PC shutting down

  1. 04-12-2011  #1
    theoldandgrey
    theoldandgrey is offline Valued Member

    PC shutting down

    Hi
    I ghave problems with my pc shutting down and Digerati has been helping me. He now suggests that before going further your section gives me advice. I ran Malwarebytes under his instruction and this found 30+ infections which included 2 trojans - VUndo. I sleared all these and as you see the next run was clear:

    Malwarebytes' Anti-Malware 1.51.2.1300
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 8307

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    04 12 11 10:59:11
    mbam-log-2011-12-04 (10-59-11).txt

    Scan type: Quick scan
    Objects scanned: 225169
    Time elapsed: 16 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    The next one is GMER and I had a problem with the pc shutting fown several times so this may be incomplete:

    GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
    Rootkit scan 2011-12-04 19:31:54
    Windows 6.1.7601 Service Pack 1
    Running: GMER.exe; Driver: C:\Users\Vivian\AppData\Local\Temp\uxdiypod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x8C06D080]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8C06DBDE]
    SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\Rap portCerberus\baseline\RapportCerberus32_32301.sys ZwCreateThreadEx [0x89B357B0]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x8C06DDD6]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8C0715AC]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8C0715DE]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x8C071740]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8C06DCF6]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0x9C166F3C]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x8C06D3EA]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x8C06D51C]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8C0716B6]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8C071620]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8C071652]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x8C071684]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x8C06D026]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x8C06DE7C]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x8C071544]
    SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x8C06CFC0]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0x9C166FE4]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0x9C167080]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0x9C16711C]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwSaveKey + 13CD 82C899C9 1 Byte [06]
    .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82CA94E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntoskrnl.exe!KeRemoveQueueEx + 141B 82CB07B8 4 Bytes [80, D0, 06, 8C]
    .text ntoskrnl.exe!KeRemoveQueueEx + 1477 82CB0814 4 Bytes [DE, DB, 06, 8C]
    .text ntoskrnl.exe!KeRemoveQueueEx + 14CF 82CB086C 4 Bytes [B0, 57, B3, 89] {MOV AL, 0x57; MOV BL, 0x89}
    .text ntoskrnl.exe!KeRemoveQueueEx + 1507 82CB08A4 8 Bytes [D6, DD, 06, 8C, AC, 15, 07, ...]
    .text ntoskrnl.exe!KeRemoveQueueEx + 1517 82CB08B4 4 Bytes [DE, 15, 07, 8C]
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[320] ntdll.dll!KiUserApcDispatcher 779A6F58 5 Bytes JMP 00445210 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[320] WS2_32.dll!getaddrinfo 75E34296 5 Bytes JMP 71A50022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[320] WS2_32.dll!gethostbyname 75E47673 5 Bytes JMP 71AE0022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1024] ntdll.dll!KiUserApcDispatcher 779A6F58 5 Bytes JMP 00414D50 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1024] WS2_32.dll!getaddrinfo 75E34296 5 Bytes JMP 71A40022
    .text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1024] WS2_32.dll!gethostbyname 75E47673 5 Bytes JMP 71AD0022

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74612437] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745F5600] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745F56BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746124B2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74608514] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74604CC8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7460506F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74605144] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [74606671] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7460826B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [746087BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7460901B] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7460E1BE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[588] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74604BFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_65 95b64144ccf1df_1.1.7601.17514_none_72d18a4386696c8 0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{4 C5784CC-7F5D-11E0-AEF6-806E6F6E6963} 12272087328

    ---- EOF - GMER 1.0.15 ----

    The next is MBR

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-12-04 19:34:58
    -----------------------------
    19:34:58.292 OS Version: Windows 6.1.7601 Service Pack 1
    19:34:58.292 Number of processors: 2 586 0xF0D
    19:34:58.292 ComputerName: VIVIAN-PC UserName: Vivian
    19:35:00.136 Initialize success
    19:36:45.669 AVAST engine defs: 11120401
    19:37:12.185 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
    19:37:12.185 Disk 0 Vendor: ST3250318AS CC37 Size: 238475MB BusType: 3
    19:37:14.201 Disk 0 MBR read successfully
    19:37:14.201 Disk 0 MBR scan
    19:37:14.216 Disk 0 Windows 7 default MBR code
    19:37:14.216 Disk 0 scanning sectors +488394752
    19:37:14.279 Disk 0 scanning C:\Windows\system32\drivers
    19:37:27.154 Service scanning
    19:37:28.419 Modules scanning
    19:37:35.154 Disk 0 trace - called modules:
    19:37:35.185 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
    19:37:35.185 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859f1a78]
    19:37:35.201 3 CLASSPNP.SYS[89a8759e] -> nt!IofCallDriver -> [0x85526938]
    19:37:35.201 5 ACPI.sys[8924e3d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0x8555c030]
    19:37:37.388 AVAST engine scan C:\Windows
    19:37:41.294 AVAST engine scan C:\Windows\system32
    19:40:19.029 AVAST engine scan C:\Windows\system32\drivers
    19:40:34.544 AVAST engine scan C:\Users\Vivian
    19:53:37.007 AVAST engine scan C:\ProgramData
    19:55:14.898 Scan finished successfully
    19:55:53.695 Disk 0 MBR has been saved successfully to "C:\Users\Vivian\Desktop\MBR.dat"
    19:55:53.710 The log file has been saved successfully to "C:\Users\Vivian\Desktop\aswMBRlog.txt"

    Finally DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
    Run by Vivian at 20:06:40 on 2011-12-04
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1983.826 [GMT 0:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files\Greeting Card Factory Deluxe 7.0\ReminderApp.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
    BHO: InvisibleHand Extension: {d17b46f2-99a5-462c-b92c-209285e2e2b4} - c:\program files\invisiblehand\invisiblehand\InvisibleHand.dl l
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\8.0.0.40\AVG Secure Search_toolbar.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "c:\users\vivian\appdata\local\google\update\Googl eUpdate.exe" /c
    uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [ReminderApp] c:\program files\greeting card factory deluxe 7.0\ReminderApp.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\eventr~1.lnk - c:\program files\broderbund\printmaster\PMremind.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {A3D9E1A6-5D6F-40DE-AC2A-87BBF3508387} - {A3D9E1A6-5D6F-40DE-AC2A-87BBF3508387} - c:\program files\invisiblehand\invisiblehand\InvisibleHand.dl l
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://download-games.pogo.com/online2/pogo/luxor_amun_rising/mjolauncher.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{5049EB3B-156E-41B3-A263-DE88ABAD5200} : DhcpNameServer = 192.168.1.254
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\vivian\appdata\roaming\mozilla\firefox\pr ofiles\w79apupd.default\
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B70620476-279f-473b-906f-894ad2d51cdb%7D&mid=5a7160dcb12047d1b490d168c377cc 89-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v= 8.0.0.40&lang=en&pr=fr&d=2011-11-17%2014%3A30%3A06&sap=ku&q=
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dl l
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinti ng.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.d ll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
    FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    FF - component: c:\users\vivian\appdata\roaming\mozilla\firefox\pr ofiles\w79apupd.default\extensions\avg@toolbar\com ponents\toolbarhomewmp.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
    FF - Ext: AVG Security Toolbar: avg@toolbar - %profile%\extensions\avg@toolbar
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGI DSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R0 RapportKELL;RapportKELL;c:\windows\system32\driver s\RapportKELL.sys [2011-11-7 56208]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R1 RapportCerberus_32301;RapportCerberus_32301;c:\pro gramdata\trusteer\rapport\store\exts\rapportcerber us\baseline\RapportCerberus32_32301.sys [2011-11-7 227312]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2011-11-7 71440]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2011-11-7 164112]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2011-11-7 931640]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\driv ers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\driv ers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\ AVGIDSShim.sys [2011-10-4 16720]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-31 136176]
    S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 CompFilter;UVCCompositeFilter;c:\windows\system32\ drivers\lvbusflt.sys [2011-8-19 22176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-31 136176]
    S3 RapportIaso;RapportIaso;c:\programdata\trusteer\ra pport\store\exts\rapportms\28896\RapportIaso.sys [2011-8-7 21520]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revofl t.sys [2011-9-13 27192]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUs bFlt.sys [2011-6-24 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-5-16 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-12-04 10:37:27 -------- d-----w- c:\users\vivian\appdata\local\{016C527A-EDAA-482B-BC4B-90A4FADF1E15}
    2011-12-04 10:37:07 -------- d-----w- c:\users\vivian\appdata\local\{C8F03220-668D-446C-A6B0-33AE8CAB7575}
    2011-12-03 21:24:00 -------- d-----w- c:\users\vivian\appdata\roaming\Malwarebytes
    2011-12-03 21:23:53 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-03 21:23:49 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-03 21:23:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-03 21:19:03 -------- d-----w- c:\users\vivian\appdata\local\{FE653EBE-1C13-4A9C-84CB-25C21A44F51E}
    2011-12-03 21:18:50 -------- d-----w- c:\users\vivian\appdata\local\{1C3EB9A7-2AAC-49BE-9635-E9E3305A08BA}
    2011-12-03 08:38:15 -------- d-----w- c:\users\vivian\appdata\local\{2855153E-0C41-46B2-B80B-A36601676C67}
    2011-12-03 08:38:03 -------- d-----w- c:\users\vivian\appdata\local\{8833AF49-E8AD-4561-964D-05A4661DDA82}
    2011-12-02 09:03:12 -------- d-----w- c:\users\vivian\appdata\local\{497E8925-A2B6-4D1E-AA02-36AD45BCE3B7}
    2011-12-02 09:03:01 -------- d-----w- c:\users\vivian\appdata\local\{286CEFE1-6DD1-4E4A-A0FB-39A4314BC128}
    2011-12-02 08:39:25 -------- d-----w- c:\users\vivian\appdata\local\{F5221AE3-1FFC-4919-B02A-01AD903476E8}
    2011-12-02 08:29:35 -------- d-----w- c:\users\vivian\appdata\local\{EB5D49FB-2B6B-4A66-ABA5-AF9D49763188}
    2011-12-02 08:29:24 -------- d-----w- c:\users\vivian\appdata\local\{1624C20D-75EF-44D9-842B-7892F4B757DF}
    2011-12-01 19:07:48 -------- d-----w- c:\users\vivian\appdata\local\{66923D4A-9AE0-4E45-95D6-806ECBBBAA88}
    2011-12-01 19:07:35 -------- d-----w- c:\users\vivian\appdata\local\{B4517B9D-7E78-4EFD-9226-DCA352E27B0A}
    2011-12-01 08:12:57 -------- d-----w- c:\users\vivian\appdata\local\{ACCC1FCA-E5FA-4836-9149-EBD386444BD9}
    2011-12-01 08:12:47 -------- d-----w- c:\users\vivian\appdata\local\{5A1C06C1-BA6D-4FDA-A194-A57D01BF9D0D}
    2011-11-30 08:34:43 -------- d-----w- c:\users\vivian\appdata\local\{2D270DFE-7C11-479C-BF38-3CEC6DC668BA}
    2011-11-30 08:34:32 -------- d-----w- c:\users\vivian\appdata\local\{317A2E75-672D-42E5-BE31-35DC127EE224}
    2011-11-29 08:30:16 -------- d-----w- c:\users\vivian\appdata\local\{8A409E32-89AC-4570-BD48-7317F10BA0DA}
    2011-11-29 08:30:05 -------- d-----w- c:\users\vivian\appdata\local\{2DDC7FF2-69F2-43DB-A415-CE4BEB151878}
    2011-11-28 09:06:22 -------- d-----w- c:\users\vivian\appdata\local\{8779173E-F8AE-4E04-9F25-56C73D17AE25}
    2011-11-28 09:06:11 -------- d-----w- c:\users\vivian\appdata\local\{02AA0202-50E6-4C3D-9E95-B5C1DBDFC2E5}
    2011-11-27 21:05:46 -------- d-----w- c:\users\vivian\appdata\local\{E1AD54EA-AD6F-4654-A0A5-86EA49D67A1F}
    2011-11-27 21:05:35 -------- d-----w- c:\users\vivian\appdata\local\{C1781CE1-63F8-46F1-BE57-2A6F3E47A32B}
    2011-11-27 08:44:34 -------- d-----w- c:\users\vivian\appdata\local\{81BB219E-34DC-4F22-A4B7-F125A985481A}
    2011-11-27 08:44:22 -------- d-----w- c:\users\vivian\appdata\local\{21AD1C71-7445-48C9-BA92-9A358696BF91}
    2011-11-26 08:45:02 -------- d-----w- c:\users\vivian\appdata\local\{375B7905-E9AF-437C-BE8E-C587C7B87E4D}
    2011-11-26 08:44:48 -------- d-----w- c:\users\vivian\appdata\local\{0125E240-FB61-41A0-8BA7-5459AEEC63CB}
    2011-11-25 08:16:45 -------- d-----w- c:\users\vivian\appdata\local\{37A065D5-F5F0-4093-A7D3-EDF3DD2AFF66}
    2011-11-25 08:16:34 -------- d-----w- c:\users\vivian\appdata\local\{269BEB40-8D78-4942-9EA5-EF3F7277E8C5}
    2011-11-24 11:27:46 -------- d-----w- c:\users\vivian\appdata\local\{C6548301-5350-420A-8259-FA0057765ABC}
    2011-11-24 11:27:35 -------- d-----w- c:\users\vivian\appdata\local\{2C0B273A-F73D-4BF0-B965-19442B96EF9E}
    2011-11-23 22:12:00 -------- d-----w- c:\users\vivian\appdata\local\{0F035218-5221-4807-B243-B4A02EAFFF33}
    2011-11-23 22:11:48 -------- d-----w- c:\users\vivian\appdata\local\{EF65896F-9CE0-4CDB-9BE8-9FF4B859807E}
    2011-11-23 08:27:58 -------- d-----w- c:\users\vivian\appdata\local\{62EF62DB-B722-4AB6-8777-FC25DE4A94F0}
    2011-11-23 08:27:46 -------- d-----w- c:\users\vivian\appdata\local\{B912E86D-4C10-45E9-ADFC-4CE66F20AC20}
    2011-11-22 08:25:39 -------- d-----w- c:\users\vivian\appdata\local\{3E5599C6-CA34-4AEC-8126-09A1A9FFCB11}
    2011-11-22 08:25:26 -------- d-----w- c:\users\vivian\appdata\local\{8042E057-2063-4464-AE95-46834E6EC8A7}
    2011-11-21 08:24:53 -------- d-----w- c:\users\vivian\appdata\local\{5CE91CBE-3531-4A49-B2E8-09393C9700A3}
    2011-11-21 08:24:39 -------- d-----w- c:\users\vivian\appdata\local\{DB49E4A7-3087-48D5-94F2-B60AE99B9663}
    2011-11-20 10:51:39 -------- d-----w- c:\users\vivian\appdata\local\{21FFD284-2B0D-4D3C-81A5-52949AABD724}
    2011-11-20 10:51:28 -------- d-----w- c:\users\vivian\appdata\local\{8B89E676-36A7-499A-94DE-4E79E5FAAF91}
    2011-11-19 21:22:43 -------- d-----w- c:\users\vivian\appdata\local\{8079EC65-819F-40AD-ADFB-04DBAFE9FFDF}
    2011-11-19 21:22:31 -------- d-----w- c:\users\vivian\appdata\local\{F10A389D-254D-4D01-A07F-76E34709E33F}
    2011-11-19 08:30:08 -------- d-----w- c:\users\vivian\appdata\local\{5BC49F13-D421-4A65-B861-3A05785D8FB2}
    2011-11-19 08:29:57 -------- d-----w- c:\users\vivian\appdata\local\{D8AB7C61-BF67-4D1E-9956-6379ADB8F344}
    2011-11-18 08:34:03 -------- d-----w- c:\users\vivian\appdata\local\{99F111C4-E2D0-43B1-A06D-85E369C13FBD}
    2011-11-18 08:33:44 -------- d-----w- c:\users\vivian\appdata\local\{660784BC-DB14-43CC-A1E8-35C0503CF9BB}
    2011-11-17 14:40:47 -------- d-----w- c:\users\vivian\appdata\local\Microsoft Corporation
    2011-11-17 14:39:23 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2011-11-17 14:30:03 -------- d-----w- c:\program files\AVG Secure Search
    2011-11-17 14:29:13 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-11-17 08:30:39 -------- d-----w- c:\users\vivian\appdata\local\{4E551048-9051-46C6-9EAE-A1BD7A8F1477}
    2011-11-17 08:30:25 -------- d-----w- c:\users\vivian\appdata\local\{E3ACA4BC-01A0-47E5-B640-EA150E4E117A}
    2011-11-16 08:18:19 -------- d-----w- c:\users\vivian\appdata\local\{A62E0949-33D3-4ED3-B30C-0F9E85E5D08B}
    2011-11-16 08:18:07 -------- d-----w- c:\users\vivian\appdata\local\{0C1182FD-0BF0-4DA0-A8F5-A049D4FC1F52}
    2011-11-15 13:49:27 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
    2011-11-15 13:49:24 -------- d-----w- c:\programdata\W3i
    2011-11-15 13:49:24 -------- d-----w- c:\program files\W3i
    2011-11-15 08:23:21 -------- d-----w- c:\users\vivian\appdata\local\{BBE3D822-6063-4957-B673-5EDA6D324600}
    2011-11-15 08:23:08 -------- d-----w- c:\users\vivian\appdata\local\{4412394D-8BF2-43F4-8D69-F9FDF51C783D}
    2011-11-14 08:25:04 -------- d-----w- c:\users\vivian\appdata\local\{B09C7B01-27C4-42B5-BFCF-6A46F92BF7BB}
    2011-11-14 08:24:48 -------- d-----w- c:\users\vivian\appdata\local\{D6692FFD-7886-4B37-BD2E-2B0CA07858ED}
    2011-11-13 08:39:19 -------- d-----w- c:\users\vivian\appdata\local\{FB7FF2FD-1697-4AEA-815D-936E8B809B44}
    2011-11-13 08:39:06 -------- d-----w- c:\users\vivian\appdata\local\{4C883B9A-2AF0-4744-948D-E7E6371E070D}
    2011-11-12 08:19:57 -------- d-----w- c:\users\vivian\appdata\local\{DD3812CC-2E4A-456E-B404-1F25F715D125}
    2011-11-12 08:19:42 -------- d-----w- c:\users\vivian\appdata\local\{75C95758-07B6-476D-BB0C-F351A9C2AFFA}
    2011-11-11 08:23:00 -------- d-----w- c:\users\vivian\appdata\local\{7FF6A109-7A3F-412D-9BA4-0D33D66B5EE5}
    2011-11-11 08:22:48 -------- d-----w- c:\users\vivian\appdata\local\{CAB85C89-C1B8-45E1-A66E-3D4377AD8A34}
    2011-11-10 12:25:37 -------- d-----w- c:\users\vivian\appdata\local\{E856A06C-09F6-46FD-960F-9801EE558B6C}
    2011-11-10 12:25:21 -------- d-----w- c:\users\vivian\appdata\local\{3419120A-F771-47B1-A835-DC57BE0D94FC}
    2011-11-10 08:18:02 -------- d-----w- c:\users\vivian\appdata\local\{DAB1E30C-69F6-47FE-AA76-E43E6DD2D7BF}
    2011-11-10 08:17:52 -------- d-----w- c:\users\vivian\appdata\local\{187B99D9-2264-4D42-A2A8-9164D4A5741C}
    2011-11-09 08:29:36 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 08:29:34 708608 ----a-w- c:\program files\common files\system\wab32.dll
    2011-11-09 08:29:32 2341888 ----a-w- c:\windows\system32\win32k.sys
    2011-11-09 08:28:19 -------- d-----w- c:\users\vivian\appdata\local\{5C46CF86-7913-4953-8AE2-D7FE01F6F875}
    2011-11-09 08:28:07 -------- d-----w- c:\users\vivian\appdata\local\{2B068A81-7854-4277-B32B-4FE716DD2EEC}
    2011-11-08 07:40:36 -------- d-----w- c:\users\vivian\appdata\local\{9A89F01A-D788-4B14-9658-F22F4DBE4E93}
    2011-11-08 07:40:24 -------- d-----w- c:\users\vivian\appdata\local\{9F5DE28A-C1C2-48DD-93DD-91BCD1967FD9}
    2011-11-07 21:28:38 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-11-07 08:52:14 -------- d-----w- c:\users\vivian\appdata\local\{23651778-A3FB-4B29-AC9E-8D16E77D85A6}
    2011-11-07 08:52:03 -------- d-----w- c:\users\vivian\appdata\local\{96809DE1-7721-44E9-8738-6C5A2367684E}
    2011-11-06 08:33:34 -------- d-----w- c:\users\vivian\appdata\local\{8F34A1B7-2CFB-46B2-B931-E34B81171730}
    2011-11-06 08:33:22 -------- d-----w- c:\users\vivian\appdata\local\{04F886CF-9739-49B9-ABAD-1904A3DEB9CD}
    2011-11-05 08:20:16 -------- d-----w- c:\users\vivian\appdata\local\{D7B55092-AB9B-45AA-A361-8274FC5AC726}
    2011-11-05 08:20:03 -------- d-----w- c:\users\vivian\appdata\local\{D844749B-0561-421E-BD36-C255F4AF835B}
    .
    ==================== Find3M ====================
    .
    2011-11-17 14:02:13 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-07 06:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 0628 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-10-03 05:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-01 02:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-09-13 06:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    2011-03-30 10:40:34 517976 ----a-w- c:\program files\DXSETUP.exe
    2011-03-30 10:40:32 95576 ----a-w- c:\program files\DSETUP.dll
    2011-03-30 10:40:32 1566040 ----a-w- c:\program files\dsetup32.dll
    .
    ============= FINISH: 20:09:00.92 ===============
    and Attach

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 15 05 11 19:04:45
    System Uptime: 04 12 11 20:05:28 (0 hours ago)
    .
    Motherboard: MSI | | MS-7366
    Processor: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz | CPU 1 | 2003/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 82.022 GiB free.
    D: is Removable
    E: is CDROM ()
    F: is FIXED (NTFS) - 0 GiB total, 0.031 GiB free.
    H: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_14F1&DEV_1036&SUBSYS_027013E0&REV_08\4&2DA DEB9F&0&3850
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_14F1&DEV_1036&SUBSYS_027013E0&REV_08\4&2DA DEB9F&0&3850
    Service:
    .
    Class GUID:
    Description: Coprocessor
    Device ID: PCI\VEN_10DE&DEV_07DA&SUBSYS_73661462&REV_A2\3&267 A616A&0&1B
    Manufacturer:
    Name: Coprocessor
    PNP Device ID: PCI\VEN_10DE&DEV_07DA&SUBSYS_73661462&REV_A2\3&267 A616A&0&1B
    Service:
    .
    ==== System Restore Points ===================
    .
    RP238: 11 11 11 08:23:14 - Installed Rapport
    RP239: 11 11 11 18:28:16 - Windows Update
    RP240: 17 11 11 14:28:15 - Installed AVG 2012
    RP241: 17 11 11 14:28:49 - Installed AVG 2012
    RP242: 17 11 11 14:38:48 - Installed Windows 7 Upgrade Advisor
    RP243: 17 11 11 14:50:57 - Windows Update
    RP244: 25 11 11 09:27:27 - Scheduled Checkpoint
    RP246: 28 11 11 09:46:48 - Paint.NET v3.5.10
    RP247: 30 11 11 19:02:40 - Windows Update
    RP248: 01 12 11 18:08:38 - Restore Operation
    .
    ==== Installed Programs ======================
    .
    32 Bit HP CIO Components Installer
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Photoshop Elements 2.0
    Adobe Reader X (10.1.1)
    AIO_Scan
    ArcSoft PhotoImpression 6
    ArcSoft PhotoStudio Darkroom 2
    AVG 2012
    Azteca
    Beetle Bug 2 (CD version)
    BufferChm
    C6200
    C6200_Help
    CameraHelperMsi
    Compatibility Pack for the 2007 Office system
    Copy
    CutePDF Writer 2.8
    D3DX10
    Destinations
    DeviceDiscovery
    DHTML Editing Component
    DocProc
    erLT
    Fax
    File Type Assistant
    Google Chrome
    Google Update Helper
    GPBaseService2
    Greeting Card Factory Deluxe 7.0
    HP Customer Participation Program 13.0
    HP Imaging Device Functions 13.0
    HP Photosmart All-In-One Driver Software 13.0 Rel. 2
    HP Photosmart Essential 3.5
    HP Smart Web Printing 4.51
    HP Solution Center 13.0
    HP Update
    HPPhotoGadget
    HPPhotoSmartDiscLabel_PaperLabel
    HPPhotoSmartDiscLabel_PrintOnDisc
    HPPhotoSmartDiscLabelContent1
    hpphotosmartdisclabelplugin
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    InstallIQ Updater
    Internet Explorer (Enable DEP)
    InvisibleHand
    Jasc Paint Shop Pro 8
    Java Auto Updater
    Java(TM) 6 Update 29
    Junk Mail filter update
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MarketResearch
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2000 Disc 2
    Microsoft Office 2000 Small Business
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Web Publishing Wizard 1.52
    Mozilla Firefox (3.6.24)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network
    NVIDIA 3D Vision Controller Driver
    NVIDIA 3D Vision Controller Driver 275.33
    NVIDIA Control Panel 275.33
    NVIDIA Display Control Panel
    NVIDIA Graphics Driver 275.33
    NVIDIA Install Application
    OCR Software by I.R.I.S. 13.0
    OVT Scanner X86
    Paint.NET v3.5.10
    PrintMaster
    PS_AIO_02_ProductContext
    PS_AIO_02_Software
    PS_AIO_02_Software_Min
    PVSonyDll
    Rapport
    Recuva
    Revo Uninstaller Pro 2.5.3
    Scan
    SCREENSEVEN GAME CENTER
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Serif PagePlus 8 PDF Compatibility Fix
    Serif PagePlus 8.0 PDF Edition
    Serif PagePlus 8.0 PDF Edition Resource CD-ROM
    Shop for HP Supplies
    Skype Click to Call
    Skype(tm) 5.5
    SmartWebPrinting
    SolutionCenter
    Status
    SyncBack
    System Requirements Lab
    Terrapin FTP
    TIPP10 Version 2.1.0
    Toolbox
    TrayApp
    Uninstall OVT Scanner
    UnloadSupport
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    WebReg
    Whisper 32
    Windows 7 Upgrade Advisor
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WOT for Internet Explorer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    28 11 11 18:12:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    28 11 11 18:12:27, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    03 12 11 18:33:49, Error: Microsoft-Windows-WHEA-Logger [18] - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Bus/Interconnect Error Processor ID: 1 The details view of this entry contains further information.
    03 12 11 18:33:49, Error: Microsoft-Windows-WHEA-Logger [18] - A fatal hardware error has occurred. Reported by component: Processor Core Error Source: Machine Check Exception Error Type: Bus/Interconnect Error Processor ID: 0 The details view of this entry contains further information.
    03 12 11 18:33:28, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x00000000, 0x85d73024, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\Minidump\120311-30843-01.dmp. Report Id: 120311-30843-01.
    03 12 11 18:02:37, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    03 12 11 18:02:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    03 12 11 18:02:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    03 12 11 18:02:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    03 12 11 18:02:36, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    03 12 11 18:02:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    03 12 11 18:02:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    03 12 11 18:02:19, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC discache NetBIOS NetBT nsiproxy Psched RapportKELL rdbss spldr tdx Wanarpv6 WfpLwf
    03 12 11 18:02:19, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    03 12 11 18:02:19, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    03 12 11 18:02:19, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    03 12 11 18:02:19, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    03 12 11 18:02:19, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    03 12 11 18:02:19, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    03 12 11 18:02:19, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    03 12 11 18:02:19, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    03 12 11 18:02:19, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    03 12 11 18:02:19, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    01 12 11 16:16:55, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000124 (0x00000000, 0x85cf18fc, 0x00000000, 0x00000000). A dump was saved in: C:\Windows\Minidump\120111-34234-01.dmp. Report Id: 120111-34234-01.
    .
    ==== End Of File ===========================

    I hope you can offer some help Many thanks
  2. 04-12-2011  #2
    broni
    broni is offline Senior Member
    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.


    ================================================== =============

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"

    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: Uninstall & Remove McAfee, Symantec, Norton, AVG, Avast & More Antivirus and Security Applications and Programs
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.


    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. 06-12-2011  #3
    theoldandgrey
    theoldandgrey is offline Valued Member
    Thank you Broni I now understand the system! I am a little concerned regarding ComboFix - what precautions should I take in case the pc shuts down while it is running? Reading all your info it would seem various happenings could have a dire effect on the pc. Would I just need to start it up again and re-run and hope all will be well or is there a real risk of some major disaster happening
  4. 07-12-2011  #4
    broni
    broni is offline Senior Member
    Hopefully all will be fine.
    It's hard for me to advice on something what haven't happened yet.
  5. 08-12-2011  #5
    theoldandgrey
    theoldandgrey is offline Valued Member
    Thank you - please may I have more time as I am needing to find a long gap during which to work on the problem Many thanks
  6. 09-12-2011  #6
    broni
    broni is offline Senior Member
    No problem
  7. 10-12-2011  #7
    theoldandgrey
    theoldandgrey is offline Valued Member
    Hi Broni

    I post the ComboFix log, I hope there aren't too many problems

    ComboFix 11-12-10.01 - Vivian 10 12 11 16:12:59.2.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.1983.1088 [GMT 0:00]
    Running from: c:\users\Vivian\Desktop\ComboFix.exe
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-10 16:21 . 2011-12-10 16:21 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2011-12-10 16:21 . 2011-12-10 16:21 -------- d-----w- c:\users\UpdatusUser.Vivian-PC\AppData\Local\temp
    2011-12-10 16:21 . 2011-12-10 16:21 -------- d-----w- c:\users\UpdatusUser.Vivian-PC.000\AppData\Local\temp
    2011-12-10 16:21 . 2011-12-10 16:21 -------- d-----w- c:\users\TEMP\AppData\Local\temp
    2011-12-10 16:21 . 2011-12-10 16:21 -------- d-----w- c:\users\TEMP.Vivian-PC\AppData\Local\temp
    2011-12-10 16:21 . 2011-12-10 16:21 -------- d-----w- c:\users\TEMP.Vivian-PC.000\AppData\Local\temp
    2011-12-10 16:21 . 2011-12-10 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-12-10 16:21 . 2011-12-10 16:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2011-12-09 08:51 . 2011-12-09 16:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-12-09 08:51 . 2011-12-09 11:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-12-08 17:19 . 2011-12-08 15:19 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-12-08 16:08 . 2011-12-08 16:08 -------- d-----w- c:\program files\Freeze.com
    2011-12-08 15:19 . 2011-12-08 15:19 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-12-08 15:15 . 2011-12-08 15:15 -------- d-----w- c:\program files\Lavasoft
    2011-12-08 15:15 . 2011-12-08 15:15 -------- d-----w- c:\programdata\Lavasoft
    2011-12-06 08:27 . 2011-11-30 02:21 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E7F6567C-2182-42EA-BEDB-48D33981F831}\mpengine.dll
    2011-12-03 21:24 . 2011-12-03 21:24 -------- d-----w- c:\users\Vivian\AppData\Roaming\Malwarebytes
    2011-12-03 21:23 . 2011-12-03 21:23 -------- d-----w- c:\programdata\Malwarebytes
    2011-12-03 21:23 . 2011-12-10 14:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-17 14:40 . 2011-11-17 14:40 -------- d-----w- c:\users\Vivian\AppData\Local\Microsoft Corporation
    2011-11-17 14:39 . 2011-11-17 14:39 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2011-11-17 14:02 . 2011-05-15 18:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-07 21:28 . 2011-11-07 21:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2011-10-15 10:17 . 2011-10-15 10:17 16384 ----a-r- c:\users\Vivian\AppData\Roaming\Microsoft\Installe r\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}\MnyIco.exe
    2011-10-14 12:16 . 2011-10-14 12:16 53248 ----a-r- c:\users\Vivian\AppData\Roaming\Microsoft\Installe r\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
    2011-10-08 08:20 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\pp crlconfig600.dll
    2011-10-03 05:06 . 2011-07-31 10:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-01 02:42 . 2011-10-12 07:12 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-09-29 16:03 . 2011-11-09 08:29 1290608 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-09-29 03:37 . 2011-11-09 08:29 2341888 ----a-w- c:\windows\system32\win32k.sys
    2011-03-30 10:40 . 2011-03-30 10:40 517976 ----a-w- c:\program files\DXSETUP.exe
    2011-03-30 10:40 . 2011-03-30 10:40 95576 ----a-w- c:\program files\DSETUP.dll
    2011-03-30 10:40 . 2011-03-30 10:40 1566040 ----a-w- c:\program files\dsetup32.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D17B46F2-99A5-462C-B92C-209285E2E2B4}]
    2010-05-14 10:14 1852416 ----a-w- c:\program files\InvisibleHand\InvisibleHand\InvisibleHand.dl l
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
    "ReminderApp"="c:\program files\Greeting Card Factory Deluxe 7.0\ReminderApp.exe" [2007-08-25 185664]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-9-13 113664]
    Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2011-8-24 323584]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Users^Vivian^AppData^Roami ng^Microsoft^Windows^Start Menu^Programs^Startup^e-Speaking Voice and Speech Recognition Software.appref-ms]
    path=c:\users\Vivian\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\Startup\e-Speaking Voice and Speech Recognition Software.appref-ms
    backup=c:\windows\pss\e-Speaking Voice and Speech Recognition Software.appref-ms.Startup
    backupExtension=.Startup
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-31 136176]
    R3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [2006-07-31 580992]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-31 136176]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-11-03 15232]
    R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revofl t.sys [2009-12-30 27192]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2010-11-20 52224]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-16 1343400]
    S0 RapportKELL;RapportKELL;c:\windows\System32\Driver s\RapportKELL.sys [2011-11-07 56208]
    S1 RapportCerberus_32301;RapportCerberus_32301;c:\pro gramdata\Trusteer\Rapport\store\exts\RapportCerber us\baseline\RapportCerberus32_32301.sys [2011-11-07 227312]
    S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-11-07 71440]
    S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-11-07 164112]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
    S3 CompFilter;UVCCompositeFilter;c:\windows\system32\ DRIVERS\lvbusflt.sys [2011-08-19 22176]
    S3 RapportIaso;RapportIaso;c:\programdata\trusteer\ra pport\store\exts\rapportms\28896\rapportiaso.sys [2011-08-07 21520]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - RAPPORTIASO
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 12:06]
    .
    2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-31 10:11]
    .
    2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-31 10:11]
    .
    2011-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2209761846-3817106774-597813990-1001Core.job
    - c:\users\Vivian\AppData\Local\Google\Update\Google Update.exe [2011-11-22 07:09]
    .
    2011-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2209761846-3817106774-597813990-1001UA.job
    - c:\users\Vivian\AppData\Local\Google\Update\Google Update.exe [2011-11-22 07:09]
    .
    2011-07-26 c:\windows\Tasks\SyncBack My Documents.job
    - c:\program files\SyncBack\SyncBack.exe [2011-05-15 14:42]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.co.uk/
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
    IE: {{A3D9E1A6-5D6F-40DE-AC2A-87BBF3508387} - {A3D9E1A6-5D6F-40DE-AC2A-87BBF3508387} - c:\program files\InvisibleHand\InvisibleHand\InvisibleHand.dl l
    TCP: DhcpNameServer = 192.168.1.254
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    FF - ProfilePath - c:\users\Vivian\AppData\Roaming\Mozilla\Firefox\Pr ofiles\w79apupd.default\
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B70620476-279f-473b-906f-894ad2d51cdb%7D&mid=5a7160dcb12047d1b490d168c377cc 89-06ce4fc639803a2e3563922518183d8e94088cb9&ds=AVG&v= 8.0.0.40&lang=en&pr=fr&d=2011-11-17%2014%3A30%3A06&sap=ku&q=
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2209761846-3817106774-597813990-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-2209761846-3817106774-597813990-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-12-10 16:24:59
    ComboFix-quarantined-files.txt 2011-12-10 16:24
    ComboFix2.txt 2011-12-10 15:51
    .
    Pre-Run: 102,588,387,328 bytes free
    Post-Run: 102,385,512,448 bytes free
    .
    - - End Of File - - C46FCFD979FE8B5787A583AC26F9747B
    .
    .
  8. 10-12-2011  #8
    broni
    broni is offline Senior Member
    I don't see anything malicious in your log.

    In this forum, we make sure, your computer is free of malware and your computer is clean
    Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
    You'll get more attention.
  9. 10-12-2011  #9
    theoldandgrey
    theoldandgrey is offline Valued Member
    Thank you for that reassurance - I will follow it up in the Windows forum
  10. 10-12-2011  #10
    broni
    broni is offline Senior Member
    Save 20% on AVG Internet Security 2012 Suite!
    Ok .......
+ Reply to Thread
« Email contacts have been hijacked by trojan(?) | Google re-direct and possible winmgr.exe infection? »