Jump to content

Repost of missing post (For screen317)


Recommended Posts

Hi - you were helping me with my issue. Avg gave me an message to say I had atwtusblcon.exe

I am reposting below the most recent logs that you asked me to:

ComboFix 12-10-31.03 - Liz 31/10/2012 12:31:14.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3327.1838 [GMT 0:00]

Running from: c:\users\Liz\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk

c:\users\Liz\AppData\Local\.#

c:\users\Liz\AppData\Local\.#\MBX@1014@1491F90.###

c:\users\Liz\AppData\Local\.#\MBX@1014@1491FA0.###

c:\users\Liz\AppData\Local\.#\MBX@1014@1492090.###

c:\users\Liz\AppData\Local\.#\MBX@1014@14920B0.###

c:\users\Liz\AppData\Local\.#\MBX@1050@1261F90.###

c:\users\Liz\AppData\Local\.#\MBX@1050@1261FA0.###

c:\users\Liz\AppData\Local\.#\MBX@1050@1262090.###

c:\users\Liz\AppData\Local\.#\MBX@1050@12620B0.###

c:\users\Liz\AppData\Local\.#\MBX@135C@15E1F90.###

c:\users\Liz\AppData\Local\.#\MBX@135C@15E1FA0.###

c:\users\Liz\AppData\Local\.#\MBX@135C@15E2090.###

c:\users\Liz\AppData\Local\.#\MBX@135C@15E20B0.###

c:\users\Liz\AppData\Local\.#\MBX@1420@381F90.###

c:\users\Liz\AppData\Local\.#\MBX@1420@381FA0.###

c:\users\Liz\AppData\Local\.#\MBX@1420@382090.###

c:\users\Liz\AppData\Local\.#\MBX@1420@3820B0.###

c:\users\Liz\AppData\Local\.#\MBX@143C@1331F90.###

c:\users\Liz\AppData\Local\.#\MBX@143C@1331FA0.###

c:\users\Liz\AppData\Local\.#\MBX@143C@1332090.###

c:\users\Liz\AppData\Local\.#\MBX@143C@13320B0.###

c:\users\Liz\AppData\Local\.#\MBX@16A8@3F1F90.###

c:\users\Liz\AppData\Local\.#\MBX@16A8@3F1FA0.###

c:\users\Liz\AppData\Local\.#\MBX@16A8@3F2090.###

c:\users\Liz\AppData\Local\.#\MBX@16A8@3F20B0.###

c:\users\Liz\AppData\Local\.#\MBX@16B4@1361F90.###

c:\users\Liz\AppData\Local\.#\MBX@16B4@1361FA0.###

c:\users\Liz\AppData\Local\.#\MBX@16B4@1362090.###

c:\users\Liz\AppData\Local\.#\MBX@16B4@13620B0.###

c:\users\Liz\AppData\Local\.#\MBX@1A38@991F90.###

c:\users\Liz\AppData\Local\.#\MBX@1A38@991FA0.###

c:\users\Liz\AppData\Local\.#\MBX@1A38@992090.###

c:\users\Liz\AppData\Local\.#\MBX@1A38@9920B0.###

c:\users\Liz\AppData\Local\.#\MBX@1A7C@221F90.###

c:\users\Liz\AppData\Local\.#\MBX@1A7C@221FA0.###

c:\users\Liz\AppData\Local\.#\MBX@1A7C@222090.###

c:\users\Liz\AppData\Local\.#\MBX@1A7C@2220B0.###

c:\users\Liz\AppData\Local\.#\MBX@440@14B1F90.###

c:\users\Liz\AppData\Local\.#\MBX@440@14B1FA0.###

c:\users\Liz\AppData\Local\.#\MBX@440@14B2090.###

c:\users\Liz\AppData\Local\.#\MBX@440@14B20B0.###

c:\users\Liz\AppData\Local\.#\MBX@F94@1261F90.###

c:\users\Liz\AppData\Local\.#\MBX@F94@1261FA0.###

c:\users\Liz\AppData\Local\.#\MBX@F94@1262090.###

c:\users\Liz\AppData\Local\.#\MBX@F94@12620B0.###

c:\users\Liz\AppData\Local\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll

c:\users\Liz\Documents\~WRL2286.tmp

c:\users\Liz\g2mdlhlpx.exe

G:\AUTORUN.INF . . . . Failed to delete

.

.

((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-31 )))))))))))))))))))))))))))))))

.

.

2012-10-31 12:42 . 2012-10-31 12:48 -------- d-----w- c:\users\Liz\AppData\Local\temp

2012-10-31 12:42 . 2012-10-31 12:42 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-10-31 12:42 . 2012-10-31 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-31 12:16 . 2012-10-31 12:16 -------- d-----w- c:\users\Liz\AppData\Roaming\HPAppData

2012-10-28 16:46 . 2012-10-28 16:46 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2012-10-25 16:06 . 2012-10-25 16:06 345480 ----a-r- c:\users\Liz\AppData\Roaming\Microsoft\Installer\{39935111-E42A-4306-A309-91B127DAFD45}\ARPPRODUCTICON.exe

2012-10-21 11:41 . 2012-10-21 11:41 -------- d-----w- c:\users\Liz\AppData\Local\Macromedia

2012-10-13 08:09 . 2012-10-13 08:09 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software

2012-10-10 05:35 . 2012-08-24 17:10 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-10 05:35 . 2012-09-14 18:30 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-10 05:33 . 2012-06-02 04:45 139264 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 05:33 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\system32\crypt32.dll

2012-10-10 05:33 . 2012-06-02 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-10 05:32 . 2012-08-31 17:21 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-10-10 05:32 . 2012-08-10 23:54 541184 ----a-w- c:\windows\system32\kerberos.dll

2012-10-10 05:32 . 2012-08-30 17:18 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-10 05:32 . 2012-08-30 17:18 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-09 13:00 . 2012-10-16 13:00 -------- d-----w- c:\programdata\NCH Software

2012-10-09 13:00 . 2012-10-09 13:00 -------- d-----w- c:\program files\NCH Software

2012-10-09 12:59 . 2012-10-16 13:00 -------- d-----w- c:\users\Liz\AppData\Roaming\NCH Software

2012-10-05 02:26 . 2012-10-05 02:26 93536 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2012-10-02 02:30 . 2012-10-02 02:30 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-09 08:12 . 2012-03-30 07:33 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-10-09 08:12 . 2011-06-01 06:03 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-29 18:54 . 2010-09-19 11:36 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-21 02:46 . 2012-09-21 02:46 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-09-21 02:46 . 2012-09-21 02:46 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys

2012-09-21 02:45 . 2012-09-21 02:45 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2012-09-21 02:45 . 2012-09-21 02:45 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-09-14 02:05 . 2012-09-14 02:05 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2012-09-13 16:08 . 2012-09-13 16:08 4290327 ----a-w- c:\windows\system32\Studio22_Studio22 Album Maker_uninstaller.exe

2012-09-13 02:11 . 2012-09-13 02:11 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2012-09-13 00:44 . 2012-09-17 08:20 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll

2012-09-13 00:44 . 2012-09-17 08:20 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll

2012-08-27 08:08 . 2012-08-27 08:08 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-08-24 17:10 . 2012-09-22 07:50 981504 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 17:08 . 2012-09-22 07:50 44544 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-24 16:01 . 2012-09-22 07:50 386048 ----a-w- c:\windows\system32\html.iec

2012-08-24 15:27 . 2012-09-22 07:50 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-21 12:01 . 2012-09-30 11:29 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-21 12:01 . 2010-08-07 14:43 106928 ----a-w- c:\windows\system32\GEARAspi.dll

2012-08-02 17:05 . 2012-09-12 06:33 490496 ----a-w- c:\windows\system32\d3d10level9.dll

2012-06-06 04:06 . 2012-06-06 04:06 2174976 ----a-w- c:\program files\Common Files\atimpenc.dll

2010-10-12 15:33 . 2010-10-12 15:33 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2010-10-12 17:15 . 2010-10-12 17:15 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2010-10-12 15:37 . 2010-10-12 15:37 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2010-10-12 15:35 . 2010-10-12 15:35 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2010-10-12 15:34 . 2010-10-12 15:34 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2010-10-12 15:32 . 2010-10-12 15:32 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2010-10-12 15:35 . 2010-10-12 15:35 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2010-10-12 15:34 . 2010-10-12 15:34 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2010-07-14 11:42 . 2010-07-14 11:42 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2010-10-12 15:37 . 2010-10-12 15:37 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2012-05-14 05:55 . 2011-04-24 17:26 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]

2012-02-10 10:28 1307928 ----a-w- c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-09-28 13:09 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-09-28 1734240]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-20 719672]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-11 39408]

"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2011-07-26 958352]

"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2011-07-26 3507088]

"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-07-26 20880]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-10 7612960]

"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"YouCam Mirror Tray icon"="c:\program files\CyberLink\YouCam\YouCamTray.exe" [2009-07-23 162912]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-09-29 981656]

"TblMouse"="TblMouse.exe" [2007-10-09 65184]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"ConnectionCenter"="c:\users\Liz\AppData\Local\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-09-28 947808]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-10-10 3116152]

"ROC_ROC_NT"="c:\program files\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-28 856160]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]

.

c:\users\Liz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

BBC iPlayer Desktop.lnk - c:\program files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe [N/A]

Microsoft SharePoint Workspace.lnk - c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]

My Ink Resident.lnk - c:\program files\MyInk\My Ink Resident.exe [2011-1-8 36864]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

.

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 MSIDriver_IO_2;MSIDriver_IO_2;c:\program files\msi\OSD hot keys\MSI_MAINSYS.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]

S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [x]

S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]

S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]

S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [x]

S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [x]

S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [x]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [x]

S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]

S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [x]

S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [x]

S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [x]

S2 WMI_Hook_Service;WMI_Hook_Service;c:\program files\msi\OSD hot keys\WMI_Hook_Service.exe [x]

S2 WTService;WTService;c:\windows\system32\atwtusb.exe [x]

S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 08:12]

.

2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 17:35]

.

2012-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 17:35]

.

2012-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3281990863-3913527862-3815503442-1000Core.job

- c:\users\Liz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 10:55]

.

2012-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3281990863-3913527862-3815503442-1000UA.job

- c:\users\Liz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-12 10:55]

.

.

------- Supplementary Scan -------

.

uStart Page = https://gateway.centralbedfordshire.gov.uk/vpn/index.html

uInternet Settings,ProxyOverride = <local>;*.local

IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105

IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4

Trusted Zone: centralbedfordshire.gov.uk\gateway

TCP: DhcpNameServer = 194.168.4.100 194.168.8.100

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

FF - ProfilePath - c:\users\Liz\AppData\Roaming\Mozilla\Firefox\Profiles\993l719x.default\

FF - prefs.js: browser.startup.homepage - hxxp://uk.mg40.mail.yahoo.com/dc/launch?.gx=1&.rand=7fbki377kfl2u

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B379f2341-6b7b-47e0-9fcb-77288e13ac35%7D&mid=f3384312f9dd056b4c085fc107d369cd-89fcc09d6f261a554a942b26b87307251f9023c5&ds=AVG&v=12.2.5.34〈=en&pr=fr&d=2012-09-28%2014%3A09%3A25&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: !HIDDEN! 2011-04-25 15:36; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe

HKCU-Run-Steam - c:\program files\Steam\Steam.exe

HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe

HKLM-Run-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe

AddRemove-Steam App 10190 - c:\program files\Steam\steam.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

AddRemove-26_VIA_driver2 - c:\program files\Samsung\USB Drivers\26_VIA_driver2\Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2013\avgrsx.exe

c:\program files\AVG\AVG2013\avgcsrvx.exe

c:\windows\system32\nvvsvc.exe

c:\windows\system32\nvvsvc.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\system32\taskhost.exe

c:\windows\SYSTEM32\WISPTIS.EXE

c:\program files\Common Files\microsoft shared\ink\TabTip.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files\CyberLink\Shared files\RichVideo.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Panda USB Vaccine\USBVaccine.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

c:\windows\system32\conhost.exe

c:\program files\AVG\AVG2013\avgnsx.exe

c:\program files\AVG\AVG2013\avgemcx.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\sppsvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

.

**************************************************************************

.

Completion time: 2012-10-31 12:52:43 - machine was rebooted

ComboFix-quarantined-files.txt 2012-10-31 12:52

.

Pre-Run: 876,080,906,240 bytes free

Post-Run: 877,207,969,792 bytes free

.

- - End Of File - - 4188FB4DD42E77F49EE319681260CFF2

DDS (Ver_2012-10-19.01) - NTFS_x86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.5.1

Run by Liz at 12:55:22 on 2012-10-31

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3327.1797 [GMT 0:00]

.

AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ================

.

C:\PROGRA~1\AVG\AVG2013\avgrsx.exe

C:\Program Files\AVG\AVG2013\avgcsrvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\AVG\AVG2013\avgidsagent.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe

c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\msi\OSD hot keys\WMI_Hook_Service.exe

C:\Program Files\Panda USB Vaccine\USBVaccine.exe

C:\Windows\system32\atwtusb.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG2013\avgnsx.exe

C:\Program Files\AVG\AVG2013\avgemcx.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\Explorer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\Liz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Liz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Liz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Liz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Liz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Liz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Liz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Liz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Liz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Users\Liz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\System32\svchost.exe -k swprv

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://gateway.centralbedfordshire.gov.uk/vpn/index.html

uProxyOverride = <local>;*.local

uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - c:\program files\techsmith\snagit 9\SnagItBHO.dll

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - c:\program files\techsmith\snagit 9\SnagItIEAddin.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\12.2.5.34\AVG Secure Search_toolbar.dll

TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s

uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe

uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe

mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"

mRun: [uCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"

mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [TblMouse] TblMouse.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [ConnectionCenter] "c:\users\liz\appdata\local\citrix\ica client\concentr.exe" /startup

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY

mRun: [ROC_ROC_NT] "c:\program files\avg secure search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

StartupFolder: c:\users\liz\appdata\roaming\micros~1\windows\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe

StartupFolder: c:\users\liz\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office14\GROOVE.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\myinkr~1.lnk - c:\program files\myink\My Ink Resident.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105

IE: {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/710-72741-17534-1/4

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{45AB881A-9766-463A-B115-C7EF41F0A7B1} : DHCPNameServer = 194.168.4.100 194.168.8.100

TCP: Interfaces\{789D0083-4FCF-4146-B027-8139909E2F2C}\2456C6B696E6F574F505C65737F5D494D4F4F5130334341454 : DHCPNameServer = 194.168.4.100 194.168.8.100

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\liz\appdata\local\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\liz\appdata\local\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\liz\appdata\local\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\liz\appdata\local\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\liz\appdata\local\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\liz\appdata\local\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\liz\appdata\local\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\liz\appdata\local\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\liz\appdata\local\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\liz\appdata\local\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\liz\appdata\local\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\liz\appdata\local\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\liz\appdata\local\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\liz\appdata\local\citrix\ica client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\liz\appdata\local\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\users\liz\appdata\local\citrix\ica client\IcaMimeFilter.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.6\ViProtocol.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\liz\appdata\roaming\mozilla\firefox\profiles\993l719x.default\

FF - prefs.js: browser.startup.homepage - hxxp://uk.mg40.mail.yahoo.com/dc/launch?.gx=1&.rand=7fbki377kfl2u

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid=%7B379f2341-6b7b-47e0-9fcb-77288e13ac35%7D&mid=f3384312f9dd056b4c085fc107d369cd-89fcc09d6f261a554a942b26b87307251f9023c5&ds=AVG&v=12.2.5.34〈=en&pr=fr&d=2012-09-28%2014%3A09%3A25&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: !HIDDEN! 2011-04-25 15:36; smartwebprinting@hp.com; c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-9-21 55008]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 93536]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]

R0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\drivers\nvamacpi.sys [2009-8-13 24608]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-10-28 65848]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-9-13 177504]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-8-27 27496]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]

R1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\43926\RapportCerberus32_43926.sys [2012-10-19 272216]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-10-28 71480]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-10-28 166840]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-10-2 5783672]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-2 193568]

R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-9-13 196112]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-10-28 976728]

R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.6\ToolbarUpdater.exe [2012-8-27 722528]

R2 WMI_Hook_Service;WMI_Hook_Service;c:\program files\msi\osd hot keys\WMI_Hook_Service.exe [2009-9-4 101176]

R2 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]

R3 NxpCap;CTX capture service;c:\windows\system32\drivers\NxpCap.sys [2009-8-13 1488096]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-8-13 167936]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2009-8-13 842752]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-11 135664]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 250808]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-7-30 77624]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-7-5 54632]

S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-11 135664]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-14 129976]

S3 MSIDriver_IO_2;MSIDriver_IO_2;c:\program files\msi\osd hot keys\MSI_MAINSYS.sys [2009-8-25 26936]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-7-30 181432]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-6 1343400]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-14 17920]

.

=============== File Associations ===============

.

ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs5\dreamweaver.exe", "%1"

ShellExec: switch.exe: open="c:\program files\nch software\switch\switch" "%L"

.

=============== Created Last 30 ================

.

2012-10-31 12:48:17 -------- d-----w- C:\$RECYCLE.BIN

2012-10-31 12:42:11 -------- d-----w- c:\users\liz\appdata\local\temp

2012-10-31 12:29:13 98816 ----a-w- c:\windows\sed.exe

2012-10-31 12:29:13 256000 ----a-w- c:\windows\PEV.exe

2012-10-31 12:29:13 208896 ----a-w- c:\windows\MBR.exe

2012-10-28 16:46:34 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2012-10-25 16:06:12 345480 ----a-r- c:\users\liz\appdata\roaming\microsoft\installer\{39935111-e42a-4306-a309-91b127dafd45}\ARPPRODUCTICON.exe

2012-10-21 11:41:03 -------- d-----w- c:\users\liz\appdata\local\Macromedia

2012-10-10 05:35:30 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-10 05:35:17 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-10 05:33:26 139264 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 05:33:26 1157632 ----a-w- c:\windows\system32\crypt32.dll

2012-10-10 05:33:26 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-10 05:32:59 1210736 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-10-10 05:32:58 541184 ----a-w- c:\windows\system32\kerberos.dll

2012-10-10 05:32:55 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-10 05:32:55 3902832 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-09 13:00:02 -------- d-----w- c:\program files\NCH Software

2012-10-09 12:59:59 -------- d-----w- c:\users\liz\appdata\roaming\NCH Software

2012-10-02 02:30:38 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys

.

==================== Find3M ====================

.

2012-10-09 08:12:26 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 08:12:26 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-29 18:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-21 02:46:06 164832 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-09-21 02:46:00 177376 ----a-w- c:\windows\system32\drivers\avglogx.sys

2012-09-21 02:45:54 19936 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys

2012-09-21 02:45:52 55008 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-09-14 02:05:20 35552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2012-09-13 16:08:18 4290327 ----a-w- c:\windows\system32\Studio22_Studio22 Album Maker_uninstaller.exe

2012-09-13 02:11:20 177504 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys

2012-09-13 00:44:30 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll

2012-09-13 00:44:30 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll

2012-08-27 08:08:19 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-08-24 17:10:47 981504 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 17:08:47 44544 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-24 16:01:45 386048 ----a-w- c:\windows\system32\html.iec

2012-08-24 15:27:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-21 12:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys

2012-08-21 12:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll

2012-08-18 11:23:05 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-08-18 11:21:20 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-18 11:18:47 271360 ----a-w- c:\windows\system32\conhost.exe

2012-08-18 09:07:02 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-18 09:07:02 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-18 09:07:02 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-18 09:07:02 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-02 17:05:42 490496 ----a-w- c:\windows\system32\d3d10level9.dll

2012-06-06 04:06:50 2174976 ----a-w- c:\program files\common files\atimpenc.dll

.

============= FINISH: 12:55:41.34 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-10-19.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 21/11/2009 10:38:25

System Uptime: 31/10/2012 12:44:07 (0 hours ago)

.

Motherboard: MEDIONPC | | MS-7621

Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz | CPU 1 | 2200/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 910 GiB total, 817.045 GiB free.

D: is FIXED (NTFS) - 20 GiB total, 12.743 GiB free.

E: is CDROM ()

F: is Removable

G: is FIXED (FAT32) - 233 GiB total, 103.074 GiB free.

H: is Removable

I: is FIXED (NTFS) - 112 GiB total, 94.085 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 6500 E709n

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet 6500 E709n

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP470: 14/10/2012 19:00:06 - Windows Backup

RP471: 21/10/2012 19:00:14 - Windows Backup

RP472: 28/10/2012 19:00:42 - Windows Backup

RP474: 30/10/2012 09:32:00 - Installed Rapport

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

6500_E709_eDocs

Activation Assistant for the 2007 Microsoft Office suites

Adobe Acrobat 8 Standard - English, Français, Deutsch

Adobe Acrobat 8.1.4 Standard

Adobe AIR

Adobe Community Help

Adobe Dreamweaver CS5

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Photoshop 6.0

Adobe Shockwave Player 11.5

Alien Skin Eye Candy 5 Impact

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audacity 2.0.2

AVG 2013

Bing Bar

BlackBerry Desktop Software 6.1

Bonjour

bpd_scan

BPDSoftware

BPDSoftware_Ini

BufferChm

CCleaner

Citrix Access Gateway Endpoint Analysis

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Citrix XenApp Web Plugin

Common

Compatibility Pack for the 2007 Office system

Contents

Corel Paint Shop Pro X

Corel VideoStudio Pro X4

CutePDF Writer 2.8

CyberLink LabelPrint

CyberLink MediaShow

CyberLink PhotoNow

CyberLink Power2Go

CyberLink PowerCinema

CyberLink PowerDirector

CyberLink PowerDVD 9

CyberLink PowerDVD Copy

CyberLink PowerProducer

CyberLink YouCam

CyberLink YouPaint

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

DeviceIO

DocMgr

DocProc

eturboTouchKit

Fax

FileZilla Client 3.5.3

Filters Unlimited 1.0

Filters Unlimited 2.0

Free M4a to MP3 Converter 7.0

Free Notes & Office Ink

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.1.0.880

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.0.0

HP Customer Participation Program 14.0

HP Document Manager 2.0

HP Imaging Device Functions 14.0

HP Officejet 6500 E709 Series

HP Product Detection

HP Smart Web Printing 4.60

HP Solution Center 14.0

HP Update

HPDiagnosticAlert

HPProductAssistant

HPSSupply

HTML Password Lock 3.3.1

ICA

IPM_VS_Pro

ISCOM

iTunes

Java Auto Updater

Java 6 Update 31

Java 7 Update 5

JavaFX 2.1.1

Junk Mail filter update

LG USB Modem driver

Malwarebytes Anti-Malware version 1.65.1.1000

MarketResearch

Medion Home Cinema

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office FrontPage 2003

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Live Add-in 1.4

Microsoft Office Live Small Business Image Uploader

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office SharePoint Designer 2010

Microsoft Office SharePoint Designer MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft SharePoint Designer 2010

Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual J# 2.0 Redistributable Package

Microsoft Works

Microsoft XML Parser

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Movie Maker 6.0 for Windows 7 (32-bit)

Mozilla Firefox 12.0 (x86 en-GB)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyFreeCodec

MyInk

MyLiveChat

MyScript Notes

Network

Nitro Reader 2

NVIDIA Drivers

OCR Software by I.R.I.S. 14.0

OGA Notifier 2.0.0048.0

OSD hot keys

Panda USB Vaccine 1.0.1.4

Photo Story 3 for Windows

Power Presenter RE II

Powerbullet Presenter 1.44

PowerCinema Movie

Prism Video File Converter

PureHD

QuickTime

Rapport

Realtek High Definition Audio Driver

Sage e-Banking Core Components

Sage Protx VSP

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Scan

Screencast-O-Matic

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition

Setup

Share

Shop for HP Supplies

Skype Click to Call

Skype™ 5.10

SmartSound Common Data

SmartSound Quicktracks 5

SmartWebPrinting

SnagIt 9

SolutionCenter

Status

Steam

Switch Sound File Converter

TAS Basics

Terrapin FTP

Toolbox

TrayApp

Un-Zip for Windows 9.22beta

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

USB Tablet Manager

VIO

VSClassic

VSPro

WavePad Sound Editor

WebReg

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Encoder 9 Series

WinRAR archiver

WinX Free MOV to WMV Converter 4.1.12

WinX Free MP4 to WMV Converter 4.1.10

WinZip 16.5

Yahoo! BrowserPlus 2.9.8

Yahoo! Install Manager

Yahoo! Toolbar

Zoom Search Engine 6.0

.

==== Event Viewer Messages From Past Week ========

.

31/10/2012 12:46:30, Error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.

31/10/2012 12:46:05, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

31/10/2012 12:44:50, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

31/10/2012 12:42:40, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

30/10/2012 10:42:31, Error: bowser [8003] - The master browser has received a server announcement from the computer SPENCER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{45AB881A-9766-463A-B115-C7EF41F. The master browser is stopping or an election is being forced.

29/10/2012 08:22:14, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

28/10/2012 20:15:03, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.

26/10/2012 13:02:05, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Presentation Foundation Font Cache 3.0.0.0 service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

26/10/2012 13:02:05, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

.

==== End Of File ===========================

Once this has been sorted you were going to let me know how to get rid of utorrent which is not showing up in my control panel programme (just as a little reminder).

Thank you.

Link to post
Share on other sites

  • Root Admin

Please go into your Control Panel, Programs and uninstall all versions of Java.

Java Auto Updater

Java™ 6 Update 31

Java™ 7 Update 5

JavaFX 2.1.1

Next please run TDSSKiller and attach the log back. Please don't copy/paste the log - please attach it to your post.

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Link to post
Share on other sites

Thanks for helping.

I have followed instructions.

The only java files I could find in my control panel were

Java 7 update 9

Java (7m) 6 update 31

JavaFX 2.1.1

I couldn't find the Java Auto Updater.

Attached is the log.

I didn't get an option to cure the 4 threats found so left it on the default of 'skip'

Regards.

TDSSKiller.2.8.15.0_06.11.2012_18.08.45_log.txt

Link to post
Share on other sites

  • Root Admin

Those items are okay.

Next, please run a free online scan with the ESET Online Scanner

http://www.eset.eu/online-scanner

Note: You will need to use Internet Explorer for this scan.

* Tick the box next to YES, I accept the Terms of Use.

* Click Start

* When asked, allow the ActiveX control to install

* Click Start

* Make sure that the options Remove found threats and the option Scan unwanted applications is checked

* Click Scan

Wait for the scan to finish

* Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

* Attach that log on your next reply

Thank you

Link to post
Share on other sites

  • Root Admin

Hi Kristell,

I'm sorry but that is only the ActiveX log file showing the scanner was installed. I need to get the actual scan log from the scan that shows what it found.

Please check other log files that might be there if not then it sounds like it may not have actually scanned. It should be very obvious that it's scanning and showing files that it has scanned, etc.

Thanks

Link to post
Share on other sites

It definitely scanned as there were 6 threats which were removed. I have looked in the folders and this is the only log I can see (or txt file for that matter). The programme didn't mention about having saved a log.I have done a search on the computer and think I have found it and have attached it.

Link to post
Share on other sites

  • Root Admin

Thank you.

I assume these are backup files from some backup program you run. You should be able to restore them from quarantine.

How do I restore files quarantined by the ESET Online Scanner?

G:\LIZ-PC\Backup Set 2012-09-09 190013\Backup Files 2012-09-23 190001\Backup files 6.zip    a variant of Win32/InstallCore.W application (deleted - quarantined)    00000000000000000000000000000000    C
G:\LIZ-PC\Backup Set 2012-10-08 064551\Backup Files 2012-10-08 064551\Backup files 24.zip a variant of Win32/InstallCore.W application (deleted - quarantined) 00000000000000000000000000000000 C
G:\LIZ-PC\Backup Set 2012-10-28 190032\Backup Files 2012-10-28 190032\Backup files 24.zip a variant of Win32/InstallCore.W application (deleted - quarantined) 00000000000000000000000000000000 C

Next: Please start Malwarebytes and check for updates and then do a Quick Scan and post back the log on your next reply.

Please let me know how the computer is running now and what if any issues you're still experiencing.

Please run the following mbam-check tool so that we can get a better look at what's going on.

Create an mbam-check log:

Download mbam-check.exe from here and save it to your desktop

http://downloads.malwarebytes.org/file/mbam_check

Double-click on mbam-check.exe to run it. When done it should then open a log file

Please attach the log to your next reply, it should be on your desktop as "CheckResults.txt"

Next, please download DDS from one of the locations below and save it to your desktop.

here: http://download.bleepingcomputer.com/sUBs/dds.scr

or

here: http://download.bleepingcomputer.com/sUBs/dds.com

Temporarily disable any script blocker if your Anti-Virus/Anti-Malware has it.

Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.

Then double click dds.scr or dds.com to run the tool, on Vista or Win 7 right click and select Run as administrator

Click the Run button if prompted with an Open File - Security Warning dialog box.

A black DOS console should open and run for a moment.

When done, DDS will open two (2) logs:

DDS.txt

Attach.txt

Save both reports to your desktop

Please attach the following logs in your next reply: DDS.txt and Attach.txt

You can ignore the note about zipping the Attach.txt file and just attach it to your reply.

Thank you

Link to post
Share on other sites

I am not sure what these back up files are for - the folder G:\LIZ-PC\ appears to be pointing back to my computer.... have attached a screen shot. If I don't need to restore them then I won't - let me know and then I can follow the next set of instructions you left me

Many thanks.

post-52570-0-95214400-1352379870.jpg

Link to post
Share on other sites

  • Root Admin

Sorry for the late reply Kristell

You don't have to restore them if you don't want to.

Please go ahead and run those other scans and send those logs back, also please go ahead and see if you can run MBAM and check for updates and then do a Quick Scan and send me back that log.

Thanks

Ron

Link to post
Share on other sites

  • Root Admin

I would recommend that you uninstall the following toolbars and then run the scanner again and let me know how the computer is running now overall.

AVG Security Toolbar

Yahoo! Toolbar

Please download the adwCleaner

Direct from Author

http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

From BleepingComputer

http://www.bleepingcomputer.com/download/adwcleaner/

Run the Tool

Windows Vista and Windows 7 users

Right click on the adwCleaner.exe program and select the option "Run as administrator"

Select the Delete button.

When the scan completes, it will open a notepad document.

Please save this file somewhere you can remember where it is and attach it on your next reply.

Thanks

Link to post
Share on other sites

Hi there. I haven't had the computer freezing on start up and every thing seems fine. I did have an AVG alert this afternoon - see attached but it seemed to clear it for me. I do so appreciate your time and support and hope that everything is now ok.

Should I reinstall java at all or leave it - I don't seem to be missing it!

post-52570-0-20045400-1352918139.jpg

Link to post
Share on other sites

  • Root Admin

If you can do without Java it would be best to leave it off of your computer. If you get to a website that you really have to use that wants it then make sure you trust the site and go ahead and get the latest Java from www.java.com Just make sure you pay attention and if it asks to install any toolbars such as Ask.com or others the uncheck it to continue the install of Java.

If Malwarebytes is a paid version and running the Protection Module then first open MBAM and go to the Protection tab and uncheck the option "Start with Windows" and restart the computer. Then run this temporary file cleaner below.

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Once that's done then start MBAM and go to the Protection tab and enable the "Start with Windows" checkmark and restart the computer again. If you're using the Free version of Malwarebytes you can ignore the steps about disabling it.

When done please start MBAM and do a Quick Scan and post back that log please.

The file "tblmouse.exe" appears to be related to an Aiptek HyperPen driver

I'm guessing you're possibly running a Graphics Tablet on your computer.

The other file AtwtusbIcon.exe shows 0 of 42 detections at Virustotal so it should be safe but you can upload it and have it scanned at www.virustotal.com

Link to post
Share on other sites

  • 1 month later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.