackup\7-31-2012\Users\00000001\NTUSER.DAT
+ 2012-07-31 00:51 . 2012-07-31 00:51 2912256 c:\windows\ERDNT\AutoBackup\7-30-2012\Users\00000002\UsrClass.dat
+ 2012-07-31 00:51 . 2012-07-31 00:51 3264512 c:\windows\ERDNT\AutoBackup\7-30-2012\Users\00000001\NTUSER.DAT
+ 2012-07-30 02:38 . 2012-07-30 02:38 2912256 c:\windows\ERDNT\AutoBackup\7-29-2012\Users\00000002\UsrClass.dat
+ 2012-07-30 02:38 . 2012-07-30 02:38 3264512 c:\windows\ERDNT\AutoBackup\7-29-2012\Users\00000001\NTUSER.DAT
+ 2012-08-03 02:09 . 2012-08-03 02:09 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 19:17 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-02 00:17 1487240 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-02-02 1487240]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"InstallIQUpdater"="c:\program files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2011-10-11 1179648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-17 98304]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-23 928096]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-08 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 CASprint;Sprint Con App Svc;c:\program files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-08 136176]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-15 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-09-13 37456]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-10-07 283728]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-08-08 46672]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-07-11 375376]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-17 202752]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-05-21 140272]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2009-10-16 1039360]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [2010-06-24 315392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-09 935008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-06-17 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-06-17 188928]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 120400]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 29776]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-23 347680]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 17:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 02:09]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-08 14:31]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-08 14:31]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-828031243-2963740445-2646681652-1001Core.job
- c:\users\doug\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-17 23:54]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-828031243-2963740445-2646681652-1001UA.job
- c:\users\doug\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-17 23:54]
.
2012-07-28 c:\windows\Tasks\HPCeeScheduleFordoug.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
2012-07-14 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2011-03-12 21:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-03-21 6489704]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"lxdumon.exe"="c:\program files (x86)\Lexmark 5600-6600 Series\lxdumon.exe" [2010-02-04 676520]
"lxduamon"="c:\program files (x86)\Lexmark 5600-6600 Series\lxduamon.exe" [2010-02-04 16040]
"fssui"="c:\program files (x86)\Windows Live\Family Safety\fsui.exe" [2012-03-08 884584]
.
------- Supplementary Scan -------
.
uStart Page = https://login.yahoo.com/config/login?.src=fpctx&.intl=us&.done=http%3A%2F%2Fwww.yahoo.com%2F
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B04ae27d3-b243-48bd-b214-db703be9693b%7D&mid=dd937770430147d6914ab57816bfae0c-41703a7d52e139f598cda7297c5bbf77f1c1caa4&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2011-09-27%2019%3A08%3A03&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
WebBrowser-{C80BDEB2-8735-44C6-BD55-A1CCD555667A} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{C80BDEB2-8735-44C6-BD55-A1CCD555667A}"=hex:51,66,7a,6c,4c,1d,38,12,dc,dd,18,
cc,07,c9,a8,01,c2,43,e2,8c,d0,0b,22,6e
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{21608B66-026F-4DCB-9244-0DACA328DCED}"=hex:51,66,7a,6c,4c,1d,38,12,08,88,73,
25,5d,4c,a5,08,ed,52,4e,ec,a6,76,98,f9
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}"=hex:51,66,7a,6c,4c,1d,38,12,a5,b6,f7,
bb,c5,2d,3f,0f,ed,70,22,27,60,03,1f,5b
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}"=hex:51,66,7a,6c,4c,1d,38,12,7e,e6,d6,
d6,5f,f0,a2,07,e0,77,a7,b9,3c,59,c0,60
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}"=hex:51,66,7a,6c,4c,1d,38,12,70,05,61,
f9,ec,d1,23,0d,da,9c,48,eb,44,0f,8e,cc
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus\1]
@="131473"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-04 17:26:59
ComboFix-quarantined-files.txt 2012-08-04 22:26
ComboFix2.txt 2012-08-02 01:39
ComboFix3.txt 2012-07-28 20:44
.
Pre-Run: 206,530,469,888 bytes free
Post-Run: 206,460,436,480 bytes free
.
- - End Of File - - A468FB62F2DF895D01605C3DF13F44AC

JonTom
2012-08-05, 20:15
Hello douglasvjohnson


I will hook it up and see how she works :bigthumb:

douglasvjohnson
2012-08-05, 21:14
Hello,
While the computer is working much better, i am still receiving "Thret" messages from AVG. Just now it was for I believe a file called display.ini. I am unable to find the event in AVG (?).
Is there a way to rid this laptop of these evil files, short of restoring the box to factory settings?

Thank You in advance.!!!!!

The days are getting shorter. Enjoy what is left of the summer!! Winter comes too soon and lasts too long.

JonTom
2012-08-06, 21:40
Hello douglasvjohnson

Thank you for the information.

The next time you get the threat message please copy it word for word (it is important that we have the path to the file the is reported as infected).

There are still a few things we can try:

Please re-run aswMBR and post the new log in your next reply along with a new set of DDS logs.

douglasvjohnson
2012-08-08, 23:41
Hello. I have been preoccupied, but will run these scans and send you the log later tonight. Thanks again

douglasvjohnson
2012-08-09, 01:54
Hello Again,
DDS log
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by doug at 17:51:32 on 2012-08-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.874 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxducoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Realtek\RtVOsd\RtVOsd.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\atibtmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRunOnce: [SpybotDeletingB1692] command.com /c del "C:\ProgramData\W3i\InstallIQUpdater\data.xml"
uRunOnce: [SpybotDeletingD8990] cmd.exe /c del "C:\ProgramData\W3i\InstallIQUpdater\data.xml"
uRunOnce: [SpybotDeletingB6272] command.com /c del "C:\ProgramData\W3i\InstallIQUpdater\iqu.ini"
uRunOnce: [SpybotDeletingD702] cmd.exe /c del "C:\ProgramData\W3i\InstallIQUpdater\iqu.ini"
uRunOnce: [SpybotDeletingB5637] command.com /c del "C:\ProgramData\W3i\InstallIQUpdater\IQUMessageDlg.xsl"
uRunOnce: [SpybotDeletingD6103] cmd.exe /c del "C:\ProgramData\W3i\InstallIQUpdater\IQUMessageDlg.xsl"
uRunOnce: [SpybotDeletingB1718] command.com /c del "C:\ProgramData\W3i\InstallIQUpdater\updater.log"
uRunOnce: [SpybotDeletingD8498] cmd.exe /c del "C:\ProgramData\W3i\InstallIQUpdater\updater.log"
uRunOnce: [SpybotDeletingB3567] command.com /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\InstallIQ Updater.lnk"
uRunOnce: [SpybotDeletingD2511] cmd.exe /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\InstallIQ Updater.lnk"
uRunOnce: [SpybotDeletingB9860] command.com /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\Privacy Policy.url"
uRunOnce: [SpybotDeletingD6309] cmd.exe /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\Privacy Policy.url"
uRunOnce: [SpybotDeletingB6902] command.com /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\Terms & Conditions.url"
uRunOnce: [SpybotDeletingD7609] cmd.exe /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\Terms & Conditions.url"
uRunOnce: [SpybotDeletingB3368] command.com /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\Uninstall InstallIQ Updater.lnk"
uRunOnce: [SpybotDeletingD9232] cmd.exe /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\Uninstall InstallIQ Updater.lnk"
uRunOnce: [SpybotDeletingB5487] command.com /c del "C:\Program Files (x86)\W3i\InstallIQUpdater\iqu.xsl"
uRunOnce: [SpybotDeletingD8114] cmd.exe /c del "C:\Program Files (x86)\W3i\InstallIQUpdater\iqu.xsl"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [SpybotDeletingA7861] command.com /c del "C:\ProgramData\W3i\InstallIQUpdater\data.xml"
mRunOnce: [SpybotDeletingC1790] cmd.exe /c del "C:\ProgramData\W3i\InstallIQUpdater\data.xml"
mRunOnce: [SpybotDeletingA8917] command.com /c del "C:\ProgramData\W3i\InstallIQUpdater\iqu.ini"
mRunOnce: [SpybotDeletingC4505] cmd.exe /c del "C:\ProgramData\W3i\InstallIQUpdater\IQUMessageDlg.xsl"
mRunOnce: [SpybotDeletingA559] command.com /c del "C:\ProgramData\W3i\InstallIQUpdater\IQUMessageDlg.xsl"
mRunOnce: [SpybotDeletingA8052] command.com /c del "C:\ProgramData\W3i\InstallIQUpdater\updater.log"
mRunOnce: [SpybotDeletingC6461] cmd.exe /c del "C:\ProgramData\W3i\InstallIQUpdater\updater.log"
mRunOnce: [SpybotDeletingA5190] command.com /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\InstallIQ Updater.lnk"
mRunOnce: [SpybotDeletingC4155] cmd.exe /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\InstallIQ Updater.lnk"
mRunOnce: [SpybotDeletingA9376] command.com /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\Privacy Policy.url"
mRunOnce: [SpybotDeletingC4988] cmd.exe /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\Privacy Policy.url"
mRunOnce: [SpybotDeletingA4255] command.com /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\Terms & Conditions.url"
mRunOnce: [SpybotDeletingC9958] cmd.exe /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\Terms & Conditions.url"
mRunOnce: [SpybotDeletingA9427] command.com /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\Uninstall InstallIQ Updater.lnk"
mRunOnce: [SpybotDeletingC9297] cmd.exe /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\Uninstall InstallIQ Updater.lnk"
mRunOnce: [SpybotDeletingA435] command.com /c del "C:\Program Files (x86)\W3i\InstallIQUpdater\iqu.xsl"
mRunOnce: [SpybotDeletingC6089] cmd.exe /c del "C:\Program Files (x86)\W3i\InstallIQUpdater\iqu.xsl"
StartupFolder: C:\Users\doug\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Add to Video Converter... - C:\Program Files (x86)\Media Player Utilities 5.22\AVIConverter\grab.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{63125ED7-4121-4BD2-9811-309F5E911E4E} : DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{63125ED7-4121-4BD2-9811-309F5E911E4E}\2375942554432323 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{63125ED7-4121-4BD2-9811-309F5E911E4E}\342465D23547166666 : DhcpNameServer = 192.168.0.20 192.168.0.41
TCP: Interfaces\{63125ED7-4121-4BD2-9811-309F5E911E4E}\C696E6B6379737 : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{C05AD519-926E-46DA-A286-D6B3A0E85834} : DhcpNameServer = 40.6.1.100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [SpybotDeletingA7861] command.com /c del "C:\ProgramData\W3i\InstallIQUpdater\data.xml"
mRunOnce-x64: [SpybotDeletingC1790] cmd.exe /c del "C:\ProgramData\W3i\InstallIQUpdater\data.xml"
mRunOnce-x64: [SpybotDeletingA8917] command.com /c del "C:\ProgramData\W3i\InstallIQUpdater\iqu.ini"
mRunOnce-x64: [SpybotDeletingC4505] cmd.exe /c del "C:\ProgramData\W3i\InstallIQUpdater\IQUMessageDlg.xsl"
mRunOnce-x64: [SpybotDeletingA559] command.com /c del "C:\ProgramData\W3i\InstallIQUpdater\IQUMessageDlg.xsl"
mRunOnce-x64: [SpybotDeletingA8052] command.com /c del "C:\ProgramData\W3i\InstallIQUpdater\updater.log"
mRunOnce-x64: [SpybotDeletingC6461] cmd.exe /c del "C:\ProgramData\W3i\InstallIQUpdater\updater.log"
mRunOnce-x64: [SpybotDeletingA5190] command.com /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\InstallIQ Updater.lnk"
mRunOnce-x64: [SpybotDeletingC4155] cmd.exe /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\InstallIQ Updater.lnk"
mRunOnce-x64: [SpybotDeletingA9376] command.com /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\Privacy Policy.url"
mRunOnce-x64: [SpybotDeletingC4988] cmd.exe /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\Privacy Policy.url"
mRunOnce-x64: [SpybotDeletingA4255] command.com /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\Terms & Conditions.url"
mRunOnce-x64: [SpybotDeletingC9958] cmd.exe /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\Terms & Conditions.url"
mRunOnce-x64: [SpybotDeletingA9427] command.com /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\Uninstall InstallIQ Updater.lnk"
mRunOnce-x64: [SpybotDeletingC9297] cmd.exe /c del "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallIQ Updater\Uninstall InstallIQ Updater.lnk"
mRunOnce-x64: [SpybotDeletingA435] command.com /c del "C:\Program Files (x86)\W3i\InstallIQUpdater\iqu.xsl"
mRunOnce-x64: [SpybotDeletingC6089] cmd.exe /c del "C:\Program Files (x86)\W3i\InstallIQUpdater\iqu.xsl"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\doug\AppData\Roaming\Mozilla\Firefox\Profiles\7o6nkz82.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B04ae27d3-b243-48bd-b214-db703be9693b%7D&mid=dd937770430147d6914ab57816bfae0c-41703a7d52e139f598cda7297c5bbf77f1c1caa4&ds=AVG&v=11.1.0.7&lang=en&pr=fr&d=2011-09-27%2019%3A08%3A03&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 64952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-10-18 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-5-21 140272]
R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-6-18 103992]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 lxdu_device;lxdu_device;C:\Windows\system32\lxducoms.exe -service --> C:\Windows\system32\lxducoms.exe -service [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-2 655944]
R2 RtVOsdService;RtVOsdService Installer;C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe [2010-6-24 315392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-12 1153368]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-8 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-17 250056]
S3 CASprint;Sprint Con App Svc;"C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe" /n "CASprint" --> C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-8 136176]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-08-08 21:33:07 -------- d-----w- C:\Users\doug\AppData\Local\{411E0A09-7D01-487D-A8FE-A2AAFFA2E56B}
2012-08-08 00:56:46 -------- d-----w- C:\Users\doug\AppData\Local\{F9E6676F-40B1-486C-A610-C05A5FF473CD}
2012-08-08 00:56:17 -------- d-----w- C:\Users\doug\AppData\Local\{1591014E-2C76-4477-B8E8-079FFAF4DD02}
2012-08-04 22:45:50 -------- d-----w- C:\Users\doug\AppData\Local\{AE164A15-5D29-4FA6-882C-FEB65BFA5640}
2012-08-04 22:45:20 -------- d-----w- C:\Users\doug\AppData\Local\{DFF717D2-EDF3-4C5D-9782-C47B598CC620}
2012-08-04 22:44:36 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-04 22:27:03 -------- d-----w- C:\Users\doug\AppData\Local\temp
2012-08-03 00:29:21 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-02 23:51:51 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-02 23:51:50 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-02 23:51:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-02 01:18:08 98816 ----a-w- C:\Windows\sed.exe
2012-08-02 01:18:08 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-02 01:18:08 256000 ----a-w- C:\Windows\PEV.exe
2012-08-02 01:18:08 208896 ----a-w- C:\Windows\MBR.exe
2012-07-31 23:43:38 -------- d-----w- C:\Users\doug\AppData\Local\{08079659-218E-47DC-8529-D3138B809D4A}
2012-07-31 23:42:53 -------- d-----w- C:\Users\doug\AppData\Local\{DE5F7621-44F1-44F3-B815-E75B736B5EBF}
2012-07-31 23:30:57 -------- d-----w- C:\Users\doug\AppData\Local\{BBE25211-19D1-426F-8B51-9A1BA04C5CF8}
2012-07-31 00:51:52 -------- d-----w- C:\Users\doug\AppData\Local\{DCBE59E4-06D8-4DEB-A02E-D0D3CA9AB39C}
2012-07-31 00:51:36 -------- d-----w- C:\Users\doug\AppData\Local\{1BDAECD8-883D-4A94-9E69-45EC0FAC0BA9}
2012-07-29 15:14:40 -------- d-----w- C:\Users\doug\AppData\Local\{894DAB99-34F3-4323-9B23-76447CB4CB09}
2012-07-29 15:14:31 -------- d-----w- C:\Users\doug\AppData\Local\{6F029FA1-6A9F-46A2-913D-97FB48CA970F}
2012-07-28 17:01:09 -------- d-----w- C:\Users\doug\AppData\Local\{70EDBB24-1301-423D-BE64-5BF8F976387F}
2012-07-28 17:00:42 -------- d-----w- C:\Users\doug\AppData\Local\{A5494F1E-230F-4CF3-9F16-1662C7238FD3}
2012-07-27 03:52:03 -------- d-----w- C:\Users\doug\AppData\Local\{9D86C0C6-6CBF-4117-B523-4B2F8F493FC7}
2012-07-27 03:33:53 -------- d-----w- C:\Users\doug\AppData\Local\{576FB0AE-AC64-41A0-8EA8-0025087588DF}
2012-07-25 23:48:17 -------- d-----w- C:\Users\doug\AppData\Local\{B6758768-45EF-4E79-8378-9EEA7CF3C11D}
2012-07-25 23:47:56 -------- d-----w- C:\Users\doug\AppData\Local\{C821C7B5-B58B-4B21-9136-0BDF2CF6F90E}
2012-07-24 23:04:53 -------- d-----w- C:\Users\doug\AppData\Local\{55F822EA-D35E-4E87-B15B-0193FB2A6CC0}
2012-07-24 23:04:23 -------- d-----w- C:\Users\doug\AppData\Local\{ACC1CCF6-A046-4A1B-85CF-D722D692E01D}
2012-07-23 23:00:33 -------- d-----w- C:\Users\doug\AppData\Local\{D4A858C2-51C3-4FE0-88B6-C355DB6D7E8C}
2012-07-23 23:00:08 -------- d-----w- C:\Users\doug\AppData\Local\{D4D9214B-C67A-4624-9B83-F539DDB0F396}
2012-07-23 22:59:51 -------- d-----w- C:\Users\doug\AppData\Roaming\PerformerSoft
2012-07-21 02:31:10 -------- d-----w- C:\ProgramData\IBUpdaterService
2012-07-21 02:30:29 -------- d-----w- C:\Program Files (x86)\Conduit
2012-07-21 02:30:27 19000 ----a-w- C:\Windows\System32\roboot64.exe
2012-07-21 02:26:13 -------- d-----w- C:\Program Files (x86)\Yahoo!
2012-07-15 18:20:53 -------- d-----w- C:\Users\doug\AppData\Local\Macromedia
2012-07-15 17:56:42 -------- d-----w- C:\Users\doug\AppData\Local\{5B699BC4-7578-4233-85FD-1EF2C2AF6E69}
2012-07-15 17:56:26 -------- d-----w- C:\Users\doug\AppData\Local\{BFD953BA-4EE5-45CD-8006-5712BD3D1507}
2012-07-14 17:29:49 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-14 15:11:26 -------- d-----w- C:\Users\doug\AppData\Local\{06CEC55E-9177-437B-8FBB-E51C0DEADD93}
2012-07-13 21:27:24 -------- d-----w- C:\Users\doug\AppData\Local\{E97DF82E-E9FF-4C74-9C1D-DD1C3C665AAB}
2012-07-13 01:56:59 -------- d-----w- C:\Users\doug\AppData\Local\{E5E13261-2BE0-44A5-A47D-61ABA06EA83F}
2012-07-13 01:56:46 -------- d-----w- C:\Users\doug\AppData\Local\{D5782E74-ABEB-41C5-BDF9-040D2CB898B3}
2012-07-12 10:59:21 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 10:48:35 -------- d-----w- C:\Users\doug\AppData\Local\{CC8A390E-10EE-4BC4-854A-C685EE40DC99}
2012-07-11 21:57:07 -------- d-----w- C:\Users\doug\AppData\Local\{5B000D8A-BE94-42C2-99FD-2486B2573DA2}
2012-07-11 01:01:42 -------- d-----w- C:\Users\doug\AppData\Local\{F9778629-1A0E-448B-BC25-967C86DC4781}
2012-07-11 01:01:31 -------- d-----w- C:\Users\doug\AppData\Local\{279B1882-91A9-4F9D-895B-317A90EB5998}
2012-07-10 12:07:14 -------- d-----w- C:\Users\doug\AppData\Local\{458D767A-FAE3-4FB7-8B1D-0B54D788DA89}
.
==================== Find3M ====================
.
2012-08-03 02:09:19 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 02:09:19 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 17:52:04.00 ===============
ASW log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/12/2011 5:07:01 PM
System Uptime: 8/7/2012 7:50:57 PM (22 hours ago)
.
Motherboard: Hewlett-Packard | | 1444
Processor: AMD Athlon(tm) II P320 Dual-Core Processor | Socket S1G4 | 798/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 280 GiB total, 192.126 GiB free.
D: is FIXED (NTFS) - 17 GiB total, 2.5 GiB free.
E: is CDROM ()
F: is FIXED (FAT32) - 0 GiB total, 0.057 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP182: 6/11/2012 5:45:03 AM - Windows Update
RP183: 6/14/2012 11:55:02 AM - Windows Update
RP184: 6/17/2012 8:40:07 PM - Windows Backup
RP185: 6/17/2012 10:15:28 PM - Removed BabylonObjectInstaller
RP186: 6/17/2012 10:20:40 PM - Removed BabylonObjectInstaller
RP187: 6/18/2012 7:38:14 PM - Windows Update
RP188: 6/19/2012 6:38:03 AM - Windows Live Essentials
RP189: 6/19/2012 6:39:21 AM - Installed DirectX
RP190: 6/19/2012 6:40:11 AM - Installed DirectX
RP191: 6/19/2012 6:40:43 AM - WLSetup
RP192: 6/21/2012 7:58:59 PM - Windows Update
RP193: 6/24/2012 9:21:26 PM - Windows Backup
RP194: 7/1/2012 7:14:50 PM - Windows Backup
RP196: 7/12/2012 5:48:34 AM - Windows Update
RP197: 7/15/2012 7:00:44 PM - Windows Backup
RP198: 7/23/2012 6:09:31 PM - Windows Backup
RP199: 7/23/2012 6:15:27 PM - Configured PhotoNow
RP200: 7/23/2012 6:16:48 PM - Configured Power2Go
RP201: 7/23/2012 6:20:25 PM - Configured PowerDirector
RP202: 7/23/2012 6:30:48 PM - Removed WeatherBug
RP203: 7/23/2012 6:35:02 PM - Removed Google Talk Plugin
RP204: 7/28/2012 12:21:48 PM - ComboFix created restore point
RP205: 7/29/2012 9:25:06 PM - Windows Backup
RP206: 7/31/2012 8:18:01 PM - Windows Backup
RP207: 8/4/2012 4:56:34 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.5
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Ask Toolbar
Atheros Driver Installation Program
AVG Security Toolbar
Bejeweled 2 Deluxe
Bing Rewards Client Installer
Blackhawk Striker 2
Build-a-lot 2
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Energy Star Digital Logo
ERUNT 1.1j
Escape Rosecliff Island
ESET Online Scanner v3
ESU for Microsoft Windows 7
FATE
Final Drive Nitro
Google Chrome
Google Earth Plug-in
Google Update Helper
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP Documentation
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP Photo Creations
HP Power Manager
HP Quick Launch
HP Setup
HP Software Framework
HP Support Assistant
Java Auto Updater
Java(TM) 6 Update 31
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
LabelPrint
Lexmark Printable Web
LightScribe System Software
Malwarebytes Anti-Malware version 1.62.0.1300
Media Player Utilities 5.22
Mesh Runtime
Messenger Companion
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office Standard Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NETGEAR Live Parental Controls Management Utility 2.1.3
NETGEAR Live Parental Controls User Utility 1.0b40
Penguins!
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Professor Teaches QuickBooks 2009
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Recovery Manager
Roxio CinemaNow 2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Spybot - Search & Destroy
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Virtual Families
Virtual Villagers - The Secret City
Visual Studio 2008 x64 Redistributables
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yahoo! Detect
Yahoo! Software Update
Yahoo! Toolbar
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
8/7/2012 7:55:48 PM, Error: Microsoft-Windows-GroupPolicy [1096] - The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.
8/7/2012 7:55:09 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/7/2012 7:53:04 PM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
8/7/2012 7:52:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live Family Safety Service service to connect.
8/7/2012 7:52:22 PM, Error: Service Control Manager [7000] - The Windows Live Family Safety Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/6/2012 4:29:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
8/6/2012 4:29:00 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/4/2012 5:45:46 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: A device attached to the system is not functioning.
8/4/2012 5:18:08 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/1/2012 8:28:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.
.
==== End Of File ===========================


ONCE AGAIN, THANK YOU FOR YOUR PATIENCE AND TIME

JonTom
2012-08-09, 14:11
Hello douglas

It does not look as though the aswMBR log was included.

Can you please re-post it?

douglasvjohnson
2012-08-12, 00:20
Here is the ASW scan result:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-24 18:12:31
-----------------------------
18:12:31.122 OS Version: Windows x64 6.1.7601 Service Pack 1
18:12:31.122 Number of processors: 2 586 0x603
18:12:31.123 ComputerName: DOUG-HP UserName: doug
18:12:37.902 Initialize success
18:13:30.384 AVAST engine defs: 12072401
18:13:45.204 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
18:13:45.219 Disk 0 Vendor: ST932032 0005 Size: 305245MB BusType: 11
18:13:45.235 Disk 0 MBR read successfully
18:13:45.251 Disk 0 MBR scan
18:13:45.251 Disk 0 unknown MBR code
18:13:45.266 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
18:13:45.297 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287180 MB offset 409600
18:13:45.329 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17761 MB offset 588554240
18:13:45.360 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
18:13:45.422 Disk 0 scanning C:\Windows\system32\drivers
18:14:03.440 Service scanning
18:14:42.690 Modules scanning
18:14:42.714 Disk 0 trace - called modules:
18:14:42.758 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
18:14:42.770 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031de060]
18:14:42.780 3 CLASSPNP.SYS[fffff8800196b43f] -> nt!IofCallDriver -> [0xfffffa8003184040]
18:14:42.791 5 amdxata.sys[fffff880011227a8] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa800317e060]
18:14:45.770 AVAST engine scan C:\Windows
18:14:49.435 AVAST engine scan C:\Windows\system32
18:19:17.563 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:19:25.948 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
18:22:35.555 AVAST engine scan C:\Windows\system32\drivers
18:23:02.971 AVAST engine scan C:\Users\doug
18:24:04.521 Disk 0 MBR has been saved successfully to "C:\Users\doug\Desktop\MBR.dat"
18:24:04.537 The log file has been saved successfully to "C:\Users\doug\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-08 17:46:44
-----------------------------
17:46:44.740 OS Version: Windows x64 6.1.7601 Service Pack 1
17:46:44.740 Number of processors: 2 586 0x603
17:46:44.740 ComputerName: DOUG-HP UserName: doug
17:46:47.797 Initialize success
17:46:58.872 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
17:46:58.872 Disk 0 Vendor: ST932032 0005 Size: 305245MB BusType: 11
17:46:58.903 Disk 0 MBR read successfully
17:46:58.903 Disk 0 MBR scan
17:46:58.903 Disk 0 unknown MBR code
17:46:58.919 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
17:46:58.934 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287180 MB offset 409600
17:46:58.965 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17761 MB offset 588554240
17:46:58.997 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
17:46:59.043 Disk 0 scanning C:\Windows\system32\drivers
17:47:09.917 Service scanning
17:47:35.810 Modules scanning
17:47:35.825 Disk 0 trace - called modules:
17:47:35.903 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
17:47:35.919 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031bf060]
17:47:35.935 3 CLASSPNP.SYS[fffff8800199543f] -> nt!IofCallDriver -> [0xfffffa80021d9040]
17:47:35.950 5 amdxata.sys[fffff880011457a8] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa800315f060]
17:47:35.966 Scan finished successfully
17:47:44.989 Disk 0 MBR has been saved successfully to "C:\Users\doug\Desktop\MBR.dat"
17:47:44.989 The log file has been saved successfully to "C:\Users\doug\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-11 16:16:38
-----------------------------
16:16:38.216 OS Version: Windows x64 6.1.7601 Service Pack 1
16:16:38.216 Number of processors: 2 586 0x603
16:16:38.216 ComputerName: DOUG-HP UserName: doug
16:16:41.165 Initialize success
16:16:55.339 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
16:16:55.339 Disk 0 Vendor: ST932032 0005 Size: 305245MB BusType: 11
16:16:55.370 Disk 0 MBR read successfully
16:16:55.370 Disk 0 MBR scan
16:16:55.386 Disk 0 unknown MBR code
16:16:55.401 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
16:16:55.417 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 287180 MB offset 409600
16:16:55.464 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 17761 MB offset 588554240
16:16:55.479 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
16:16:55.542 Disk 0 scanning C:\Windows\system32\drivers
16:17:10.253 Service scanning
16:17:38.021 Modules scanning
16:17:38.036 Disk 0 trace - called modules:
16:17:38.052 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
16:17:38.067 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80031bf060]
16:17:38.083 3 CLASSPNP.SYS[fffff8800199543f] -> nt!IofCallDriver -> [0xfffffa80021d9040]
16:17:38.083 5 amdxata.sys[fffff880011457a8] -> nt!IofCallDriver -> \Device\0000005f[0xfffffa800315f060]
16:17:38.099 Scan finished successfully
16:17:53.964 Disk 0 MBR has been saved successfully to "C:\Users\doug\Desktop\MBR.dat"
16:17:54.042 The log file has been saved successfully to "C:\Users\doug\Desktop\aswMBR.txt"




Thank You

JonTom
2012-08-12, 01:35
Hello douglasvjohnson

Your latest scan logs appear to be clean :)

Are you still receiving the warning message from AVG?

If so, scan the machine with AVG and post the list of detected items for me to review.

douglasvjohnson
2012-08-15, 03:11
Hello,
I have been distracted but have not given up.
Here is the most recent part of the Resident Shield log

Resident Shield detection
Infection;"Object";"Result";"Detection time";"Object Type";"Process"
Found Tracking cookie.Mediaplex;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\9KRIO8JY.txt";"";"8/14/2012, 6:39:59 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Atdmt;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\4EJ4AUQ3.txt";"";"8/14/2012, 6:39:58 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Pointroll;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\WAS5RST9.txt";"";"8/14/2012, 6:39:58 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Pointroll;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\IR00S7T6.txt";"";"8/14/2012, 6:39:58 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Advertising;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\7GV69PVS.txt";"";"8/14/2012, 6:39:57 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Advertising;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\NXLGR1SV.txt";"";"8/14/2012, 6:39:57 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Advertising;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\8G4YL9ZC.txt";"";"8/14/2012, 6:39:57 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Advertising;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\U31VFWJI.txt";"";"8/14/2012, 6:39:57 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Advertising;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\XB90WNN1.txt";"";"8/14/2012, 6:39:57 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\ZVJEFNRA.txt";"";"8/14/2012, 6:39:56 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\G2REH138.txt";"";"8/14/2012, 6:39:56 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\EYIFRW6Y.txt";"";"8/14/2012, 6:39:56 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Advertising;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\ADA3QYKY.txt";"";"8/14/2012, 6:39:55 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\OLPQL9V5.txt";"";"8/14/2012, 6:39:55 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\UJBW2CQT.txt";"";"8/14/2012, 6:39:54 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\O7VYMXXY.txt";"";"8/14/2012, 6:39:54 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\2LGCCZ1X.txt";"";"8/14/2012, 6:39:52 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Zedo;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\YO43VBAY.txt";"";"8/14/2012, 6:39:47 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Zedo;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\55HB6TND.txt";"";"8/14/2012, 6:39:47 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Zedo;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\M3ZCVGM9.txt";"";"8/14/2012, 6:39:47 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Zedo;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\L570FYON.txt";"";"8/14/2012, 6:39:45 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Zedo;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\BU4AQ5LR.txt";"";"8/14/2012, 3:25:03 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Zedo;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\ZG7LDOOF.txt";"";"8/14/2012, 3:25:03 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Liveperson;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\2UXDNVI5.txt";"";"8/14/2012, 3:24:38 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Atdmt;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\E30E52OX.txt";"";"8/14/2012, 3:23:06 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Atdmt;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\N2TGKWCZ.txt";"";"8/14/2012, 3:23:06 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Adbrite;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\GCKOO1FX.txt";"";"8/14/2012, 3:21:50 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Adbrite;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\XCK5LIXF.txt";"";"8/14/2012, 3:21:50 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Fastclick;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\VF5I1UO8.txt";"";"8/14/2012, 3:21:50 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Fastclick;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\V8M3Z9AR.txt";"";"8/14/2012, 3:20:28 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Burstnet;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\C5UCZMQ3.txt";"";"8/14/2012, 3:20:26 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\LDW8IEZW.txt";"";"8/14/2012, 3:20:26 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Serving-sys;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\DVODQUS7.txt";"";"8/11/2012, 4:58:11 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\2LGCCZ1X.txt";"";"8/11/2012, 4:58:11 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\XQDPB333.txt";"";"8/11/2012, 4:58:09 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\Q1K7ZP61.txt";"";"8/11/2012, 4:58:09 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Serving-sys;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\AIWA3XK6.txt";"";"8/11/2012, 4:58:09 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\TFXW16B5.txt";"";"8/11/2012, 4:58:09 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\ITLDZ3RI.txt";"";"8/11/2012, 4:58:09 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Serving-sys;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\JJGWUVAT.txt";"";"8/11/2012, 4:58:08 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Serving-sys;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\doug_2@bs.serving-sys[1].txt";"";"8/11/2012, 4:58:08 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Serving-sys;"c:\Users\Doug_2\AppData\Roaming\Microsoft\Windows\Cookies\661NAREH.txt";"";"8/11/2012, 4:58:07 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\P322LG4B.txt";"";"8/11/2012, 4:15:01 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Atdmt;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\A6YEZBCY.txt";"";"8/11/2012, 4:14:55 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\9EZCX6TK.txt";"";"8/11/2012, 4:14:54 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\Y7HFS5WM.txt";"";"8/11/2012, 4:14:54 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\XQIUD8SB.txt";"";"8/11/2012, 4:14:54 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\QXBKGXV8.txt";"";"8/11/2012, 4:14:54 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\OD85V10K.txt";"";"8/11/2012, 4:14:39 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\1EVCJLUB.txt";"";"8/11/2012, 4:14:39 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\RZFR64Z0.txt";"";"8/11/2012, 4:14:37 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Tribalfusion;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\57ZE6OVS.txt";"";"8/11/2012, 4:11:23 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Zedo;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\94YTJU1A.txt";"";"8/11/2012, 4:11:22 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\RZFR64Z0.txt";"";"8/11/2012, 4:11:22 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\ZUI331IV.txt";"";"8/11/2012, 4:11:22 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\GEGFSNF6.txt";"";"8/11/2012, 4:11:22 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Zedo;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\ESL5NPQE.txt";"";"8/11/2012, 4:11:21 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Tribalfusion;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\A4HSL0EN.txt";"";"8/11/2012, 4:11:21 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Tribalfusion;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\8A9TQORZ.txt";"";"8/11/2012, 4:11:20 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Tribalfusion;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\4985SA9A.txt";"";"8/11/2012, 4:11:20 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\8W1BZIY3.txt";"";"8/11/2012, 4:10:56 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\DU2A5EJJ.txt";"";"8/11/2012, 4:10:56 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\YHSZHRLX.txt";"";"8/11/2012, 4:10:56 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\XL751PWG.txt";"";"8/11/2012, 4:10:56 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\IXLHKTA1.txt";"";"8/11/2012, 4:10:56 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\1PFQVMCE.txt";"";"8/11/2012, 4:10:56 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\XM07UPHT.txt";"";"8/11/2012, 4:10:54 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Questionmarket;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\X3KTSEUN.txt";"";"8/11/2012, 4:10:54 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Questionmarket;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\Z3DVC0ZZ.txt";"";"8/11/2012, 4:10:54 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Questionmarket;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\ZTTFBL4V.txt";"";"8/11/2012, 4:10:54 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Questionmarket;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\JDYNBOYC.txt";"";"8/11/2012, 4:10:53 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Atdmt;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\A6YEZBCY.txt";"";"8/11/2012, 4:10:53 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\XM07UPHT.txt";"";"8/11/2012, 4:10:09 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\RZSXNPEZ.txt";"";"8/11/2012, 4:10:09 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\8QK4FDI2.txt";"";"8/11/2012, 4:10:09 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\ABWG3C33.txt";"";"8/11/2012, 4:10:09 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\261F8EP1.txt";"";"8/11/2012, 4:10:09 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\ENLWJVBH.txt";"";"8/11/2012, 4:10:02 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\RWEOA48C.txt";"";"8/11/2012, 4:10:02 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\7RF6XV0S.txt";"";"8/11/2012, 4:10:02 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\MWTGRH6N.txt";"";"8/11/2012, 4:10:02 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\0CLAEM0U.txt";"";"8/11/2012, 4:10:02 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\NV0B9M7P.txt";"";"8/11/2012, 4:10:02 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Questionmarket;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\JDYNBOYC.txt";"";"8/11/2012, 4:09:56 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Questionmarket;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\QBA8B5GI.txt";"";"8/11/2012, 4:09:56 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Questionmarket;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\EE3A8GFY.txt";"";"8/11/2012, 4:09:56 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Questionmarket;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\8ILY9PPB.txt";"";"8/11/2012, 4:09:56 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Questionmarket;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\Z51RT0S4.txt";"";"8/11/2012, 4:09:56 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\GY5T4EWW.txt";"";"8/11/2012, 4:09:55 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\XZ9UCRFA.txt";"";"8/11/2012, 4:09:55 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\G3W3DTHI.txt";"";"8/11/2012, 4:09:55 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
Found Tracking cookie.Yieldmanager;"c:\Users\doug\AppData\Roaming\Microsoft\Windows\Cookies\7MMGZA4K.txt";"";"8/11/2012, 4:09:55 PM";"file";"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
================================

I hope this helps, and Thank You

douglasvjohnson
2012-08-15, 03:12
IN ran an AVG scan after updating and it showed nothing found.
Thanks Again!

JonTom
2012-08-15, 16:34
Hello douglasvjohnson

Tracking cookies are nothing major to worry about. You can either remove them with AVG (if the option is available) or the following tool will do the same job:

SuperAntiSpyware


Download SuperAntiSpyware by clicking here (http://downloads.superantispyware.com/downloads/SUPERAntiSpyware.exe) and save the file (called superantispyware.exe) to your desktop.
Once the download is complete, close all windows and double click on the superantispyware.exe icon to start the installation (If running Vista/Win7 you may need to Right click and select Run as Administrator).
Follow any prompts you receive (do not make any changes to the default settings provided).
Click on "Finish" to complete the installation.
SuperAntiSpyware will automatically open. Select your preferred language and click on "OK".
You will now be prompted to update the SuperAntiSpyware definitions. Please press the "Yes" button to allow the program to download and install the latest updates so that it can properly detect and remove the latest malware.
Follow the prompts and click on the "Finish" button.
The main menu will now appear.
Click on the "Scan your computer" button and choose "Complete scan" then click on "Next" to begin the scan.
If SuperAntiSpyware detects any Malware, allow the program to quarantine what it finds.


For more detailed instructions on running SuperAntiSpyware click here (http://www.bleepingcomputer.com/virus-removal/how-to-use-superantispyware-tutorial).


Your latest scans are clean and AVG is clean also.

Once you have dealt with the tracking cookies (if you choose to do so) we can remove our tools:


Please Uninstall Combofix


Hold down the Windows key (has the Windows symbol on it) and press the "R" key.
A Run box will open.
Type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.



Removal of Tools


You no longer need DDS, aswMBR or SystemLook. Please delete them from your machine.



Please re-enable Spybot Teatimer


Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
On the left hand side, click "Tools", then click on the "Resident" icon in the list.
Check the "Resident "TeaTimer" (Protection of overall system settings) active" box.
Click the "System Startup" icon in the List.
Check the "TeaTimer" box and "OK" any prompts.
If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
Exit Spybot S&D when done.



Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.


Finally, please take the time to read through the information provided below:

Enhance your System Security

For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here. (http://www.geekstogo.com/forum/Free-Antivirus-Antispyware-Software-t38.html)

IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
Once complete, remember to re-engage your resident security before going online.

Web Browsers and Browser Security

Firefox

You can download Firefox from here. (http://www.mozilla.com/en-US/firefox/)


No-Script

If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
You can download No-Script by clicking here. (https://addons.mozilla.org/en-US/firefox/addon/722)


Internet Explorer

The newest version of Internet Explorer is available from here. (http://www.microsoft.com/windows/internet-explorer/?ocid=ie8_s_94735d11-65d1-4bb8-bf6f-72d7b059a928)
Please Note: IE9 is not configured to run on XP machines.


SpywareBlaster

If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
You can download SpywareBlaster by clicking here. (http://www.javacoolsoftware.com/sbdownload.html)

Web of Trust

When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
You can download Web of Trust by clicking here. (http://www.mywot.com/)


Keep your Software Updated

Outdated software can sometimes have vulnerabilities that are exploitable by malware.
Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here. (http://secunia.com/vulnerability_scanning/online/)


Passwords

Learn how to create strong passwords by clicking here (http://www.microsoft.com/protect/yourself/password/create.mspx) and test the strength of the passwords you already use by clicking here. (http://www.microsoft.com/protect/yourself/password/checker.mspx)


General Reading

PC Safety and Security - What do I need? (http://www.techsupportforum.com/security-center/general-computer-security/115548-pc-safety-security-what-do-i-need.html)

How to prevent Malware (by Miekiemoes) (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html)


Learn How To Combat Malware

Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here. (http://forums.whatthetech.com/What_Tech_Classroom_t80368.html)

douglasvjohnson
2012-08-17, 00:56
Hi and Thanks once again!
I will run this as soon as I get home tonight and revert.
Best Regards

JonTom
2012-08-17, 13:56
:bigthumb:

JonTom
2012-08-22, 13:26
Since this problem appears to be resolved this topic is now closed.

Glad we could help :)

Best wishes
JonTom