Jump to content

Recommended Posts

I started with the issue earlier (in the wrong forum), malwarebytes successfully blocked access to a potentially malicious IP.. outgoing... SVChost etc. I ran scans, in safe mode, updated and ran AVG in regular boot and safe mode. AVG was able to remove 4 out of 8 infections on the 2nd run in safemode... but all the things that can't be removed it can't access. Malwarebytes says it's successfully removed, and needs to be restarted, but i run the scan again and nothing has changed. There is no virus "name", it's all trojan agent3.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_25

Run by EMOS at 19:12:45 on 2011-12-27

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4094.1682 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Dwm.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\DAODx.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Program Files\Windows Media Player\WMPSideShowGadget.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Steam\steam.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\AVG\AVG2012\avgui.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\WinZip\WINZIP32.EXE

C:\Windows\explorer.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://hp-laptop.aol.com/?ncid=hplpt_0909

uInternet Settings,ProxyServer = 127.0.0.1:8088

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File

TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet

uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe" "/Trigger RunAtLogon"

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [<NO NAME>]

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0AD8A31B-885D-4010-8803-5468B3843739} : DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{49F5D374-135D-4498-8389-6F9F1D0FB351} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{5135E1A2-4A97-4E3A-8574-6AA2B8E10D82} : DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{BAD31F9F-42EC-4F1B-B068-EA1E3530699B} : DhcpNameServer = 192.168.1.1

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File

TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [(Default)]

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\EMOS\AppData\Roaming\Mozilla\Firefox\Profiles\2ymmdh1h.default\

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll

FF - component: C:\Users\EMOS\AppData\Roaming\Mozilla\Firefox\Profiles\2ymmdh1h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: C:\Users\EMOS\AppData\Roaming\Mozilla\Firefox\Profiles\2ymmdh1h.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\EMOS\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 dtsoftbus01;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-26 354304]

R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-25 366152]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AE1000;Linksys AE1000 Driver;C:\Windows\system32\DRIVERS\ae1000w7.sys --> C:\Windows\system32\DRIVERS\ae1000w7.sys [?]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S3 WMSVC;Web Management Service;C:\Windows\system32\inetsrv\wmsvc.exe --> C:\Windows\system32\inetsrv\wmsvc.exe [?]

S4 Apache2.2;Apache2.2;C:\Program Files (x86)\Apache Software Foundation\Apache2.2\bin\httpd.exe [2011-5-20 20549]

S4 msvsmon80;Visual Studio 2005 Remote Debugger;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2005-9-23 4476096]

S4 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2011-11-30 519888]

S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-8-11 1153368]

S4 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-12-28 01:57:56 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-12-28 01:37:18 -------- d-----w- C:\Users\EMOS\AppData\Roaming\AVG2012

2011-12-28 01:35:52 -------- d-----w- C:\ProgramData\AVG2012

2011-12-27 16:38:04 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2011-12-27 16:08:33 -------- d-----w- C:\Users\EMOS\AppData\Local\{3DC5C740-2C7C-4235-9DB5-A508794AB640}

2011-12-27 16:08:19 -------- d-----w- C:\Users\EMOS\AppData\Local\{2DB84316-F3E2-4EF8-8A4A-0C81EF7473F8}

2011-12-27 01:09:13 20480 ----a-w- C:\Windows\svchost.exe

2011-12-25 16:48:42 -------- d-----w- C:\Users\EMOS\AppData\Local\Logitech

2011-12-22 16:03:22 -------- d-----w- C:\Users\EMOS\AppData\Local\{2EAC0221-C567-416F-9934-47D3EFC50974}

2011-12-22 16:03:09 -------- d-----w- C:\Users\EMOS\AppData\Local\{9CB9A683-B227-4B3B-97E0-A3721B6934B8}

2011-12-21 16:03:50 -------- d-----w- C:\Users\EMOS\AppData\Local\{6C1FA9F3-997E-4D93-B6D3-46C042EBA64F}

2011-12-21 16:03:38 -------- d-----w- C:\Users\EMOS\AppData\Local\{52964A33-018B-45E0-B8F5-805CA221695C}

2011-12-20 16:00:15 -------- d-----w- C:\Users\EMOS\AppData\Local\{F60C694F-8D0C-49A4-B2C3-10A1385D7937}

2011-12-20 16:00:02 -------- d-----w- C:\Users\EMOS\AppData\Local\{8E5FD508-2CDF-4C37-AC19-73785184E14D}

2011-12-19 15:44:12 -------- d-----w- C:\Users\EMOS\AppData\Local\{EE926464-29DB-4A64-8DBB-2CCA336271FC}

2011-12-19 15:43:47 -------- d-----w- C:\Users\EMOS\AppData\Local\{84505926-3444-4D50-9892-25643966BE53}

2011-12-16 16:02:57 -------- d-----w- C:\Users\EMOS\AppData\Local\{DEFE22DA-D82F-4846-87CD-A2028549C368}

2011-12-16 04:02:30 -------- d-----w- C:\Users\EMOS\AppData\Local\{57A9915F-00F8-487E-A495-C5384790A705}

2011-12-15 16:02:03 -------- d-----w- C:\Users\EMOS\AppData\Local\{F99CF791-FD37-410F-B940-7486BAB89624}

2011-12-15 16:01:50 -------- d-----w- C:\Users\EMOS\AppData\Local\{B72A2E13-01FA-43F3-85EF-A3ADA39A27D4}

2011-12-14 15:34:17 -------- d-----w- C:\Users\EMOS\AppData\Local\{6A751CC3-C1F7-46CC-A1F9-2FDD52AED9A1}

2011-12-14 15:34:03 -------- d-----w- C:\Users\EMOS\AppData\Local\{05D3E2B9-1148-4369-BD7F-C94641FB2F57}

2011-12-13 17:53:52 -------- d-----w- C:\Users\EMOS\AppData\Local\{737F89DE-F949-4C09-BB25-889A64EC9CFB}

2011-12-13 17:53:40 -------- d-----w- C:\Users\EMOS\AppData\Local\{6FA6B276-81A4-44B8-A0CD-505545E8D048}

2011-12-13 03:06:55 -------- d-----w- C:\Users\EMOS\AppData\Local\{9C5A922D-6F2E-46BF-87C2-E47C7CF85696}

2011-12-12 22:04:34 -------- d-----w- C:\Program Files (x86)\iWin.com

2011-12-12 21:30:08 -------- d-----w- C:\ProgramData\PogoDGC

2011-12-12 21:29:57 -------- d-----w- C:\Program Files (x86)\Pogo Games

2011-12-12 15:06:28 -------- d-----w- C:\Users\EMOS\AppData\Local\{7E8C95C4-9B2B-432D-B396-53456F53D5BD}

2011-12-12 15:06:16 -------- d-----w- C:\Users\EMOS\AppData\Local\{F8F2E68E-3481-4CE3-BF42-A0AC436665FC}

2011-12-09 15:59:04 -------- d-----w- C:\Users\EMOS\AppData\Local\{0B62EBE4-3B1A-447E-84D3-A6CF2E47E9E7}

2011-12-09 15:58:50 -------- d-----w- C:\Users\EMOS\AppData\Local\{C4A37CC9-0E6D-438B-A16A-694455CE6512}

2011-12-09 03:54:35 -------- d-----w- C:\Users\EMOS\AppData\Local\{D0E5C371-5A96-4A4E-B2DE-4D50001402BC}

2011-12-09 03:54:24 -------- d-----w- C:\Users\EMOS\AppData\Local\{B00F3A7F-C066-4412-8552-43D02B609B87}

2011-12-08 15:53:57 -------- d-----w- C:\Users\EMOS\AppData\Local\{34C9E201-F952-4E4F-B5FB-DA7394F58531}

2011-12-08 15:53:44 -------- d-----w- C:\Users\EMOS\AppData\Local\{00092B8C-94FB-42ED-AD85-BBAFF6844C12}

2011-12-07 15:09:18 -------- d-----w- C:\Users\EMOS\AppData\Local\{FCE08163-2E9E-4907-A948-CA06432C7DDC}

2011-12-07 15:09:06 -------- d-----w- C:\Users\EMOS\AppData\Local\{EBAD7F97-6389-4B22-A47F-8DBD7CA4085F}

2011-12-07 03:50:00 -------- d-----w- C:\Users\EMOS\AppData\Local\{0354C0D5-9D13-4EC0-A73C-D6956F12A57C}

2011-12-07 03:49:46 -------- d-----w- C:\Users\EMOS\AppData\Local\{F3E9539A-401C-4DB2-9CA9-EC2ED3BCC894}

2011-12-06 15:50:30 -------- d-----w- C:\Users\EMOS\AppData\Local\{F3A09910-50B2-4385-B794-9162CC724B49}

2011-12-06 03:49:59 -------- d-----w- C:\Users\EMOS\AppData\Local\{B1764BF7-1B4B-41BD-A0D2-0754E756FC9D}

2011-12-06 03:49:47 -------- d-----w- C:\Users\EMOS\AppData\Local\{277552C3-1702-4894-ACA4-20A5870D04EF}

2011-12-05 15:49:19 -------- d-----w- C:\Users\EMOS\AppData\Local\{885E573D-487D-419D-BFC0-DFD2DD2CC5F8}

2011-12-05 15:49:07 -------- d-----w- C:\Users\EMOS\AppData\Local\{62572E73-6983-4FD5-A126-7BB3D5A67F0D}

2011-12-03 03:13:08 -------- d-----w- C:\Users\EMOS\AppData\Local\{62B0D5D9-882E-4EB4-9074-C6030330DCF6}

2011-12-03 03:12:56 -------- d-----w- C:\Users\EMOS\AppData\Local\{A0E26191-6456-43DA-8101-2E18B3D2B089}

2011-12-02 15:12:27 -------- d-----w- C:\Users\EMOS\AppData\Local\{B2366609-11F8-4FC3-A5CC-715C649917C6}

2011-12-02 15:12:14 -------- d-----w- C:\Users\EMOS\AppData\Local\{30C42AD4-C11F-43E2-8096-927A1CFE2251}

2011-12-02 02:53:33 -------- d-----w- C:\Users\EMOS\AppData\Local\{DF407547-60D0-4FE7-8DD5-3E94F0EA9EE4}

2011-12-02 02:53:22 -------- d-----w- C:\Users\EMOS\AppData\Local\{C9E9DE97-EBDC-4360-BD80-3A6299B60360}

2011-12-01 14:52:55 -------- d-----w- C:\Users\EMOS\AppData\Local\{540FBCE2-D661-472B-BD98-A7FE9B035A9C}

2011-12-01 14:52:43 -------- d-----w- C:\Users\EMOS\AppData\Local\{2B821E7F-4339-42CB-9CF3-203F92E4CB31}

2011-11-30 19:02:54 -------- d-----r- C:\Program Files (x86)\Skype

2011-11-30 18:20:53 -------- d-----w- C:\Users\EMOS\AppData\Local\{4951F887-B84D-4BCB-A3B6-B243CAA683DB}

2011-11-30 18:20:40 -------- d-----w- C:\Users\EMOS\AppData\Local\{B7A115EA-38F4-4673-9C27-50DF7924FD02}

2011-11-30 17:52:11 -------- d-----w- C:\Windows\en

2011-11-30 17:40:39 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2cc4a5281ccaf8706\MeshBetaRemover.exe

.

==================== Find3M ====================

.

2011-10-08 22:50:28 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-07 13:23:46 283728 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2011-09-29 16:24:44 1897328 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-09-29 04:09:30 3141120 ----a-w- C:\Windows\System32\win32k.sys

2011-01-11 03:01:16 3812864 ----a-w- C:\Program Files (x86)\Belkin Connect Wireless USB Adapter.msi

.

============= FINISH: 19:14:04.85 ===============

Attach.txt

Link to post
Share on other sites

  • 1 month later...

Save and close any work documents, close any apps that you started.

Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center

http://www.microsoft...&displaylang=en

It is suggested that you rename mrt.exe to some other name, such as Omega.exe, then run it.

After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.log

The file may be opened and viewed with Notepad or similar text editor.

If and only if your system is Windows 7 x64, Vista x64, Windows XP x64 and Windows 2008/2003 x64 computers.

Get Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64

http://www.microsoft...&displaylang=en

Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.micro...om/?kbid=890830

If no infections were found, you will see in your log

Results Summary:

----------------

No infection found.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy & Paste the contents of last scan log into reply.

If we do not hear back from you in 3 days, this thread will be closed.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.