Jump to content

The specified service does not exist as an installed service


Recommended Posts

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Safe mode with network support

User: Lauren [Admin rights]

Mode: Scan -- Date: 08/03/2012 23:24:46

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{7d8c2957-6119-1690-cdfd-9126525147da}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{7d8c2957-6119-1690-cdfd-9126525147da}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{7d8c2957-6119-1690-cdfd-9126525147da}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\lauren\appdata\local\{7d8c2957-6119-1690-cdfd-9126525147da}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\lauren\appdata\local\{7d8c2957-6119-1690-cdfd-9126525147da}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\lauren\appdata\local\{7d8c2957-6119-1690-cdfd-9126525147da}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++

--- User ---

[MBR] 246b97c665e0e096524a5fd4a540dc10

[bSP] ac7c2af4d1b12a19b3429f6d27bf6d91 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 7813 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16003072 | Size: 230660 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:


    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

services.exe

[*]Now press the Search button

[*]When the search is complete, search.txt will also be written to your USB

[*]Type exit and reboot the computer normally

[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

FRST

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 25-07-2012 01

Ran by SYSTEM at 04-08-2012 00:30:40

Running from E:\

Windows 7 Starter (X86) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [igfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE [x]

HKLM\...\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE [x]

HKLM\...\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE [x]

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [7703072 2009-08-05] (Realtek Semiconductor)

HKLM\...\Run: [fspuip] "C:\Program Files\FSP\fspuip.exe" [3342336 2009-09-23] (Sentelic Corporation)

HKLM\...\Run: [VX1000] DOWS\VVX1000.EXE [x]

HKLM\...\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)

HKLM\...\Run: [NACAgentUI] TUI.EXE [x]

HKLM\...\Run: [Conime] %windir%\system32\conime.exe [x]

HKLM\...\Run: [sunJavaUpdateSched] FILES\JAVA\JAVA UPDATE\JUSCHED.EXE" [x]

HKLM\...\Run: [Freecorder FLV Service] "C:\Program Files\Freecorder\FLVSrvc.exe" /run [167936 2011-03-23] (Applian Technologies, Inc.)

HKLM\...\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot [296056 2012-04-23] (RealNetworks, Inc.)

HKLM\...\Run: [MSC] KEY [x]

HKLM\...\Run: [McAfeeUpdaterUI] KEY [x]

HKLM\...\Run: [shStatEXE] E [x]

HKLM\...\Run: [Adobe ARM] FILES\ADOBE\ARM\1.0\ADOBEARM.EXE" [x]

HKLM\...\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" [2587008 2012-04-04] (AVG Technologies CZ, s.r.o.)

HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1147488 2012-07-22] ()

HKU\Lauren\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-09] (Microsoft Corporation)

HKU\Lauren\...\Run: [AdobeBridge] [x]

HKU\Lauren\...\Run: [Facebook Update] "C:\Users\Lauren\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-17] (Facebook Inc.)

HKU\Lauren\...\Run: [Media Finder] "C:\Program Files\Media Finder\Media Finder.exe" /opentotray [x]

HKU\Lauren\...\Winlogon: [shell] explorer.exe [x]

HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462920 2012-07-03] (Malwarebytes Corporation)

HKLM\...\RunOnce: [1] C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p [217672 2012-07-03] ()

HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1085000 2012-07-03] (Malwarebytes Corporation)

HKLM\...\Winlogon: [userinit] userinit.exe, [x]

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

================================ Services (Whitelisted) ==================

2 avgfws; "C:\Program Files\AVG\AVG2012\avgfws.exe" [2321560 2012-06-12] (AVG Technologies CZ, s.r.o.)

2 AVGIDSAgent; "C:\Program Files\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)

2 avgwd; "C:\Program Files\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)

2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)

2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [394672 2011-12-19] (Eastman Kodak Company)

2 McAfeeEngineService; "C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe" [22816 2011-09-01] (McAfee, Inc.)

2 McAfeeFramework; "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart [103744 2009-08-25] (McAfee, Inc.)

2 McShield; "C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe" [147984 2011-09-01] (McAfee, Inc.)

2 McTaskManager; "C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe" [66880 2011-09-01] (McAfee, Inc.)

2 MDM; "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" [322120 2003-06-19] (Microsoft Corporation)

2 mfevtp; "C:\windows\system32\mfevtps.exe" [148520 2011-09-01] (McAfee, Inc.)

2 NACAgent; "C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe" [827616 2011-01-26] (Cisco Systems, Inc.)

3 RasMan; C:\Windows\System32\svchost.exe -k netsvcs [20992 2009-07-13] (Microsoft Corporation)

2 vToolbarUpdater12.1.3; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [830048 2012-07-22] ()

3 WajamUpdater; "C:\Program Files\Wajam\Updater\WajamUpdater.exe" [109064 2012-04-24] (Wajam)

3 WebClient; C:\Windows\System32\svchost.exe -k LocalService [20992 2009-07-13] (Microsoft Corporation)

3 WPDBusEnum; C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)

3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]

========================== Drivers (Whitelisted) =============

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47968 2011-05-22] (AVG Technologies CZ, s.r.o.)

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )

3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )

0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [24896 2012-04-18] (AVG Technologies CZ, s.r.o. )

3 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )

1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [235216 2012-02-21] (AVG Technologies CZ, s.r.o.)

1 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)

0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [31952 2012-01-30] (AVG Technologies CZ, s.r.o.)

1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [301248 2012-03-18] (AVG Technologies CZ, s.r.o.)

1 avgtp; \??\C:\windows\system32\drivers\avgtpx86.sys [27496 2012-07-22] (AVG Technologies)

3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [225280 2011-07-19] (Intel Corporation)

3 fspad_wlh32; C:\Windows\System32\DRIVERS\fspad_wlh32.sys [41984 2009-09-22] (Sentelic Corporation)

3 iBtFltCoex; C:\Windows\System32\DRIVERS\iBtFltCoex.sys [47104 2011-07-19] (Intel Corporation)

3 mbamchameleon; \??\C:\windows\system32\drivers\mbamchameleon.sys [31560 2012-08-03] ()

3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [119808 2011-09-01] (McAfee, Inc.)

3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [180072 2011-09-01] (McAfee, Inc.)

3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59288 2011-09-01] (McAfee, Inc.)

0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [461864 2011-09-01] (McAfee, Inc.)

3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87808 2011-09-01] (McAfee, Inc.)

4 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [65960 2011-09-01] (McAfee, Inc.)

0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [164776 2011-09-01] (McAfee, Inc.)

0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)

3 TrueSight; \??\c:\windows\system32\drivers\TrueSight.sys [14080 2012-08-03] ()

3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-04 00:20 - 2012-08-04 00:20 - 00000000 ____D C:\FRST

2012-08-03 14:24 - 2012-08-03 14:24 - 00001825 ____A C:\Users\Lauren\Desktop\RKreport[1].txt

2012-08-03 14:23 - 2012-08-03 14:24 - 00000000 ____D C:\Users\Lauren\Desktop\RK_Quarantine

2012-08-03 14:23 - 2012-08-03 14:23 - 00014080 ____A C:\Windows\System32\Drivers\TrueSight.sys

2012-08-03 14:23 - 2012-08-03 14:22 - 01552896 ____A C:\Users\Lauren\Desktop\RogueKiller.exe

2012-08-03 13:55 - 2012-08-03 13:55 - 00011302 ____A C:\Users\Lauren\Desktop\Attach.txt

2012-08-03 13:54 - 2012-08-03 13:54 - 00019783 ____A C:\Users\Lauren\Desktop\DDS.txt

2012-08-03 13:32 - 2012-08-03 13:32 - 00000000 ____D C:\Users\Lauren\AppData\Roaming\Malwarebytes

2012-08-03 13:29 - 2012-08-03 13:29 - 00000000 ____D C:\Users\Lauren\AppData\Local\{EE904F78-3F31-4A7A-9356-58D6B16A1905}

2012-08-03 13:20 - 2012-08-03 13:20 - 00031560 ____A C:\Windows\System32\Drivers\mbamchameleon.sys

2012-08-03 13:19 - 2012-08-03 13:19 - 00001079 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-03 13:19 - 2012-08-03 13:19 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-08-03 13:19 - 2012-07-03 04:46 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-03 13:10 - 2012-08-03 13:20 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2012-08-03 13:08 - 2012-08-03 12:54 - 00607260 ____R (Swearware) C:\Users\Lauren\Desktop\dds.scr

2012-08-03 12:55 - 2012-08-03 13:07 - 00002286 ____A C:\Users\Lauren\Desktop\unhide.txt

2012-08-03 12:55 - 2012-08-03 12:53 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\Lauren\Desktop\unhide.exe

2012-08-03 12:52 - 2012-08-03 12:52 - 00000000 ____D C:\Windows\PIF

2012-08-03 12:52 - 2012-08-03 12:49 - 01051552 ____A (Bleeping Computer, LLC) C:\Users\Lauren\Desktop\rkill.com

2012-08-03 12:51 - 2012-08-03 13:56 - 00001732 ____A C:\Users\Lauren\Desktop\Rkill.txt

2012-08-03 08:34 - 2012-08-03 08:34 - 00000000 ____D C:\Users\Lauren\AppData\Local\{7FDD2410-BB9A-4A6E-8DB9-BC84217126A0}

2012-08-03 05:12 - 2012-08-03 05:12 - 00000000 ____D C:\Users\Lauren\AppData\Local\{D84FFFA7-107F-4B5B-82FB-056384588D24}

2012-08-03 03:59 - 2012-08-03 03:59 - 00000000 ____D C:\Users\Lauren\AppData\Local\{AC6F4C90-1943-4B29-8810-FC78F85C5CD5}

2012-08-03 03:16 - 2012-08-03 03:16 - 00000000 ____D C:\Users\Lauren\AppData\Local\{CEEEC030-4080-4031-A6B8-A3750D7C800D}

2012-08-02 14:19 - 2012-08-02 14:19 - 00000000 ____D C:\Users\Lauren\AppData\Local\{71D2D664-1409-4118-8170-A19261A67653}

2012-08-02 13:49 - 2012-08-02 13:49 - 00000000 ____D C:\Users\Lauren\AppData\Local\{A629A0AC-7C9B-47FA-B0B0-5BA8B943877F}

2012-07-27 03:14 - 2012-07-27 03:15 - 00000000 ____D C:\Users\Lauren\AppData\Local\{52409D24-09E5-4207-8256-B6B665716CB8}

2012-07-27 03:11 - 2012-07-27 03:14 - 00000000 ____D C:\Users\Lauren\AppData\Local\{062EFA0C-163E-4CC5-8B8C-34F84DEC529E}

2012-07-26 03:25 - 2012-07-26 03:25 - 00000000 ____D C:\Users\Lauren\AppData\Local\{091A6FDB-214D-47AF-9BAE-242CF4CCB64D}

2012-07-26 03:22 - 2012-07-26 03:24 - 00000000 ____D C:\Users\Lauren\AppData\Local\{8EE40149-F68B-40A4-A63F-75E67FDA462C}

2012-07-24 14:42 - 2012-07-24 14:42 - 00000000 ____D C:\Users\Lauren\AppData\Local\{9A360537-F761-4288-A931-D2E18AE62BE4}

2012-07-24 14:39 - 2012-07-24 14:41 - 00000000 ____D C:\Users\Lauren\AppData\Local\{C0474CCC-8104-4015-9A9C-46A3AD30604F}

2012-07-24 06:56 - 2012-07-24 06:56 - 00000000 ____D C:\Users\All Users\12B

2012-07-24 06:37 - 2012-07-24 06:37 - 00000000 ____D C:\Users\Lauren\AppData\Roaming\MusicNet

2012-07-24 06:32 - 2012-07-24 06:32 - 00000000 ____D C:\Users\Lauren\AppData\Local\{8FDCAE61-2565-426B-B2D2-A08C3F1E58F9}

2012-07-24 06:29 - 2012-07-24 06:32 - 00000000 ____D C:\Users\Lauren\AppData\Local\{335157C1-9142-4E50-A2A9-51AF8504AB3C}

2012-07-24 06:15 - 2012-07-24 06:15 - 00000000 ____D C:\Users\Lauren\AppData\Local\PackageAware

2012-07-24 03:39 - 2012-07-24 03:40 - 00000000 ____D C:\Users\Lauren\AppData\Local\{108B6EB9-CD84-4678-9BC0-069561544EF9}

2012-07-24 03:37 - 2012-07-24 03:39 - 00000000 ____D C:\Users\Lauren\AppData\Local\{8BEC419B-32C0-4F0B-BA89-712D673846E3}

2012-07-24 03:27 - 2012-07-24 03:29 - 00000000 ____D C:\Users\Lauren\AppData\Local\{FD50150F-4058-445C-A2D2-F64D3C359042}

2012-07-24 03:25 - 2012-07-24 03:27 - 00000000 ____D C:\Users\Lauren\AppData\Local\{2AF427E7-0072-47ED-A84D-65CDEE3A8E56}

2012-07-24 02:42 - 2012-07-24 02:42 - 00000000 ____D C:\Users\Lauren\AppData\Local\{6012D3F2-6E9A-4E19-BD5A-1B7F8271430E}

2012-07-24 02:39 - 2012-07-24 02:42 - 00000000 ____D C:\Users\Lauren\AppData\Local\{478830B3-F89D-47C6-8FD0-847236C74904}

2012-07-23 05:19 - 2012-07-23 05:19 - 00000000 ____D C:\Users\Lauren\AppData\Local\{293B1F1B-6054-42DD-AB12-894F454F157A}

2012-07-23 05:17 - 2012-07-23 05:19 - 00000000 ____D C:\Users\Lauren\AppData\Local\{EA6DCE7E-1F19-4D71-A1CF-DF455D949278}

2012-07-22 06:44 - 2012-07-22 06:44 - 00000000 ____D C:\Users\Lauren\AppData\Local\{434CBD08-A727-4819-A598-6552C13180A6}

2012-07-22 06:41 - 2012-07-22 06:44 - 00000000 ____D C:\Users\Lauren\AppData\Local\{A3BF1C7E-49BF-42A7-90FE-57F8DB4B1064}

2012-07-22 06:37 - 2012-07-22 06:37 - 00000000 ____D C:\Users\Lauren\AppData\Roaming\AVG2012

2012-07-22 06:35 - 2012-07-22 06:35 - 00000943 ____A C:\Users\Public\Desktop\AVG 2012.lnk

2012-07-22 06:34 - 2012-07-22 06:35 - 00000000 ____D C:\Users\All Users\AVG Secure Search

2012-07-22 06:34 - 2012-07-22 06:34 - 00000000 ____D C:\Users\Lauren\AppData\Local\AVG Secure Search

2012-07-22 06:29 - 2012-07-22 06:33 - 00000000 ____D C:\Program Files\AVG Secure Search

2012-07-22 06:29 - 2012-07-22 06:29 - 00027496 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys

2012-07-22 06:29 - 2012-07-22 06:29 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search

2012-07-22 06:23 - 2012-08-02 03:53 - 00000000 ____D C:\Windows\System32\Drivers\AVG

2012-07-22 06:23 - 2012-07-23 05:16 - 00000000 ____D C:\Users\All Users\AVG2012

2012-07-22 06:23 - 2012-07-22 06:23 - 00000000 ____D C:\$AVG

2012-07-22 06:22 - 2012-07-22 06:22 - 00000000 ____D C:\Program Files\AVG

2012-07-22 06:18 - 2012-08-02 03:53 - 00000000 ____D C:\Users\All Users\MFAData

2012-07-22 05:11 - 2012-08-02 13:41 - 00000000 ____D C:\QUARANTINE

2012-07-22 05:10 - 2012-07-24 03:38 - 00000000 ____D C:\Users\All Users\036DFF4202CCD09F9DE0019EF875F020

2012-07-22 05:10 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-22 05:10 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-22 05:10 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-22 05:10 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-22 05:10 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-22 05:10 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-22 05:10 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-22 05:10 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-22 05:10 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-22 05:10 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-22 05:10 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-22 05:10 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-22 05:10 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-22 05:10 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-22 04:56 - 2012-06-11 18:40 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-22 04:35 - 2012-07-22 04:35 - 00000000 ____D C:\Users\Lauren\AppData\Local\{0F21787E-F946-4D79-98B9-2B14F9BA5137}

2012-07-22 04:33 - 2012-07-22 04:35 - 00000000 ____D C:\Users\Lauren\AppData\Local\{DA52F06D-04AA-4217-BEDC-39C878E1A9C1}

2012-07-17 03:23 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-17 03:23 - 2012-06-01 20:45 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-17 03:23 - 2012-06-01 20:45 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-17 03:23 - 2012-06-01 20:40 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-17 03:23 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-17 03:23 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-17 03:22 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-17 03:22 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-17 03:22 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-17 03:21 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-17 02:51 - 2012-07-17 02:51 - 00000000 ____D C:\Users\Lauren\AppData\Local\{D15ED542-BAE8-4E3A-9FD9-A4F1D8FF08B8}

2012-07-17 02:48 - 2012-07-17 02:50 - 00000000 ____D C:\Users\Lauren\AppData\Local\{51FD717D-582B-4A8A-87F0-E2404510D85C}

============ 3 Months Modified Files ========================

2012-08-03 15:15 - 2010-01-18 13:12 - 01501770 ____A C:\Windows\WindowsUpdate.log

2012-08-03 14:24 - 2012-08-03 14:24 - 00001825 ____A C:\Users\Lauren\Desktop\RKreport[1].txt

2012-08-03 14:23 - 2012-08-03 14:23 - 00014080 ____A C:\Windows\System32\Drivers\TrueSight.sys

2012-08-03 14:22 - 2012-08-03 14:23 - 01552896 ____A C:\Users\Lauren\Desktop\RogueKiller.exe

2012-08-03 13:56 - 2012-08-03 12:51 - 00001732 ____A C:\Users\Lauren\Desktop\Rkill.txt

2012-08-03 13:55 - 2012-08-03 13:55 - 00011302 ____A C:\Users\Lauren\Desktop\Attach.txt

2012-08-03 13:54 - 2012-08-03 13:54 - 00019783 ____A C:\Users\Lauren\Desktop\DDS.txt

2012-08-03 13:48 - 2009-07-13 20:34 - 00010464 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-03 13:48 - 2009-07-13 20:34 - 00010464 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-03 13:43 - 2012-03-12 15:15 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-08-03 13:43 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-03 13:42 - 2010-01-21 06:15 - 00021998 ____A C:\Windows\PFRO.log

2012-08-03 13:20 - 2012-08-03 13:20 - 00031560 ____A C:\Windows\System32\Drivers\mbamchameleon.sys

2012-08-03 13:19 - 2012-08-03 13:19 - 00001079 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-03 13:07 - 2012-08-03 12:55 - 00002286 ____A C:\Users\Lauren\Desktop\unhide.txt

2012-08-03 12:54 - 2012-08-03 13:08 - 00607260 ____R (Swearware) C:\Users\Lauren\Desktop\dds.scr

2012-08-03 12:53 - 2012-08-03 12:55 - 00399264 ____A (Bleeping Computer, LLC) C:\Users\Lauren\Desktop\unhide.exe

2012-08-03 12:49 - 2012-08-03 12:52 - 01051552 ____A (Bleeping Computer, LLC) C:\Users\Lauren\Desktop\rkill.com

2012-08-03 12:33 - 2012-03-12 15:16 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-08-03 11:48 - 2011-09-12 11:37 - 00000930 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job

2012-08-02 05:48 - 2011-09-12 11:37 - 00000908 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job

2012-08-02 05:25 - 2009-07-13 20:39 - 00074664 ____A C:\Windows\setupact.log

2012-07-22 06:35 - 2012-07-22 06:35 - 00000943 ____A C:\Users\Public\Desktop\AVG 2012.lnk

2012-07-22 06:29 - 2012-07-22 06:29 - 00027496 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys

2012-07-22 05:33 - 2009-07-13 20:33 - 02337080 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-22 04:58 - 2010-11-07 04:02 - 57442464 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-22 04:33 - 2009-07-13 20:53 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-07-04 13:42 - 2012-07-04 13:42 - 00001997 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk

2012-07-03 04:46 - 2012-08-03 13:19 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-19 07:37 - 2012-06-18 08:18 - 00000830 ____A C:\Windows\System32\InstallUtil.InstallLog

2012-06-18 08:13 - 2012-06-18 08:13 - 00001806 ____A C:\Users\Public\Desktop\Vuze.lnk

2012-06-13 05:56 - 2010-01-18 05:19 - 00735442 ____A C:\Windows\System32\PerfStringBackup.INI

2012-06-11 18:40 - 2012-07-22 04:56 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-08 20:41 - 2012-07-17 03:21 - 12873728 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-05 21:05 - 2012-07-17 03:22 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 21:05 - 2012-07-17 03:22 - 01236992 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 21:03 - 2012-07-17 03:23 - 00805376 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-02 14:19 - 2012-06-21 03:57 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-21 03:57 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-21 03:57 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-21 03:56 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-21 03:56 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:12 - 2012-06-21 03:57 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:12 - 2012-06-21 03:56 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 06:19 - 2012-06-21 03:56 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 06:12 - 2012-06-21 03:56 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 01:07 - 2012-07-22 05:10 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 00:43 - 2012-07-22 05:10 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 00:33 - 2012-07-22 05:10 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 00:26 - 2012-07-22 05:10 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 00:25 - 2012-07-22 05:10 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 00:25 - 2012-07-22 05:10 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 00:23 - 2012-07-22 05:10 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 00:21 - 2012-07-22 05:10 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 00:20 - 2012-07-22 05:10 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 00:19 - 2012-07-22 05:10 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 00:19 - 2012-07-22 05:10 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 00:17 - 2012-07-22 05:10 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 00:16 - 2012-07-22 05:10 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 00:14 - 2012-07-22 05:10 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-01 20:45 - 2012-07-17 03:23 - 00134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 20:45 - 2012-07-17 03:23 - 00067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 20:40 - 2012-07-17 03:23 - 00369336 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 20:40 - 2012-07-17 03:23 - 00225280 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 20:39 - 2012-07-17 03:23 - 00219136 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-05-11 10:05 - 2012-05-10 05:06 - 00002942 ____A C:\Windows\KB893803v2.log

2012-05-10 04:33 - 2012-05-10 04:33 - 25989788 ____A C:\Users\Lauren\Downloads\VSE870LMLRP5.Zip

2012-05-10 04:09 - 2011-03-21 09:33 - 00001945 ____A C:\Windows\epplauncher.mif

ZeroAccess:

C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}

C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\@

C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\L

C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}\U

ZeroAccess:

C:\Users\Lauren\AppData\Local\{7d8c2957-6119-1690-cdfd-9126525147da}

C:\Users\Lauren\AppData\Local\{7d8c2957-6119-1690-cdfd-9126525147da}\@

C:\Users\Lauren\AppData\Local\{7d8c2957-6119-1690-cdfd-9126525147da}\L

C:\Users\Lauren\AppData\Local\{7d8c2957-6119-1690-cdfd-9126525147da}\U

C:\Users\Lauren\AppData\Local\{7d8c2957-6119-1690-cdfd-9126525147da}\U\00000001.@

C:\Users\Lauren\AppData\Local\{7d8c2957-6119-1690-cdfd-9126525147da}\U\80000000.@

C:\Users\Lauren\AppData\Local\{7d8c2957-6119-1690-cdfd-9126525147da}\U\800000cb.@

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 43%

Total physical RAM: 1013.38 MB

Available physical RAM: 568.3 MB

Total Pagefile: 1013.38 MB

Available Pagefile: 629.77 MB

Total Virtual: 2047.88 MB

Available Virtual: 1967.22 MB

======================= Partitions =========================

1 Drive c: (Windows7) (Fixed) (Total:225.25 GB) (Free:185.94 GB) NTFS

2 Drive e: (USB2) (Removable) (Total:3.72 GB) (Free:3.71 GB) FAT32

3 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

4 Drive y: (WinRe) (Fixed) (Total:7.63 GB) (Free:3.66 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 232 GB 0 B

Disk 1 Online 3824 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 7813 MB 1024 KB

Partition 2 Primary 225 GB 7814 MB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 0 Y WinRe NTFS Partition 7813 MB Healthy

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C Windows7 NTFS Partition 225 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3820 MB 4032 KB

==================================================================================

Disk: 1

Partition 1

Type : 0B

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 E USB2 FAT32 Removable 3820 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-17 11:59

======================= End Of Log ==========================

SEARCH

Farbar Recovery Scan Tool Version: 25-07-2012 01

Ran by SYSTEM at 2012-08-04 00:33:49

Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe

[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

=== End Of Search ===

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Open notepad. Make sure "word wrap" under Format is unchecked! Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da}
C:\Users\Lauren\AppData\Local\{7d8c2957-6119-1690-cdfd-9126525147da}

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01

Ran by SYSTEM at 2012-08-04 00:40:02 Run:1

Running from E:\

==============================================

C:\Windows\Installer\{7d8c2957-6119-1690-cdfd-9126525147da} moved successfully.

C:\Users\Lauren\AppData\Local\{7d8c2957-6119-1690-cdfd-9126525147da} moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-07-31.06 - Lauren 04/08/2012 1:12.1.2 - x86 NETWORK

Microsoft Windows 7 Starter 6.1.7601.1.1252.44.1033.18.1013.670 [GMT 1:00]

Running from: c:\users\Lauren\Desktop\ComboFix.exe

AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Complitly

c:\program files\Complitly\chrome\ComplitlyChrome.crx

c:\program files\Complitly\FireFoxExtension.exe

c:\program files\Complitly\InstTracker.exe

c:\program files\Complitly\support@Complitly.com\chrome.manifest

c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png

c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul

c:\program files\Complitly\support@Complitly.com\chrome\content\options.js

c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul

c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js

c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js

c:\program files\Complitly\support@Complitly.com\install.rdf

c:\program files\Complitly\unins000.dat

c:\program files\Complitly\unins000.exe

c:\program files\IMinent Toolbar\tbHElper.dll

c:\programdata\12B

c:\programdata\12B\{BBF0E68B-0DBC-4B9F-976C-77AF9E2739C2}.swf

c:\users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum

c:\users\Lauren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk

c:\users\Lauren\Documents\~WRL0047.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))

.

.

2012-08-04 08:20 . 2012-08-04 08:20 -------- d-----w- C:\FRST

2012-08-04 00:31 . 2012-08-04 00:33 -------- d-----w- c:\users\Lauren\AppData\Local\temp

2012-08-04 00:31 . 2012-08-04 00:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-03 22:23 . 2012-08-03 22:23 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2012-08-03 21:32 . 2012-08-03 21:32 -------- d-----w- c:\users\Lauren\AppData\Roaming\Malwarebytes

2012-08-03 21:20 . 2012-08-03 21:20 31560 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-08-03 21:19 . 2012-08-03 21:19 -------- d-----w- c:\programdata\Malwarebytes

2012-08-03 21:19 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-03 21:10 . 2012-08-03 21:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-03 20:52 . 2012-08-03 20:52 -------- d-----w- c:\windows\PIF

2012-07-24 14:37 . 2012-07-24 14:37 -------- d-----w- c:\users\Lauren\AppData\Roaming\MusicNet

2012-07-24 14:15 . 2012-07-24 14:15 -------- d-----w- c:\users\Lauren\AppData\Local\PackageAware

2012-07-22 14:37 . 2012-07-22 14:37 -------- d-----w- c:\users\Lauren\AppData\Roaming\AVG2012

2012-07-22 14:34 . 2012-07-22 14:34 -------- d-----w- c:\users\Lauren\AppData\Local\AVG Secure Search

2012-07-22 14:34 . 2012-07-22 14:35 -------- d-----w- c:\programdata\AVG Secure Search

2012-07-22 14:29 . 2012-07-22 14:29 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-07-22 14:29 . 2012-07-22 14:29 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-07-22 14:29 . 2012-07-22 14:33 -------- d-----w- c:\program files\AVG Secure Search

2012-07-22 14:23 . 2012-08-02 11:53 -------- d-----w- c:\windows\system32\drivers\AVG

2012-07-22 14:23 . 2012-07-23 13:16 -------- d-----w- c:\programdata\AVG2012

2012-07-22 14:23 . 2012-07-22 14:23 -------- d-----w- C:\$AVG

2012-07-22 14:22 . 2012-07-22 14:22 -------- d-----w- c:\program files\AVG

2012-07-22 14:18 . 2012-07-22 14:18 -------- d-----w- c:\programdata\Common Files

2012-07-22 14:18 . 2012-08-02 11:53 -------- d-----w- c:\programdata\MFAData

2012-07-22 13:11 . 2012-08-02 21:41 -------- d-----w- C:\QUARANTINE

2012-07-22 12:56 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-21 13:19 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{49CC695F-FCD1-477F-AD8E-492CED81FE91}\mpengine.dll

2012-07-19 15:12 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-17 11:23 . 2012-06-02 04:40 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-17 11:23 . 2012-06-02 04:45 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-17 11:23 . 2012-06-02 04:39 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-17 11:23 . 2012-06-02 04:40 225280 ----a-w- c:\windows\system32\schannel.dll

2012-07-17 11:23 . 2012-06-02 04:45 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-17 11:23 . 2012-06-06 05:05 1019904 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-17 11:23 . 2012-06-06 05:03 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-07-17 11:23 . 2012-06-06 05:05 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2012-07-17 11:23 . 2012-06-06 05:05 57344 ----a-w- c:\program files\Common Files\System\ado\msador15.dll

2012-07-17 11:23 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll

2012-07-17 11:23 . 2012-06-06 05:05 212992 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2012-07-17 11:23 . 2012-06-06 05:05 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2012-07-17 11:22 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-07-17 11:22 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-07-17 11:22 . 2010-06-26 03:24 2048 ----a-w- c:\windows\system32\msxml3r.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-02 22:19 . 2012-06-21 11:57 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 11:57 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 11:56 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 11:56 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-21 11:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-21 11:57 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-21 11:56 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 14:19 . 2012-06-21 11:56 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 14:12 . 2012-06-21 11:56 33792 ----a-w- c:\windows\system32\wuapp.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]

2010-07-02 08:54 2607872 ----a-w- c:\program files\IMinent Toolbar\tbcore3.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-22 14:29 2086496 ----a-w- c:\program files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll" [2012-07-22 2086496]

.

[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]

[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]

.

[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]

[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]

[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]

[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"Facebook Update"="c:\users\Lauren\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-17 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="KEY" [X]

"McAfeeUpdaterUI"="KEY" [X]

"ShStatEXE"="E" [X]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]

"fspuip"="c:\program files\FSP\fspuip.exe" [2009-09-23 3342336]

"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]

"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]

"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2012-04-24 296056]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-22 1147488]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"1"="c:\program files\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe" [2012-07-03 217672]

"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2012-07-03 1085000]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"KodakHomeCenter"="c:\program files\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-04-04 05:53 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 07:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-12-13 17:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2012\avgfws.exe [x]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [x]

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [x]

R2 NACAgent;Cisco NAC Agent;c:\program files\Cisco\Cisco NAC Agent\NACAgent.exe [x]

R2 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [x]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]

R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WajamUpdater;WajamUpdater;c:\program files\Wajam\Updater\WajamUpdater.exe [x]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [x]

S3 netr28;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000Core.job

- c:\users\Lauren\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-12 13:42]

.

2012-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2020085807-1544784501-1952108477-1000UA.job

- c:\users\Lauren\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-12 13:42]

.

2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 23:14]

.

2012-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-12 23:14]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1060933

uInternet Settings,ProxyOverride = *.local

IE: Download with &Media Finder - c:\program files\Media Finder\hook.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)

HKCU-Run-AdobeBridge - (no file)

HKCU-Run-Media Finder - c:\program files\Media Finder\Media Finder.exe

HKLM-Run-IgfxTray - DOWS\SYSTEM32\IGFXTRAY.EXE

HKLM-Run-HotKeysCmds - DOWS\SYSTEM32\HKCMD.EXE

HKLM-Run-Persistence - DOWS\SYSTEM32\IGFXPERS.EXE

HKLM-Run-VX1000 - DOWS\VVX1000.EXE

HKLM-Run-NACAgentUI - TUI.EXE

HKLM-Run-Conime - c:\windows\system32\conime.exe

HKLM-Run-SunJavaUpdateSched - FILES\JAVA\JAVA UPDATE\JUSCHED.EXE

HKLM-Run-Adobe ARM - FILES\ADOBE\ARM\1.0\ADOBEARM.EXE

SafeBoot-mbamchameleon

SafeBoot-MsMpSvc

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2020085807-1544784501-1952108477-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2020085807-1544784501-1952108477-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgagD\1*]

"value"="?\06\01\12\10\0d)e"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-04 01:39:04

ComboFix-quarantined-files.txt 2012-08-04 00:39

.

Pre-Run: 199,778,324,480 bytes free

Post-Run: 199,975,862,272 bytes free

.

- - End Of File - - ECF8CA7E5DBE58C444C780D793F77D58

Link to post
Share on other sites

You have 3 anti-virus programs running, you can't have that > they conflict with each other.

Please pick one and uninstall the other two. (I suggest you keep MSE)

AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

AV: McAfee VirusScan Enterprise *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

After you do that, let me know how the computer is, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.