Trojan.Dropper.bcminer help

jnjlilly · July 14, 2012

I have been having problems with redirects for about 2wks now. I ran Malware for the last couple days every day and I keep getting the same file deleted but it comes right back. I would appreciate any help that I can get to fix this problem.

Here are the logs per the pinned post:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33

Run by Lilly at 14:16:37 on 2012-07-14

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.3628 [GMT -7:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Charter\DigiDo\AffinegyService.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Windows\system32\taskeng.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\Lilly\AppData\Local\Akamai\netsession_win.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files (x86)\Charter\DigiDo\TrayApp.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Charter\DigiDo\DigiDo.exe

C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\igfxsrvc.exe

C:\Users\Lilly\AppData\Local\Akamai\netsession_win.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE

C:\Windows\splwow64.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://section47.proboards.com/index.cgi

uWindow Title = Internet Explorer, optimized for Bing and MSN

mStart Page = hxxp://www.yahoo.com/?ilc=8

mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll

mURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"

uRun: [Akamai NetSession Interface] "C:\Users\Lilly\AppData\Local\Akamai\netsession_win.exe"

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet

uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [Turbine Download Manager Tray Icon] "C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [DigiDo] "C:\Program Files (x86)\Charter\DigiDo\TrayApp.exe" startup

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun: [MFARestart] "C:\ProgramData\MFAData\pack\avgrunasx.exe" /usereg

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

mRun: [AgentMonitor] "C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe"

mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

LSP: mswsock.dll

Trusted Zone: juno.com

Trusted Zone: netzero.com

Trusted Zone: netzero.net

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/World%20Mosaics%204/Images/armhelper.ocx

TCP: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115

TCP: Interfaces\{82A4CFEA-4151-4588-A37A-5403FF50E6F4} : DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115

Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

mRun-x64: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [updateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

mRun-x64: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup

mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun-x64: [Turbine Download Manager Tray Icon] "C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [DigiDo] "C:\Program Files (x86)\Charter\DigiDo\TrayApp.exe" startup

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun-x64: [MFARestart] "C:\ProgramData\MFAData\pack\avgrunasx.exe" /usereg

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

mRun-x64: [AgentMonitor] "C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe"

mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath -

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [2012-3-2 1157240]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120316.005\IDSviA64.sys [2012-3-16 488568]

R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;C:\Windows\system32\DRIVERS\rtlprot.sys --> C:\Windows\system32\DRIVERS\rtlprot.sys [?]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [?]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1307010.005\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1307010.005\SYMTDIV.SYS [?]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [2012-5-17 138232]

R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-18 138360]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 135664]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-10-1 1153368]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 135664]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 113120]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v3.sys --> C:\Windows\system32\DRIVERS\wg111v3.sys [?]

S3 SQTECH9052;Disney Micro;C:\Windows\system32\Drivers\Capt9052.sys --> C:\Windows\system32\Drivers\Capt9052.sys [?]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-07-12 21:59:20 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-07-12 01:21:09 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2012-07-08 18:51:27 -------- d-----w- C:\Users\Lilly\AppData\Local\{12143CF9-FEBD-40B8-8C0B-73FB8129F705}

2012-07-08 18:51:05 -------- d-----w- C:\Users\Lilly\AppData\Local\{3CFDD944-1050-4DD8-A21E-959E912E8BE3}

2012-07-08 02:37:17 -------- d-----w- C:\Users\Lilly\AppData\Local\{584E46F3-08B9-4084-9B6D-5B19B72953FA}

2012-07-08 02:36:56 -------- d-----w- C:\Users\Lilly\AppData\Local\{C4050DA2-DB99-4C87-B5F2-4682D5A5E8BE}

2012-07-06 10:21:30 -------- d-----w- C:\Users\Lilly\AppData\Local\{E967F0DC-3806-413A-93EE-A21574D31216}

2012-07-05 09:07:51 -------- d-----w- C:\Users\Lilly\AppData\Local\{50F4FA26-2CD5-421B-BD34-F9705314800A}

2012-07-05 09:07:36 -------- d-----w- C:\Users\Lilly\AppData\Local\{23ED6FB9-82BF-4BAC-B2E5-30E806278186}

2012-07-04 10:57:26 -------- d-----w- C:\Users\Lilly\AppData\Roaming\WildTangent

2012-07-04 10:57:26 -------- d-----w- C:\Program Files (x86)\WildTangent Games

2012-07-03 09:02:20 -------- d-----w- C:\Users\Lilly\AppData\Local\{86BAE10C-76F7-4A93-AA42-5D739DDF2A50}

2012-07-03 09:01:59 -------- d-----w- C:\Users\Lilly\AppData\Local\{11C9F34D-31BD-4C02-8988-5CB4934DA205}

2012-07-01 18:23:17 -------- d-----w- C:\Users\Lilly\AppData\Local\{392A5C2B-7D27-4EF2-AD93-333292EEB6F8}

2012-07-01 18:22:55 -------- d-----w- C:\Users\Lilly\AppData\Local\{ED4F0EA0-A0D4-4354-9AEE-1D6AD5DFA2D1}

2012-06-30 22:14:34 -------- d-----w- C:\Users\Lilly\AppData\Local\{D8615332-63FE-46C0-90FA-DBA71F50D0F5}

2012-06-30 22:14:13 -------- d-----w- C:\Users\Lilly\AppData\Local\{9D593FE9-D779-4E36-9398-49B620DE74DE}

2012-06-29 09:22:22 -------- d-----w- C:\Users\Lilly\AppData\Local\{6478F39C-EC38-4889-8A7C-BA372D1AC7DC}

2012-06-29 00:11:05 -------- d-----w- C:\Program Files (x86)\KitchenBrigade_at

2012-06-29 00:06:59 -------- d-----w- C:\Program Files (x86)\Cooking Academy 3 - Recipe for Success

2012-06-29 00:05:50 -------- d-----w- C:\Program Files (x86)\Cooking Academy 2 - World Cuisine

2012-06-28 08:21:11 -------- d-----w- C:\Users\Lilly\AppData\Local\{D3DAC440-E980-4A97-B57B-D394325889A9}

2012-06-28 08:20:50 -------- d-----w- C:\Users\Lilly\AppData\Local\{8266F0C1-C4D5-46E7-BE2D-E6C5FDAE724B}

2012-06-28 06:54:30 -------- d-----w- C:\ProgramData\cerasus.media GmbH

2012-06-28 06:54:29 -------- d-----w- C:\Users\Lilly\AppData\Roaming\cerasus.media GmbH

2012-06-28 06:50:56 -------- d-----w- C:\Program Files (x86)\Mahjong Mysteries - Ancient Athena

2012-06-27 07:33:10 -------- d-----w- C:\Users\Lilly\AppData\Local\{26309225-DCA7-4CED-86D1-54C9488A7253}

2012-06-27 07:32:49 -------- d-----w- C:\Users\Lilly\AppData\Local\{7A8EAF8E-ACE8-4745-8BAF-4E79E76B9202}

2012-06-27 06:53:30 -------- d-----w- C:\Users\Lilly\AppData\Local\Macromedia

2012-06-27 00:04:21 -------- d-----w- C:\Users\Lilly\AppData\Roaming\TheMissingMonaLisa

2012-06-26 23:51:50 -------- d-----w- C:\Users\Lilly\AppData\Roaming\Hidden Anthologies Pride and Prejudice

2012-06-26 23:34:10 -------- d-----w- C:\Users\Lilly\AppData\Roaming\CoronationStreetPC

2012-06-26 19:13:55 -------- d-----w- C:\Users\Lilly\AppData\Local\{517A1C80-50B7-4A36-8C99-17A382818B60}

2012-06-26 19:13:34 -------- d-----w- C:\Users\Lilly\AppData\Local\{D71D7CFE-7ACF-4359-8636-055BD4DB595C}

2012-06-26 09:03:58 -------- d-----w- C:\Users\Lilly\AppData\Local\{FC9DB7C9-FD66-4638-952B-A7D890979128}

2012-06-26 07:42:15 -------- d-----w- C:\Users\Lilly\AppData\Local\{0B03227F-2D73-408C-A963-19EFBF775561}

2012-06-25 18:08:11 -------- d-----w- C:\Users\Lilly\AppData\Local\{F392886D-CA77-457E-8DDC-6F25AE22753E}

2012-06-25 18:07:49 -------- d-----w- C:\Users\Lilly\AppData\Local\{B329BD72-A3C7-47C2-A880-9FDC2BF0D26B}

2012-06-25 00:55:12 -------- d-----w- C:\Users\Lilly\AppData\Local\{D4F95F40-B7C0-4064-8599-D04C4A968939}

2012-06-25 00:54:51 -------- d-----w- C:\Users\Lilly\AppData\Local\{B662C7A0-C58A-407A-9E82-5765191BCEF9}

2012-06-23 11:08:35 -------- d-----w- C:\Users\Lilly\AppData\Local\{80D6C907-7A93-4142-9DB7-C99C30EC83F3}

2012-06-23 11:08:25 -------- d-----w- C:\Users\Lilly\AppData\Local\{7081673A-F230-4A51-B9D7-C74422196800}

2012-06-23 11:08:09 -------- d-----w- C:\Users\Lilly\AppData\Local\{3B05E7FF-588F-4832-9A42-73CD8BA95E4F}

2012-06-23 08:44:36 -------- d-----w- C:\Users\Lilly\AppData\Local\{D0B7A272-7777-4B08-89B8-BE307FAE1651}

2012-06-23 07:39:53 -------- d-----w- C:\Users\Lilly\AppData\Roaming\8floor

2012-06-23 07:39:53 -------- d-----w- C:\ProgramData\8floor

2012-06-23 02:32:23 -------- d-----w- C:\Users\Lilly\AppData\Roaming\HipSoft

2012-06-22 23:58:02 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-22 23:57:53 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll

2012-06-22 09:04:38 -------- d-----w- C:\Users\Lilly\AppData\Local\{1B2B9697-C58C-4044-B363-A70527460FC2}

2012-06-22 09:04:29 -------- d-----w- C:\Users\Lilly\AppData\Local\{07BD2909-711D-4709-AC52-0C7635BC006A}

2012-06-22 09:03:58 -------- d-----w- C:\Users\Lilly\AppData\Local\{5435D932-15CE-430D-8AF1-E752A7282DB8}

2012-06-22 06:52:30 -------- d-----w- C:\Users\Lilly\AppData\Roaming\SulusGames

2012-06-22 06:51:54 -------- d-----w- C:\Program Files (x86)\Wordary

2012-06-22 06:50:15 -------- d-----w- C:\Program Files (x86)\Paris Mahjong

2012-06-21 02:31:30 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 02:31:22 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-21 02:31:22 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe

2012-06-21 02:31:22 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-21 02:31:22 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2012-06-19 19:16:41 -------- d-----w- C:\Users\Lilly\AppData\Local\{A84EFD82-7977-479A-BC38-E8F394B9F672}

2012-06-19 19:16:19 -------- d-----w- C:\Users\Lilly\AppData\Local\{B518B8E7-E479-4895-A7B0-715E9E4ED61D}

2012-06-19 09:02:35 -------- d-----w- C:\Users\Lilly\AppData\Local\{FD2FBB42-92E2-42E0-B7E8-526815E1F380}

2012-06-18 22:24:37 -------- d-----w- C:\Users\Lilly\AppData\Local\AVG Secure Search

2012-06-18 18:59:38 -------- d-----w- C:\Users\Lilly\AppData\Local\{99AC468F-2557-453E-B31E-B366623516BE}

.

==================== Find3M ====================

.

2012-07-12 21:58:53 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-07-12 01:21:11 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 01:21:11 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-16 06:47:26 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-05-16 06:47:26 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-05-16 06:47:26 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-05-16 06:47:26 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

.

============= FINISH: 14:17:31.00 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft® Windows Vista™ Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 6/4/2009 2:15:13 PM

System Uptime: 7/14/2012 9:48:24 AM (5 hours ago)

.

Motherboard: PEGATRON CORPORATION | | Benicia

Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 2600/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 582 GiB total, 415.068 GiB free.

D: is FIXED (NTFS) - 14 GiB total, 1.385 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP721: 3/23/2012 12:46:56 PM - Scheduled Checkpoint

RP722: 3/29/2012 12:07:04 AM - Scheduled Checkpoint

RP723: 4/22/2012 6:57:28 PM - Scheduled Checkpoint

RP724: 4/25/2012 1:10:09 PM - Scheduled Checkpoint

RP725: 4/30/2012 2:42:32 PM - Installed Java 6 Update 31

RP726: 5/1/2012 2:37:59 PM - Scheduled Checkpoint

RP727: 5/19/2012 6:39:09 PM - Scheduled Checkpoint

RP728: 5/25/2012 8:42:17 AM - Windows Live Essentials

RP729: 5/27/2012 2:02:55 AM - Scheduled Checkpoint

RP730: 5/28/2012 11:41:58 AM - Removed LeapFrog Leapster2 Plugin

RP731: 6/20/2012 7:30:45 PM - Windows Update

RP732: 6/22/2012 4:57:24 PM - Windows Update

RP733: 6/28/2012 5:53:11 PM - Scheduled Checkpoint

RP734: 6/29/2012 11:41:47 PM - Scheduled Checkpoint

RP735: 7/1/2012 12:36:35 AM - Scheduled Checkpoint

RP736: 7/4/2012 11:16:48 PM - Removed GLUCOFACTS® Deluxe.

RP737: 7/4/2012 11:18:07 PM - Removed GLUCOFACTS® Deluxe.

RP738: 7/4/2012 11:20:35 PM - Removed LeapFrog Leapster Explorer Plugin

RP739: 7/12/2012 2:57:19 PM - Installed Java 6 Update 33

RP740: 7/14/2012 9:01:41 AM - Restore Operation

RP741: 7/14/2012 9:35:44 AM - Restore Operation

.

==== Installed Programs ======================

.

2 Tasty

3D Mahjong Deluxe

3DVIA player 5.0

7-zip v9.20

Acrobat.com

Activation Assistant for the 2007 Microsoft Office suites

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.1

Adobe Shockwave Player 11.6

Akamai NetSession Interface

Amazon Kindle

Amazon MP3 Downloader 1.0.15

Apple Application Support

Apple Software Update

AVG PC Tuneup

Azada: Ancient Magic

Big City Adventure: London Classic

Big Fish Games: Game Manager

Bubble Bonanza

BufferChm

Compatibility Pack for the 2007 Office system

Compton’s 3D World Atlas Deluxe

Cooking Academy 2: World Cuisine

Cooking Academy 3: Recipe for Success

Copy

Coupon Printer for Windows

CustomerResearchQFolder

CyberLink DVD Suite Deluxe

D3DX10

DB CIF Cam

Default Manager

Destination Component

DeviceDiscovery

DeviceManagementQFolder

DigiDo

DirectX for Managed Code Update (Summer 2004)

DivX Plus Web Player

DJ_AIO_03_F4200_ProductContext

DJ_AIO_03_F4200_Software

DJ_AIO_03_F4200_Software_Min

Drugstore Mania

Dungeons & Dragons Online - Eberron Unlimited™

Escape the Lost Kingdom

eSupportQFolder

ffdshow [rev 2527] [2008-12-19]

GLUCOFACTS® Deluxe

Google Earth Plug-in

Google Update Helper

GPBaseService

GPBaseService2

Haali Media Splitter

Hidden World

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Active Support Library

HP Advisor

HP Customer Experience Enhancements

HP Games

HP MediaSmart Demo

HP MediaSmart DVD

HP MediaSmart Music/Photo/Video

HP Odometer

HP Picasso Media Center Add-In

HP Recovery Manager RSS

HP Support Information

HP Total Care Setup

HP Update

HPAsset component for HP Active Support Library

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

Java Auto Updater

Java 6 Update 33

Jeopardy! 2nd Edition

Junk Mail filter update

LabelPrint

LeapFrog Connect

Learning Lodge Navigator

LightScribe System Software

Luxor (remove only)

Luxor Amun Rising (remove only)

Mahjong Mysteries: Ancient Athena

Mahjongg Dimensions

Mahjongg Dimensions Deluxe

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Live Search Toolbar

Microsoft Office 97, Professional Edition

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Visual Studio 2005 Tools for Office Runtime

Microsoft Windows Media Video 9 VCM

Microsoft Works

Microsoft XNA Framework Redistributable 3.1

Mind's Eye: Secrets of the Forgotten

Move Media Player

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSVCSetup

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Mystery Case Files: Ravenhearst ®

Natalie Brooks: The Treasures of the Lost Kingdom

Norton Internet Security

OpenAL

Opera 11.60

OverDrive Media Console

Pando Media Booster

Paris Mahjong

PictureMover

Power2Go

PowerDirector

Princess Isabella: A Witch's Curse

PSSWCORE

Puzzler World

Puzzler World 2

Python 2.6 pywin32-212

Python 2.6.1

QuickBooks Simple Start 2009

QuickTime

Rand McNally Road Atlas

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Scan

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Segoe UI

SmartWebPrinting

SolutionCenter

sp44626

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

Star Trek Online

Status

Super Smasher

SupportSoft Assisted Service

The Weather Channel App

Toolbox

TrayApp

Tux Paint 0.9.21c

Tux Paint Stamps 2009-06-28

UnloadSupport

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update Installer for WildTangent Games App

VC80CRTRedist - 8.0.50727.4053

VideoToolkit01

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2005 Tools for Office Second Edition Runtime

Visual Studio 2008 x64 Redistributables

Vivitar Experience Image Manager

VTech Download Agent Library

W2 Mate (2009) 6.0.35

WebReg

Wedding Dash

Wedding Salon

WildTangent Games

WildTangent Games App

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

Wordary

Yahoo! BrowserPlus 2.8.1

Yahoo! Detect

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

7/14/2012 9:51:15 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt

7/14/2012 9:51:15 AM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.

7/14/2012 9:50:25 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

7/14/2012 9:50:25 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

7/14/2012 9:50:25 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

7/14/2012 9:50:25 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

7/14/2012 9:22:49 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

7/13/2012 7:42:38 PM, Error: Schannel [36874] - An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

7/10/2012 11:26:23 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Akamai service.

.

==== End Of File ===========================

Thank you for any help.

MrCharlie · July 14, 2012

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

jnjlilly · July 14, 2012

Time : 14/07/2012 14:48:10

--------------------------

ERROR [DesktopWeather.exe.vir] -> C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe

ERROR [avgrunasx.exe.vir] -> C:\ProgramData\MFAData\pack\avgrunasx.exe

ERROR [rundll32.exe.vir] -> rundll32.exe

[cleanup.dll.vir] -> C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll

MrCharlie · July 14, 2012

That scan didn't come out right, but........

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.
BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063
I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.
Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

MrC

jnjlilly · July 14, 2012

Sorry posted wrong report

RogueKiller V7.6.3 [07/08/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User: Lilly [Admin rights]

Mode: Scan -- Date: 07/14/2012 14:48:10

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND

[sUSP PATH] HKUS\S-1-5-21-879845084-2810241958-3290194357-1000[...]\Run : DW6 ("C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe") -> FOUND

[sUSP PATH] HKLM\[...]\Wow6432Node\Run : MFARestart ("C:\ProgramData\MFAData\pack\avgrunasx.exe" /usereg) -> FOUND

[bLACKLIST DLL] HKLM\[...]\Wow6432Node\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript) -> FOUND

[ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Lilly\AppData\Local\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\n.) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\lilly\appdata\local\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\lilly\appdata\local\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\lilly\appdata\local\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 www.1001namen.com

127.0.0.1 1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD642JJ +++++

--- User ---

[MBR] 5e7d37f348060595b0245f3204cc1081

[bSP] cbe1a3892920c024e3e7b9efc684338e : HP tatooed MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 596475 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1221582600 | Size: 14001 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

MrCharlie · July 14, 2012

OK, follow the instructions in this post:

http://forums.malwarebytes.org/index.php?showtopic=112504&view=findpost&p=570833

MrC

jnjlilly · July 14, 2012

2 more questions, how do I know if I have 32 or 64 bit. Also how big of a flash drive do I need?

MrCharlie · July 15, 2012

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

How to tell > 32 or 64 bit

Any flash drive will do. MrC

MrCharlie · July 16, 2012

How are we doing??

Do you still need help or can I close this post??

MrC

jnjlilly · July 16, 2012

I do not own a flash drive so I will have to wait until 7/20 when I can pick one up to try to fix. Thank you for all your help.

MrCharlie · July 16, 2012

We can try to use a different program if you want, MrC

jnjlilly · July 16, 2012

Do you have any suggestions?

MrCharlie · July 16, 2012

Lets try it this way......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

jnjlilly · July 16, 2012

I think I will have to wait for the flashdrive. I have attempted to run Combofix several times. I get an error that it can't open iexplore. It copies all the files but the blue window flashes and then closes. If it is running correctly I can't find the report on my desktop.

MrCharlie · July 16, 2012

If you want...try it like this:

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (make sure ComboFix is on your desktop)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

jnjlilly · July 17, 2012

Finally got it to work. Here is the log

ComboFix 12-07-16.01 - Lilly 07/16/2012 22:31:24.1.2 - x64 MINIMAL

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.3487 [GMT -7:00]

Running from: c:\users\Lilly\Desktop\combofix.exe

Command switches used :: /nombr

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

.

-- Previous Run --

.

c:\windows\system32\Services.exe . . . is infected!!

.

--------

.

c:\windows\system32\Services.exe . . . is infected!!

.

((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))

.

2012-07-17 06:13 . 2012-07-17 06:13 -------- d-----w- c:\users\Lilly\AppData\Local\temp

2012-07-17 06:13 . 2012-07-17 06:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-12 21:59 . 2012-07-12 21:58 476976 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-07-12 01:21 . 2012-07-12 01:21 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-07-04 10:57 . 2012-07-04 11:02 -------- d-----w- c:\users\Lilly\AppData\Roaming\WildTangent

2012-07-04 10:57 . 2012-07-04 10:58 -------- d-----w- c:\program files (x86)\WildTangent Games

2012-06-29 00:11 . 2012-06-30 03:30 -------- d-----w- c:\program files (x86)\KitchenBrigade_at

2012-06-29 00:06 . 2012-06-29 00:07 -------- d-----w- c:\program files (x86)\Cooking Academy 3 - Recipe for Success

2012-06-29 00:05 . 2012-06-29 00:06 -------- d-----w- c:\program files (x86)\Cooking Academy 2 - World Cuisine

2012-06-28 06:54 . 2012-06-28 06:54 -------- d-----w- c:\programdata\cerasus.media GmbH

2012-06-28 06:54 . 2012-06-28 06:54 -------- d-----w- c:\users\Lilly\AppData\Roaming\cerasus.media GmbH

2012-06-28 06:50 . 2012-06-28 06:51 -------- d-----w- c:\program files (x86)\Mahjong Mysteries - Ancient Athena

2012-06-27 06:53 . 2012-06-27 06:53 -------- d-----w- c:\users\Lilly\AppData\Local\Macromedia

2012-06-27 06:44 . 2012-06-27 06:44 -------- d-----w- c:\windows\system32\Macromed

2012-06-27 00:04 . 2012-06-27 00:04 -------- d-----w- c:\users\Lilly\AppData\Roaming\TheMissingMonaLisa

2012-06-26 23:51 . 2012-06-27 00:03 -------- d-----w- c:\users\Lilly\AppData\Roaming\Hidden Anthologies Pride and Prejudice

2012-06-26 23:34 . 2012-06-26 23:34 -------- d-----w- c:\users\Lilly\AppData\Roaming\CoronationStreetPC

2012-06-23 07:39 . 2012-06-23 07:39 -------- d-----w- c:\users\Lilly\AppData\Roaming\8floor

2012-06-23 07:39 . 2012-06-23 07:39 -------- d-----w- c:\programdata\8floor

2012-06-23 02:32 . 2012-06-23 02:32 -------- d-----w- c:\users\Lilly\AppData\Roaming\HipSoft

2012-06-22 23:58 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 23:58 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 23:58 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 23:58 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 23:57 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll

2012-06-22 06:52 . 2012-06-22 06:52 -------- d-----w- c:\users\Lilly\AppData\Roaming\SulusGames

2012-06-22 06:51 . 2012-06-22 06:52 -------- d-----w- c:\program files (x86)\Wordary

2012-06-22 06:50 . 2012-06-22 06:50 -------- d-----w- c:\program files (x86)\Paris Mahjong

2012-06-21 02:31 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 02:31 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll

2012-06-21 02:31 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 02:31 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll

2012-06-21 02:31 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 02:31 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 02:31 . 2012-06-02 22:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll

2012-06-21 02:31 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-21 02:31 . 2012-06-02 22:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe

2012-06-18 22:24 . 2012-06-18 22:24 -------- d-----w- c:\users\Lilly\AppData\Local\AVG Secure Search

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 21:58 . 2010-05-23 02:44 472880 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-07-12 01:21 . 2012-04-22 22:55 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-12 01:21 . 2011-08-12 23:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-25 15:43 . 2012-05-25 15:43 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-05-16 06:47 . 2012-05-16 06:47 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2012-05-16 06:47 . 2012-05-16 06:47 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-05-16 06:47 . 2012-05-16 06:47 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2012-05-16 06:47 . 2012-05-16 06:47 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2009-04-11 . 934E0B7D77FF78C18D9F8891221B6DE3 . 384512 . . [6.0.6002.18005] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe

[7] 2008-01-21 . DFAC660F0F139276CC9299812DE42719 . 384512 . . [6.0.6001.18000] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

[-] 2009-04-11 . BC81150939BD52DBC7A08C245F1FB229 . 384512 . . [6.0.6000.16386] .. c:\windows\system32\services.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-09 13:02 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Akamai NetSession Interface"="c:\users\Lilly\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-01-04 6497592]

"DW7"="c:\program files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" [2012-05-20 10555904]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]

"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]

"DigiDo"="c:\program files (x86)\Charter\DigiDo\TrayApp.exe" [2010-11-13 1131368]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]

"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-11-08 273528]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-09 1107552]

"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]

"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2011-12-13 357800]

"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ECACHE

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 16:29]

.

2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-24 16:29]

.

2010-06-10 c:\windows\Tasks\HPCeeScheduleForLilly.job

- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-04-28 01:17]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 154648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 227352]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 202264]

"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uStart Page = hxxp://section47.proboards.com/index.cgi

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://www.yahoo.com/?ilc=8

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

Trusted Zone: juno.com

Trusted Zone: netzero.com

Trusted Zone: netzero.net

TCP: DhcpNameServer = 24.205.192.61 24.205.224.36 68.116.46.115

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe

Wow6432Node-HKLM-Run-Turbine Download Manager Tray Icon - c:\program files (x86)\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe

Wow6432Node-HKLM-Run-MFARestart - c:\programdata\MFAData\pack\avgrunasx.exe

HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]

"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]

@Denied: (A) (Everyone)

"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]

"Key"="ActionsPane"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-07-16 23:15:47

ComboFix-quarantined-files.txt 2012-07-17 06:15

.

Pre-Run: 451,040,641,024 bytes free

Post-Run: 450,873,675,776 bytes free

.

- - End Of File - - CB1CDF631AD4115CD93700F250EA7608

MrCharlie · July 17, 2012

Great

Here's the big problem...services.exe is infected and needs to be replaced:

c:\windows\system32\Services.exe . . . is infected!!

Please do this........

Please download SystemLook from the link below and save it to your Desktop.

http://jpshortstuff....temLook_x64.exe

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
```
:Filefind
Services.exe
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

jnjlilly · July 17, 2012

Here are the SystemLook results

SystemLook 30.07.11 by jpshortstuff

Log created at 07:47 on 17/07/2012 by Lilly

Administrator - Elevation successful

========== Filefind ==========

Searching for "Services.exe"

C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --a---- 384512 bytes [12:32 03/12/2009] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\System32\services.exe --a---- 384512 bytes [12:32 03/12/2009] [07:10 11/04/2009] BC81150939BD52DBC7A08C245F1FB229

C:\Windows\SysWOW64\services.exe --a---- 279552 bytes [12:32 03/12/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe --a---- 384512 bytes [02:49 21/01/2008] [02:49 21/01/2008] DFAC660F0F139276CC9299812DE42719

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe --a---- 384512 bytes [12:32 03/12/2009] [07:10 11/04/2009] 934E0B7D77FF78C18D9F8891221B6DE3

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe --a---- 279040 bytes [02:50 21/01/2008] [02:50 21/01/2008] 2B336AB6286D6C81FA02CBAB914E3C6C

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe --a---- 279552 bytes [12:32 03/12/2009] [06:27 11/04/2009] D4E6D91C1349B7BFB3599A6ADA56851B

-= EOF =-

MrCharlie · July 17, 2012

Please make sure system restore is running and create a new restore point before running ComboFix!!!

------------------

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

File::
c:\windows\installer\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\@
c:\users\lilly\appdata\local\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\@
Folder::
c:\users\lilly\appdata\local\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\U
c:\users\lilly\appdata\local\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\L
c:\windows\installer\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\U
c:\windows\installer\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\L
FCopy::
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe | C:\Windows\System32\services.exe
ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

jnjlilly · July 17, 2012

Here is the ComboFix report

ComboFix 12-07-16.01 - Lilly 07/17/2012 10:05:27.2.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4262 [GMT -7:00]

Running from: c:\users\Lilly\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Previous Run -------

.

c:\users\lilly\appdata\local\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\@

c:\users\lilly\appdata\local\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\L

c:\users\lilly\appdata\local\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\U

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\installer\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\L

c:\windows\installer\{b35c8d88-2ec7-86e4-5d48-d663c0450ac4}\U

.

((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 )))))))))))))))))))))))))))))))

.

2012-07-17 17:14 . 2012-07-17 17:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-17 06:15 . 2012-07-17 17:14 -------- d-----w- c:\users\Lilly\AppData\Local\temp