trogan.agent infected svchost.exe

[JohnnyIN]

I bought the pro version of Malwarebytes. Mbam will see this virus on each scan but is unable to delete it.

Google got hijacked about a month ago. I ended up close to a format/reinstall but a restore seemed to work good enough that Mbam was able to take care of the 1400 or so adware/malware files. About 150 were trogans I think and the rest were adwares. However, this svchost.exe infected file remains but isn't really bothering the system, but it does attempt to start the service and Mbam does stop it from doing so. but dam if it can't delete it.

Also, Mbam show this message "successfully blocked access to a potentially malicious website: ip." about once every minute - it's done this since I installed Mbam about 1 month ago.

here is the log files you requested - also attached Attach.zip):

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26

Run by John at 9:28:34 on 2011-10-25

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4863.3296 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuSchd2.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\AVG\AVG2012\avgui.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.drudgereport.com/

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "C:\Users\John\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mExplorerRun: [2600] C:\PROGRA~3\LOCALS~1\Temp\4558ffff.com

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Lookup on Merriam Webster - file://C:\Program Files (x86)\ieSpell\Merriam Webster.HTM

IE: Lookup on Wikipedia - file://C:\Program Files (x86)\ieSpell\wikipedia.HTM

IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM

IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{58EA8867-46A0-4C50-AA44-71575FEFE773} : DhcpNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

IE-X64: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM

IE-X64: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\3pvsk0hi.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Verizon\VSP\nprpspa.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.9.1\nphdplg.dll

FF - plugin: C:\Users\John\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-6 366152]

R2 ServicepointService;ServicepointService;C:\Program Files (x86)\Verizon\VSP\ServicepointService.exe [2011-2-7 689464]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-9-12 5265248]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-4 135664]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-3-4 135664]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2011-10-25 13:08:27 -------- d-----w- C:\SDFix

2011-10-25 12:04:26 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

2011-10-25 11:45:48 -------- d-----w- C:\Users\John\AppData\Local\{87A1A0CF-3058-4A85-B72C-F72A04C95CFC}

2011-10-25 11:45:38 -------- d-----w- C:\Users\John\AppData\Local\{4D904241-BD88-4823-814C-99B12655A814}

2011-10-24 11:07:48 -------- d-----w- C:\Users\John\AppData\Local\{D7C57C57-F642-4DF9-8706-E87295017A2F}

2011-10-24 11:07:36 -------- d-----w- C:\Users\John\AppData\Local\{9F376A1F-620B-4FE8-916A-13F4CC9D33C1}

2011-10-23 06:12:33 -------- d-----w- C:\Users\John\AppData\Local\{4A65E36C-D671-4006-ADA0-8F5E24E67CDF}

2011-10-22 15:32:01 -------- d-----w- C:\Users\John\AppData\Local\{80137CC2-6FEF-489C-8471-67B8FDA46E9C}

2011-10-22 15:31:50 -------- d-----w- C:\Users\John\AppData\Local\{28245E82-EEF7-41E4-9687-3D69C7EC4636}

2011-10-21 11:35:41 -------- d-----w- C:\Users\John\AppData\Local\{ED5B7959-634B-4FC7-BBEF-16FA13CBCCEE}

2011-10-21 11:35:30 -------- d-----w- C:\Users\John\AppData\Local\{CA39D48E-A45B-4F7A-854F-B506134BE3F7}

2011-10-20 10:01:10 -------- d-----w- C:\Users\John\AppData\Local\{D1C1014E-27E1-4D03-8CAE-5BA4200D2EE8}

2011-10-20 10:00:58 -------- d-----w- C:\Users\John\AppData\Local\{FFBB0D44-25CF-4D12-942C-F5D55FFC066E}

2011-10-19 11:31:59 -------- d-----w- C:\Users\John\AppData\Local\{2133376E-6DCA-4B84-8A5C-C6C16F3E6795}

2011-10-19 11:31:48 -------- d-----w- C:\Users\John\AppData\Local\{8E8A8BB9-376C-410D-9A3F-F125F1EA098F}

2011-10-18 11:15:44 -------- d-----w- C:\Users\John\AppData\Local\{ED645F67-2D08-4146-82FE-7D97EF1076F8}

2011-10-18 11:15:33 -------- d-----w- C:\Users\John\AppData\Local\{2BCE7719-2E44-433B-A933-8EB8EEF05B3A}

2011-10-17 11:00:29 -------- d-----w- C:\Users\John\AppData\Local\{404BC22B-63EA-4A72-B989-FF21AD3217CA}

2011-10-17 11:00:17 -------- d-----w- C:\Users\John\AppData\Local\{073FD90B-AB88-4744-AFAB-AC0CA34CB0CA}

2011-10-16 01:24:44 -------- d-----w- C:\Users\John\AppData\Local\{19612B3C-D39C-4910-8D6E-0D5620D5900F}

2011-10-16 01:24:33 -------- d-----w- C:\Users\John\AppData\Local\{340089A6-24A7-440C-A862-13130C6255CB}

2011-10-14 11:13:12 -------- d-----w- C:\Users\John\AppData\Local\{2A43C0C6-2D34-457D-BB46-071A51A07C43}

2011-10-14 11:13:01 -------- d-----w- C:\Users\John\AppData\Local\{DCAE35A5-0514-46CB-A6A4-B3D747AABFEB}

2011-10-13 11:44:59 108032 ----a-w- C:\Windows\System32\psisrndr.ax

2011-10-13 11:44:46 861696 ----a-w- C:\Windows\System32\oleaut32.dll

2011-10-13 11:44:46 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-10-13 11:44:46 331776 ----a-w- C:\Windows\System32\oleacc.dll

2011-10-13 11:44:46 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll

2011-10-13 11:43:08 -------- d-----w- C:\Users\John\AppData\Local\{176EDFF8-144D-436E-976D-C3538FD742EF}

2011-10-13 11:42:55 -------- d-----w- C:\Users\John\AppData\Local\{9E8F1B2B-3A68-4324-A38B-48F2E46CE7D2}

2011-10-12 23:17:47 -------- d-----w- C:\Users\John\AppData\Local\{DDF9BA6D-1A38-4FAB-BB5B-8594F8802418}

2011-10-12 11:17:20 -------- d-----w- C:\Users\John\AppData\Local\{5DC44479-9A05-4F92-8507-3C9E756ECD38}

2011-10-12 11:17:08 -------- d-----w- C:\Users\John\AppData\Local\{6828D2B0-D1DE-426F-A6D7-A12C3AAA53BC}

2011-10-11 23:09:22 -------- d-----w- C:\Users\John\AppData\Local\{90CE2818-362F-44FB-BE74-5414672D1A7C}

2011-10-11 23:09:05 -------- d-----w- C:\Users\John\AppData\Local\{0D591912-2400-4AF8-9AFB-07E0535E876E}

2011-10-11 13:49:02 -------- d-----w- C:\Users\John\AppData\Roaming\SUPERAntiSpyware.com

2011-10-11 13:48:38 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2011-10-11 13:48:38 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2011-10-11 12:13:48 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8517B32D-C1F8-4083-969B-6ED92B7F8A3D}\mpengine.dll

2011-10-11 11:08:21 -------- d-----w- C:\Users\John\AppData\Local\{7D12644C-9C58-42AD-96DE-4D090B9D17C4}

2011-10-11 11:08:11 -------- d-----w- C:\Users\John\AppData\Local\{929B553D-2462-4A02-B1F8-11567DB0093E}

2011-10-10 11:36:38 -------- d-----w- C:\Users\John\AppData\Local\{09B9B371-A514-44C6-BEE4-6B98993CF3BF}

2011-10-10 11:36:26 -------- d-----w- C:\Users\John\AppData\Local\{F8981474-757E-423D-A572-39ADE2FEC710}

2011-10-10 11:35:35 -------- d-----w- C:\Users\John\AppData\Roaming\AVG2012

2011-10-07 23:26:32 -------- d-----w- C:\Windows\System32\drivers\AVG

2011-10-07 11:42:29 -------- d-----w- C:\Users\John\AppData\Local\{DDD30F42-BE67-4882-A6CA-D478B0662645}

2011-10-07 11:42:19 -------- d-----w- C:\Users\John\AppData\Local\{58BB0ED0-832B-43EF-9097-05335DAA89FD}

2011-10-06 21:22:23 -------- d-----w- C:\ProgramData\Recovery

2011-10-06 18:09:10 -------- d-----w- C:\Users\John\AppData\Roaming\Malwarebytes

2011-10-06 18:09:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-10-06 17:54:31 -------- d-----w- C:\Users\John\AppData\Roaming\DigiData

2011-10-06 17:39:56 2412032 ----a-w- C:\Windows\SysWow64\jVlIBtzPNc1v2b4.exe

2011-10-06 17:39:53 2412032 ----a-w- C:\Windows\SysWow64\LL9gTXqjYeIrOtA.exe

2011-10-06 17:39:48 2412032 ----a-w- C:\Windows\SysWow64\cEL9gTZqj.exe

2011-10-06 17:39:42 2412032 ----a-w- C:\Windows\SysWow64\LNyxA1uvSoFpGa.exe

2011-10-06 17:39:40 2412032 ----a-w- C:\Windows\SysWow64\Yf9jIlxuiDnaHJg.exe

2011-10-06 17:39:40 2412032 ----a-w- C:\Windows\SysWow64\AnaHW7LZhwVlt0S.exe

2011-10-06 17:39:35 2412032 ----a-w- C:\Windows\SysWow64\KLgTZqYCwIrOtPu.exe

2011-10-06 16:53:24 2412032 ----a-w- C:\Windows\SysWow64\P5sQJ6dEKfZhwCl.exe

2011-10-06 16:53:21 0 ----a-w- C:\Windows\SysWow64\YTQujsDlKvwbj2R.exe

2011-10-06 16:53:21 0 ----a-w- C:\Windows\SysWow64\ym1U7vwbj2R.exe

2011-10-06 15:24:30 0 ----a-w- C:\Windows\SysWow64\gRZ9hTXwjClBzNF.exe

2011-10-06 15:13:38 -------- d-----w- C:\Users\John\AppData\Local\{5E5E09F9-8EF8-43A5-9A24-3BB41C28F4AC}

2011-10-06 15:12:33 -------- d-----w- C:\Users\John\AppData\Local\{EAE926E4-8E96-4360-A183-5839F96399E9}

2011-10-06 12:01:47 -------- d-----w- C:\Users\John\AppData\Local\{3553A3ED-76C6-427F-9255-8E30BE9A6242}

2011-10-06 12:01:36 -------- d-----w- C:\Users\John\AppData\Local\{D5B502B3-7F1F-4BCB-8F4C-B66741058D86}

2011-10-05 11:50:33 -------- d-----w- C:\Users\John\AppData\Local\{E0FEA9F5-C370-447A-BED7-830C479EDEFF}

2011-10-05 11:50:23 -------- d-----w- C:\Users\John\AppData\Local\{6E4F8430-082B-49F4-B74F-36EB2414F9A0}

2011-10-04 14:28:09 -------- d-----w- C:\ProgramData\SecTaskMan

2011-10-04 11:42:22 -------- d-----w- C:\Users\John\AppData\Local\{D5FA624F-8EEF-4DF3-8A45-E47EDD3442D5}

2011-10-04 11:42:12 -------- d-----w- C:\Users\John\AppData\Local\{B85BE70A-A067-4BFD-AC71-DE8E862DB8ED}

2011-10-03 21:07:14 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE

2011-10-03 11:44:17 -------- d-----w- C:\Users\John\AppData\Local\{EFAF7A11-7BE6-44D5-AE59-348FFB7CEBDA}

2011-10-03 11:44:05 -------- d-----w- C:\Users\John\AppData\Local\{833232DB-F594-4743-8FE7-D8791C335F02}

2011-09-30 11:56:56 -------- d-----w- C:\Users\John\AppData\Local\{A9AA6983-4922-4CFA-92EA-7346362DC992}

2011-09-30 11:56:46 -------- d-----w- C:\Users\John\AppData\Local\{48017AF9-8C12-4096-BAAE-6A9F82535571}

2011-09-29 17:22:12 -------- d-----we C:\Windows\system64

2011-09-29 11:51:39 -------- d-----w- C:\Users\John\AppData\Local\{66BB63D4-F00A-492B-909E-DDBC1056D048}

2011-09-29 11:51:28 -------- d-----w- C:\Users\John\AppData\Local\{427CF45E-F1BF-4407-8337-D63D28C5DDBD}

2011-09-28 11:29:15 -------- d-----w- C:\Users\John\AppData\Local\{ABEAEE01-5EE4-4450-A473-DD33025AD3B9}

2011-09-28 11:29:04 -------- d-----w- C:\Users\John\AppData\Local\{BC745C3F-0C86-4C06-BFA4-94CCA836EDAF}

2011-09-27 11:31:58 -------- d-----w- C:\Users\John\AppData\Local\{0C7AF373-1A2E-4684-A69C-A9B5ECC58AF3}

2011-09-27 11:31:47 -------- d-----w- C:\Users\John\AppData\Local\{7C19F440-02FC-42F0-B06B-0F0AC5725175}

2011-09-26 11:30:23 -------- d-----w- C:\Users\John\AppData\Local\{9842AB8B-86A6-47BA-A1C3-196F33F3CF1C}

2011-09-26 11:30:10 -------- d-----w- C:\Users\John\AppData\Local\{2AEE5654-73E5-4001-AC61-92C3357D6A37}

.

==================== Find3M ====================

.

2011-10-22 15:31:38 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-09-13 10:30:08 37456 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys

2011-08-31 21:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll

2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll

2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax

2011-08-08 10:08:58 46672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

.

============= FINISH: 9:29:09.49 ===============

Attach.zip

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[screen317]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!