Help with Infection? - generic29.ajge $Recycle.Bin

[ottoman1980]

Hi everyone,

I'm new here, so please have patience in solving my problem!

I don't know why I didn't come here sooner when I had this infection... I honestly thought AVG had this Trojan Horse virus deactivated and quarantined since it can detect but won't remove it...

Anyway, I've copy and pasted the DDS logs for anyone that's interested, as I noticed someone else on this forum with the same problem had done:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.17.2

Run by Tom Cheng at 22:49:03 on 2013-06-11

Microsoft Windows 7 Professional 6.1.7601.1.1252.2.1033.18.6058.3926 [GMT -4:00]

.

AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\windows\system32\nvvsvc.exe

C:\windows\system32\WLANExt.exe

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe

C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\windows\system32\rundll32.exe

C:\windows\system32\rundll32.exe

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Users\Tom Cheng\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Users\Tom Cheng\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\windows\system32\RunDll32.exe

C:\Program Files (x86)\Stickies\stickies.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\windows\system32\taskeng.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\windows\system32\sppsvc.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe

C:\windows\servicing\TrustedInstaller.exe

C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ca/

uDefault_Page_URL = hxxp://samsung.msn.com

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>

BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [Google Update] "C:\Users\Tom Cheng\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Facebook Update] "C:\Users\Tom Cheng\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [sansaDispatch] C:\Users\Tom Cheng\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

StartupFolder: C:\Users\TOMCHE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tom Cheng\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\TOMCHE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\FACEBO~1.LNK - C:\Users\Tom Cheng\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

StartupFolder: C:\Users\TOMCHE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exe

StartupFolder: C:\Users\TOMCHE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Stickies.lnk - C:\Program Files (x86)\Stickies\stickies.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: DisallowRun = dword:1

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll

IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206

TCP: NameServer = 64.71.255.204 64.71.255.198

TCP: Interfaces\{03AC544D-F80A-42BB-A25E-0FDCDE10FDAF} : DHCPNameServer = 64.71.255.204 64.71.255.198

TCP: Interfaces\{6B605ACF-4CA5-47FE-81FB-A4FDA5CA827A} : DHCPNameServer = 64.71.255.204 64.71.255.198

TCP: Interfaces\{6B605ACF-4CA5-47FE-81FB-A4FDA5CA827A}\14C6078616024456C6471602058696 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{6B605ACF-4CA5-47FE-81FB-A4FDA5CA827A}\348656E67623 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{6B605ACF-4CA5-47FE-81FB-A4FDA5CA827A}\751435147414 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{6B605ACF-4CA5-47FE-81FB-A4FDA5CA827A}\F4D6E4F6D6E4F6D6 : DHCPNameServer = 192.168.0.1

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Tom Cheng\AppData\Roaming\Mozilla\Firefox\Profiles\w0j018ao.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.west.net/~stewart/gre/greplan.htm

FF - prefs.js: keyword.URL - hxxp://ca.search.yahoo.com/search?fr=mcafee&p=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Tom Cheng\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Tom Cheng\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Users\Tom Cheng\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Tom Cheng\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Tom Cheng\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll

FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2013-2-8 71480]

R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2013-2-8 311096]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]

R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2011-7-29 25960]

R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]

R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2013-2-8 206136]

R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2013-3-21 240952]

R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-3-21 45856]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2011-11-16 279616]

R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-7-29 13824]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2013-4-8 103472]

R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-2-9 343032]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-10-8 19192]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-29 2655768]

R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-20 1015984]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2010-11-10 31088]

R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-8-23 317440]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-3 80384]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-3 181248]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-7-29 412264]

R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-11-30 42392]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]

S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]

S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-20 71168]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]

S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-7-29 166704]

S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-10-18 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-06-10 13:25:42 7621368 ----a-w- C:\Program Files\Windows Defender\en-US\systemprofile\AppData\Local\Avg2013\update\backup\avgmfapx.exe

2013-06-03 15:26:16 17993632 ----a-w- C:\Users\Tom Cheng\AdobeAIRInstaller.exe

2013-06-03 12:24:26 22167186 ----a-w- C:\Users\Tom Cheng\anki-2.0.8.exe

2013-06-02 21:19:47 -------- d-----w- C:\Program Files (x86)\ETS

2013-06-02 21:15:24 59584351 ----a-w- C:\Users\Tom Cheng\POWERPREPIIV2_0.exe

2013-05-17 12:40:19 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb

2013-05-16 13:06:14 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys

.

==================== Find3M ====================

.

2013-06-12 01:08:07 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-06-12 01:08:07 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-05-20 19:13:52 45856 ----a-w- C:\windows\System32\drivers\avgtpx64.sys

2013-04-13 18:34:51 4987488 ----a-w- C:\SumatraPDF-2.2.1-install.exe

2013-04-13 08:51:57 340719 ---h--w- C:\~WRL0631.tmp

2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\windows\System32\win32k.sys

2013-04-09 22:07:18 34702513 ----a-w- C:\inkscape-0.48.4-1-win32.exe

2013-04-09 21:56:45 2524336 ----a-w- C:\AdobeDownloadAssistant.exe

2013-04-05 06:52:14 2242048 ----a-w- C:\windows\System32\wininet.dll

2013-04-05 06:50:36 3958784 ----a-w- C:\windows\System32\jscript9.dll

2013-04-05 06:50:31 67072 ----a-w- C:\windows\System32\iesetup.dll

2013-04-05 06:50:31 136704 ----a-w- C:\windows\System32\iesysprep.dll

2013-04-05 05:28:24 1767424 ----a-w- C:\windows\SysWow64\wininet.dll

2013-04-05 05:26:26 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll

2013-04-05 05:26:21 61440 ----a-w- C:\windows\SysWow64\iesetup.dll

2013-04-05 05:26:21 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll

2013-04-05 04:43:00 2706432 ----a-w- C:\windows\System32\mshtml.tlb

2013-04-05 03:51:11 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe

2013-04-05 03:38:25 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe

2013-04-04 18:50:32 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-03-29 06:53:48 246072 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys

2013-03-21 07:08:24 240952 ----a-w- C:\windows\System32\drivers\avgtdia.sys

2013-03-19 06:04:06 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe

2013-03-19 05:53:58 48640 ----a-w- C:\windows\System32\wwanprotdim.dll

2013-03-19 05:53:58 230400 ----a-w- C:\windows\System32\wwansvc.dll

2013-03-19 05:46:56 43520 ----a-w- C:\windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\windows\System32\smss.exe

.

============= FINISH: 22:49:16.76 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 14/10/2011 10:25:07 AM

System Uptime: 11/06/2013 10:45:13 PM (0 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | QX311/QX411/QX412/QX511

Processor: Intel® Core i5-2520M CPU @ 2.50GHz | CPU | 2501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 98 GiB total, 12.909 GiB free.

D: is CDROM ()

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP239: 25/05/2013 2:30:32 PM - Scheduled Checkpoint

RP240: 26/05/2013 7:00:07 PM - Windows Backup

RP241: 02/06/2013 5:19:42 PM - Installed POWERPREP II

RP242: 09/06/2013 6:13:17 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

?? ??? ?? Windows Live Mesh ActiveX ???

??? ActiveX ?? Windows Live Mesh ???? ??????? ???????

???? ??? Windows Live

???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????

???? Windows Live

????? Windows Live

?????? ??????? ?? Windows Live

??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????

??????? Windows Live Mesh ActiveX ??(????)

??????? Windows Live Mesh ActiveX ???

???????? ?????????? Windows Live

????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)

?????????? Windows Live

??????????? ?? Windows Live

ActiveX-kontroll för fjärranslutningar för Windows Live Mesh

ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.01)

Agatha Christie - Death on the Nile

Apple Application Support

Apple Software Update

AVG 2013

AVG Security Toolbar

„Windows Live Essentials“

„Windows Live Mail“

„Windows Live Mesh ActiveX“ nuotoliniu ryšiu valdiklis

„Windows Live Messenger“

„Windows Live“ fotogalerija

BatteryLifeExtender

Bejeweled 2 Deluxe

BitComet 1.29 64-bit

BlackBerry Desktop Software 7.1

BlackBerry Device Software Updater

Build-a-lot

CCleaner

ChargeableUSB

Chinese Simplified Fonts Support For Adobe Reader 9

Chuzzle Deluxe

Contrôle ActiveX Windows Live Mesh pour connexions à distance

Control ActiveX de Windows Live Mesh para conexiones remotas

Control ActiveX Windows Live Mesh pentru conexiuni la distan?a

Controle ActiveX do Windows Live Mesh para Conexões Remotas

Controlo ActiveX do Windows Live Mesh para Ligações Remotas

CyberLink Media Suite

CyberLink Media+ Player10

CyberLink MediaShow

CyberLink Power2Go

CyberLink PowerDirector

CyberLink YouCam

D3DX10

DAEMON Tools Lite

Diner Dash 2 Restaurant Rescue

DivX Web Player

Dropbox

Easy Content Share

Easy Display Manager

Easy Migration

Easy Network Manager

Easy SpeedUp Manager

EasyBatteryManager

EasyFileShare

EndNote X6

Facebook Video Calling 1.2.0.287

FaceGen Exchange v0.5b

Fallout 3

Fallout 3 - The Garden of Eden Creation Kit

Fallout New Vegas

Farm Frenzy

Fast Start

File Splitter and Joiner (FFSJ v3.3)

Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych

Fotogalerija Windows Live

Galeria de Fotografias do Windows Live

Galeria fotografii uslugi Windows Live

Galerie de photos Windows Live

Galerie foto Windows Live

Galería fotográfica de Windows Live

Google Talk Plugin

GraphPad Prism 6 (Trial)

HP Officejet Pro 8500 A910 Basic Device Software

ImageJ 1.46r

Inkscape 0.48.4

Insaniquarium Deluxe

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless WiFi Software

Intel® Rapid Storage Technology

Intel® Turbo Boost Technology Monitor 2.0

Intel® Wireless Display

IrfanView (remove only)

Ivan Image Converter

Java 7 Update 17

Java Auto Updater

John Deere Drive Green

Junk Mail filter update

K-Lite Codec Pack 8.0.0 (Basic)

Kontrola Windows Live Mesh ActiveX za daljinske veze

Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave

Malwarebytes Anti-Malware version 1.75.0.1300

McAfee SiteAdvisor

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Games for Windows - LIVE Redistributable

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Click-to-Run 2010

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Starter 2010 - English

Microsoft Office Word MUI (English) 2007

Microsoft PowerPoint Viewer

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Movie Color Enhancer

Mozilla Firefox 21.0 (x86 en-GB)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

Multimedia POP

Nitro Reader 2

NJStar Chinese WP

NVIDIA Display Control Panel

NVIDIA Graphics Driver 266.72

NVIDIA Install Application

NVIDIA Optimus 1.0.15

NVIDIA Update Components

Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení

Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia

Peggle

Penguins!

Plants vs. Zombies

Poczta uslugi Windows Live

Podstawowe programy Windows Live

Polar Golfer

Pošta Windows Live

POWERPREP II

QuickTime

Raccolta foto di Windows Live

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

ResearchSoft Direct Export Helper

S?????? f?t???af??? t?? Windows Live

Samsung AnyWeb Print

Samsung Printer Live Update

Samsung Recovery Solution 5

Samsung Support Center

Samsung Universal Print Driver

Samsung Universal Scan Driver

Samsung Update Plus

Sansa Updater

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

SketchUp 8

Skype™ 6.3

St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??

Stickies 7.1b

SumatraPDF

Synaptics Pointing Device Driver

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

User Guide

Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi

VC80CRTRedist - 8.0.50727.762

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

VLC media player 2.0.1

WildTangent Games

WildTangent ORB Game Console

WinBMA

Windows Live

Windows Live ??

Windows Live ?? ???

Windows Live ???

Windows Live ????

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotótár

Windows Live Foto-galerija

Windows Live fotoattelu galerija

Windows Live Fotogalerie

Windows Live Fotogalleri

Windows Live Fotogaléria

Windows Live Fotograf Galerisi

Windows Live Galeria de Fotos

Windows Live Galerija fotografija

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger

Windows Live Mesh ActiveX-objekt til fjernforbindelser

Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz

Windows Live Mesh ActiveX control for remote connections

Windows Live Mesh ActiveX kontrola za daljinske veze

Windows Live Mesh ActiveX vadikla attalajiem savienojumiem

Windows Live Meshin etäyhteyksien ActiveX-komponentti

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Pošta

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Temel Parçalar

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Liven asennustyökalu

Windows Liven sähköposti

Windows Liven valokuvavalikoima

WinRAR 4.10 beta 2 (64-bit)

Xvid Video Codec

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

11/06/2013 10:47:34 PM, Error: Service Control Manager [7023] - The WinDefend service terminated with the following error: Access is denied.

11/06/2013 10:46:23 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

11/06/2013 10:45:38 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

11/06/2013 10:45:23 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error Access is denied..

11/06/2013 10:44:32 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

08/06/2013 9:57:11 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

08/06/2013 9:57:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

08/06/2013 9:57:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

08/06/2013 9:57:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

08/06/2013 9:57:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

08/06/2013 9:57:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

08/06/2013 9:57:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

08/06/2013 9:56:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver Avgldx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SABI spldr tdx VWiFiFlt Wanarpv6 WfpLwf

08/06/2013 9:56:58 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

08/06/2013 9:56:58 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

08/06/2013 9:56:58 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

08/06/2013 9:56:58 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

08/06/2013 9:56:58 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

08/06/2013 9:56:58 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

08/06/2013 9:56:58 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

08/06/2013 9:56:58 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

08/06/2013 9:56:58 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

08/06/2013 9:56:58 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

08/06/2013 9:56:58 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

08/06/2013 9:56:58 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

08/06/2013 9:56:58 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.

05/06/2013 5:49:47 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

.

==== End Of File ===========================

Thank you very much in advance for all your help!

[Psychotic]

Hi there,

my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  
• Perform everything in the correct order. Sometimes one step requires the previous one.
  
• If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  
• Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  
• Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

• Double click the mbar.zip file to open it, then 'Extract all files'.
  
• Double click the mbar folder to open it, then double click mbar.exe to start the tool.
  

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-<date and time>***.txt . Please attach that to your next reply.

[ottoman1980]

Hi Marius,

Thank you for your quick response!

I've downloaded the Malwarebytes : Malwarebytes Anti-Rootkit as you have asked and ran it for the first time, but saw this prompt right in the beginning, and am not sure how to proceed:

I clicked "No" and have since exited the program. Please advise, thank you!

[ottoman1980]

Oops, my screenshot did not seem to post, so here's a new post (since I can't find the Edit button!):

[Psychotic]

click no and go on

[ottoman1980]

Hi Marius,

I've copied the content of the MBAM log for your convenience:

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.13.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16576

Tom Cheng :: TOMCHENG-PC [administrator]

12/06/2013 9:38:38 PM

mbar-log-2013-06-12 (21-38-38).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 268325

Time elapsed: 9 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 2

HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Trojan.0Access) -> No action taken.

HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 (Trojan.Zaccess) -> No action taken.

Registry Values Detected: 1

HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\$Recycle.Bin\S-1-5-21-3783882171-3223639534-429939216-1001\$3745cbf71cd36090884cde668f4d895b\n. -> No action taken.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 6

c:\$Recycle.Bin\S-1-5-18\$3745cbf71cd36090884cde668f4d895b\U (Trojan.Siredef.C) -> No action taken.

c:\$Recycle.Bin\S-1-5-21-3783882171-3223639534-429939216-1001\$3745cbf71cd36090884cde668f4d895b\U (Trojan.Siredef.C) -> No action taken.

c:\$Recycle.Bin\S-1-5-18\$3745cbf71cd36090884cde668f4d895b\L (Trojan.Siredef.C) -> No action taken.

c:\$Recycle.Bin\S-1-5-21-3783882171-3223639534-429939216-1001\$3745cbf71cd36090884cde668f4d895b\L (Trojan.Siredef.C) -> No action taken.

c:\$Recycle.Bin\S-1-5-18\$3745cbf71cd36090884cde668f4d895b (Trojan.Siredef.C) -> No action taken.

c:\$Recycle.Bin\S-1-5-21-3783882171-3223639534-429939216-1001\$3745cbf71cd36090884cde668f4d895b (Trojan.Siredef.C) -> No action taken.

Files Detected: 3

c:\$Recycle.Bin\S-1-5-18\$3745cbf71cd36090884cde668f4d895b\@ (Trojan.Siredef.C) -> No action taken.

c:\$Recycle.Bin\S-1-5-21-3783882171-3223639534-429939216-1001\$3745cbf71cd36090884cde668f4d895b\@ (Trojan.Siredef.C) -> No action taken.

c:\$Recycle.Bin\S-1-5-21-3783882171-3223639534-429939216-1001\$3745cbf71cd36090884cde668f4d895b\n (Trojan.0Access) -> No action taken.

Physical Sectors Detected: 0

(No malicious items detected)

(end)

Hope this helps?

[Psychotic]

Run another scan with mbar.exe and click the CleanUp button. It will require a reboot.

When it has rebooted, run another scan with mbar.exe and click CleanUp again if necessary.

Send the mbar-log.txt along with an update on machine behavior.

[ottoman1980]

Hi Marius,

I believe MBAM worked perfectly! I ran a second scan after the cleanup and reboot, and nothing has been detected since! Below is the log:

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.06.13.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16576

Tom Cheng :: TOMCHENG-PC [administrator]

13/06/2013 9:46:01 AM

mbar-log-2013-06-13 (09-46-01).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 268359

Time elapsed: 8 minute(s), 33 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

Thank you so much for your help!

[Psychotic]

We´re not finished yet!

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update

  [*]Press "Scan".[*]It will create a log (FSS.txt) in the same directory the tool is run.[*]Please copy and paste the log to your reply.

[ottoman1980]

Please find the FSS.txt log copied below:

Farbar Service Scanner Version: 13-06-2013

Ran by Tom Cheng (administrator) on 14-06-2013 at 19:02:12

Running from "C:\Users\Tom Cheng\Desktop\TC_JG"

Windows 7 Professional Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is OK.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Windows Update:

============

wuauserv Service is not running. Checking service configuration:

The start type of wuauserv service is OK.

The ImagePath of wuauserv service is OK.

The ServiceDll of wuauserv service is OK.

Windows Autoupdate Disabled Policy:

============================

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys

[2013-06-12 09:30] - [2013-05-08 02:39] - 1910632 ____A (Microsoft Corporation) 9849EA3843A2ADBDD1497E97A85D8CAE

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll

[2013-06-12 09:30] - [2013-05-13 01:51] - 0184320 ____A (Microsoft Corporation) D8129C49798CBBFB2E4351D4B7B8EF9C

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

[Psychotic]

Navigate to the directory you extracted MBAR to.

Open the plugins folder an run fixdamage.exe

Reboot and get a new log from FSS to post here.

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[Psychotic]

Welcome back!

Please navigate to the directory where you extracted mbar to. Open the plugins folder and run fixdamage.exe.

Reboot and post up a new log of FSS.

[ottoman1980]

Hi Marius!

 

Here's what I got from the log:

Farbar Service Scanner Version: 13-06-2013
Ran by Tom Cheng (administrator) on 23-06-2013 at 16:05:29
Running from "C:\Users\Tom Cheng\Desktop\TC_JG"
Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-06-12 09:30] - [2013-05-08 02:39] - 1910632 ____A (Microsoft Corporation) 9849EA3843A2ADBDD1497E97A85D8CAE

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2013-06-12 09:30] - [2013-05-13 01:51] - 0184320 ____A (Microsoft Corporation) D8129C49798CBBFB2E4351D4B7B8EF9C

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

Thanks!

[ottoman1980]

I guess we're all cleared? Thank you very much for your help and patience, Marius!

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!