Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

trojan horse patched_c.xlt found in system; need help removing

(New)
(!)

akemihomura's Avatar
akemihomura akemihomura is offline
Computer Specs
Member with 4 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
03-Jul-2012, 03:19 PM #1
trojan horse patched_c.xlt found in system; need help removing
The infected computer is an Acer Aspire One netbook; its model number is AOD255, it has a 32-bit system and is running Windows 7 Starter.

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:06:58 PM, on 03/07/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17006)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\Explorer.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\EgisTec IPS\PmmUpdate.exe
C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\pipa.jp\TEGAKI Messenger\TEGAKI Messenger.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Users\Chloe\Desktop\Caitlin\Important\HijackThis.exe
C:\Windows\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Windows 7 Starter Helper - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Chloe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Global Startup: Acer VCM.lnk = ?
O4 - Global Startup: TEGAKI Messenger.lnk = ?
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files\Acer\Registration\GREGsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by Chloe at 14:12:30 on 2012-07-03
Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1013.131 [GMT -3:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\Acer\Registration\GREGsvc.exe
C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\Explorer.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Program Files\EgisTec IPS\PmmUpdate.exe
C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Program Files\pipa.jp\TEGAKI Messenger\TEGAKI Messenger.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Users\Chloe\Desktop\Caitlin\Important\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.ca/
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
mURLSearchHooks: H - No File
uWinlogon: Shell=c:\program files\oceanis\systemsetting\WallPaperAgent.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Windows 7 Starter Helper: {d381ff29-7cfb-4d4e-b92a-c4eddc696614} - c:\program files\oceanis\systemsetting\StarterHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\users\chloe\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SuiteTray] "c:\program files\egistec mywinlockersuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "c:\program files\egistec ips\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "c:\program files\egistec ips\PmmUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec mywinlocker\x86\mwlDaemon.exe
mRun: [Norton Online Backup] c:\program files\symantec\norton online backup\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tegaki~1.lnk - c:\windows\installer\{2179f23d-eae1-4a94-b987-01a7e50e4222}\_37FE98316099EB6275226C.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{C2DC5396-6980-4407-B857-1DFA25C5AECE} : DhcpNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chloe\appdata\roaming\mozilla\firefox\profiles\jjui0cxz.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.ca/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B77224c50-4f10-4642-82df-85f4c2e072ec%7D&mid=c77699cf072747d6bef1cd3c4ee27f45-d01dcbd3749ea46f79340a3569efb98adf7ca340&ds=AVG&v=10.0.0.7&lang=us&pr=fr&d= 2011-12-15%2012%3A05%3A48&sap=ku&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff10.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff9.dll
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.1.0\npsitesafety.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\chloe\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 6ce8b5cb0000000000000026c790c9c6
FF - user.js: extensions.BabylonToolbar_i.hardId - 6ce8b5cb0000000000000026c790c9c6
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15396
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:42:34
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-9-3 321104]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-10-6 735776]
R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-9-3 13336]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-3 654408]
R2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\NOBuAgent.exe [2012-5-1 3530904]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-9-3 260640]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2012-6-22 5554552]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2012-6-22 451960]
R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-9-3 243232]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-11 935480]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-9-13 68208]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-3 22344]
R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-9-3 6766080]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-2-20 1153368]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 167264]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-9-3 82768]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-27 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-12 113120]
S3 MWLService;MyWinLocker Service;c:\program files\egistec mywinlocker\x86\MWLService.exe [2010-5-26 305520]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2012-6-22 10752]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-07-03 15:53:32 -------- d-----w- c:\users\chloe\appdata\local\{E25744F4-40DC-421A-82E7-42C80CA71D40}
2012-07-03 15:45:26 -------- d-----w- c:\users\chloe\appdata\local\{E217F313-BF33-48C6-A0D6-63794E00E94D}
2012-07-03 15:45:07 -------- d-----w- c:\users\chloe\appdata\local\{7105BBC5-F7F2-4A37-94F6-B1A1C1281A92}
2012-07-03 14:50:03 -------- d-----w- c:\users\chloe\appdata\roaming\Malwarebytes
2012-07-03 14:49:48 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2012-07-03 14:49:39 -------- d-----w- c:\programdata\Malwarebytes
2012-07-03 14:49:37 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 14:49:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-03 13:41:05 -------- d-----w- c:\users\chloe\appdata\local\{33482CD1-506A-4C45-A27E-F66462917497}
2012-07-03 13:40:52 -------- d-----w- c:\users\chloe\appdata\local\{6FDE0096-50D7-45D1-A639-DD80BE00386F}
2012-07-03 13:40:18 -------- d-----w- c:\users\chloe\Tracing
2012-07-02 20:02:19 -------- d-----w- c:\users\chloe\appdata\local\{0BAC71F6-E7BA-4C54-BEC2-AEDB3D40184F}
2012-07-02 20:02:06 -------- d-----w- c:\users\chloe\appdata\local\{F8EE3D2A-6651-4E82-9510-E779FAC56AF1}
2012-07-02 15:57:30 -------- d-----w- c:\users\chloe\appdata\local\{52CBED00-57AC-426C-B95B-B22D04E256E0}
2012-07-01 17:04:41 -------- d-----w- c:\users\chloe\appdata\local\{59C1FE21-6B1A-4ABE-809B-092F02D25E34}
2012-07-01 15:58:52 -------- d-sh--w- C:\found.002
2012-07-01 00:36:10 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-27 22:38:14 -------- d-----w- c:\users\chloe\appdata\local\{7FA45097-5E0C-4681-8071-C221E4C65A52}
2012-06-27 22:36:41 -------- d-----w- c:\users\chloe\appdata\local\{F4A21557-09F9-44A5-BC8A-E1F5E5F6732E}
2012-06-27 22:15:29 -------- d-----w- c:\windows\en
2012-06-27 22:12:17 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-06-27 21:56:20 19736 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
2012-06-27 21:48:40 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
2012-06-27 21:48:38 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-06-27 21:44:26 15712 ----a-w- c:\program files\common files\windows live\.cache\5f1b64a1cd54ae04\MeshBetaRemover.exe
2012-06-27 21:44:18 89944 ----a-w- c:\program files\common files\windows live\.cache\b7e5c41cd54ae03\DSETUP.dll
2012-06-27 21:44:18 537432 ----a-w- c:\program files\common files\windows live\.cache\b7e5c41cd54ae03\DXSETUP.exe
2012-06-27 21:44:18 1801048 ----a-w- c:\program files\common files\windows live\.cache\b7e5c41cd54ae03\dsetup32.dll
2012-06-27 21:42:26 -------- d-----w- c:\users\chloe\appdata\local\{C52F7332-C0C6-40E0-9193-95881CC74536}
2012-06-27 21:42:14 -------- d-----w- c:\users\chloe\appdata\local\{0971B14F-37C8-4B6D-B2D9-084A1E8B4558}
2012-06-27 21:41:43 -------- d-----w- c:\users\chloe\appdata\local\{8464F8D4-DD5E-41D9-9242-FEA7C84183A5}
2012-06-27 21:41:27 -------- d-----w- c:\users\chloe\appdata\local\{5B3ADAF5-B6BA-4F8F-9C3E-2FA2D36AD510}
2012-06-23 13:07:31 -------- d-----w- c:\users\chloe\appdata\local\Macromedia
2012-06-23 12:36:39 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-23 12:36:39 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-22 21:15:35 -------- d-----w- c:\users\chloe\appdata\local\{CD475CA7-8055-4A2E-9A14-8D4019208722}
2012-06-22 21:09:19 -------- d-----w- c:\users\chloe\appdata\roaming\WTablet
2012-06-22 21:09:17 1107832 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
2012-06-22 21:08:53 10752 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2012-06-22 21:08:35 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2012-06-22 21:07:12 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2012-06-22 21:07:07 1156472 ----a-w- c:\windows\system32\Wintab32.dll
2012-06-22 21:07:07 1152888 ----a-w- c:\windows\system32\WacomMT.dll
2012-06-22 21:07:06 1369464 ----a-w- c:\windows\system32\Pen_Tablet.dll
2012-06-22 21:06:55 -------- d-----w- c:\program files\Tablet
2012-06-22 20:58:47 -------- d-----w- c:\users\chloe\appdata\local\{B8BF6140-A55C-4C20-9C13-88FBCBF39EBF}
2012-06-22 20:48:52 -------- d-----w- c:\users\chloe\appdata\local\{1827281E-A51E-48A6-A44B-85F87A0A1C68}
2012-06-21 23:16:59 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 23:15:25 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 23:13:54 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 23:13:54 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-14 22:27:59 -------- d-----w- c:\users\chloe\appdata\local\AVG Secure Search
2012-06-12 22:14:49 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-06-12 22:14:26 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 22:12:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 22:12:53 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 22:12:53 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 22:12:46 163328 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 22:11:56 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 22:11:56 1156608 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 22:11:55 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
==================== Find3M ====================
.
2012-07-01 00:12:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-01 00:12:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-15 03:08:48 981504 ----a-w- c:\windows\system32\wininet.dll
2012-04-26 23:18:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-20 05:05:47 44544 ----a-w- c:\windows\system32\licmgr10.dll
2012-04-20 03:58:07 386048 ----a-w- c:\windows\system32\html.iec
2012-04-20 03:24:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-07 11:34:37 2342400 ----a-w- c:\windows\system32\msi.dll
.
============= FINISH: 14:14:46.75 ===============

I could not provide a GMER log since the program stops working or freezes every time I try to run it.

***The infected computer (I am typing this on a clean computer) has been running smoothly so far, with the exception of an application error concerning Skype. I closed it right after I read it, then found out that I should have copied the error message word for word. I tried restarting the computer, but the message has not appeared since.

The computer also seems to have limited access to Internet; this could partially be a problem with the modem since when the clean computer is connected, the infected computer cannot connect. However, even when the clean computer isn't connected, the infected seems to struggle to connect for more than a few minutes at a time.

I also have reason to believe that the trojan is installing malicious software on the computer; Malwarebytes detected 6 other malicious files. I tried running every antivirus/antispyware program I have -- AVG, Malwarebytes, Spybot - Search & Destroy --to find more. Babylon Toolbar, more malware, is actually installed on the laptop, but I can't remove it since I need access to the administrator account. Of course, with the trojan on the computer I'm nervous to enable the account. Should I enable it?

I will attach the other log provided by DDS upon request. Any help would be greatly appreciated; I'm desperate to get this off my computer.

Last edited by akemihomura; 04-Jul-2012 at 01:31 PM.. Reason: Typo
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,421 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
03-Jul-2012, 08:17 PM #2
Why hasn't Windows 7 been upgraded to SP1 - which was released over a year ago?

Have you been installing the important/recommended updates that Microsoft releases on a regular basis?

---------------------------------------------------------

Start HiJackThis.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

----------------------------------------------------------
akemihomura's Avatar
akemihomura akemihomura is offline
Computer Specs
Member with 4 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
04-Jul-2012, 08:23 AM #3
Quote:
Originally Posted by flavallee View Post
Why hasn't Windows 7 been upgraded to SP1 - which was released over a year ago?

Have you been installing the important/recommended updates that Microsoft releases on a regular basis?

---------------------------------------------------------

Start HiJackThis.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

----------------------------------------------------------
flavallee,

As far as I know, I have been installing the updates when Windows notifies me of them. I'd never heard of SP1 until you told me, though.

uninstall_list.txt

Torrent
Acer Crystal Eye webcam
Acer ePower Management
Acer eRecovery Management
Acer Game Console
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Acer VCM
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Community Help
Adobe Community Help
Adobe Download Assistant
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader 9.1 MUI
ASIO4ALL
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Audacity 1.3.13 (Unicode)
AVG 2011
AVG 2011
AVG 2011
Bamboo
Bejeweled 2 Deluxe
Blackhawk Striker 2
Chuzzle Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
eBay Worldwide
ENE USB Card Reader Driver
eSobi v2
Farm Frenzy
FATE
Final Drive Nitro
FL Studio 10
ƒOƒŠ[ƒtƒVƒ“ƒhƒ[ƒ€ Ver1.10
IconArt
Identity Card
IL Download Manager
Insaniquarium Deluxe
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
Java(TM) 6 Update 31
Jewel Quest
Jewel Quest - Heritage
Jewel Quest Solitaire 2
JTablet
Junk Mail filter update
Launch Manager
Livestream Procaster
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Minecraft Beta Cracked
Mozilla Firefox 13.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MyWinLocker
MyWinLocker Suite
MyWinLocker Suite
Norton Online Backup
Oceanis Change Background Windows 7
Penguins!
PESTERCHUM
Plants vs. Zombies
Polar Bowler
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
sfArk
Shredder
Skype™ 5.9
Spybot - Search & Destroy
Synaptics Pointing Device Driver
TEGAKI Messenger
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
uTorrentControl2 Toolbar
Virtual Villagers 4 - The Tree of Life
WebTablet FB Plugin
WebTablet IE Plugin
WebTablet Netscape Plugin
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Wisdom-soft Set up ScreenHunter 5.1 Free
Zuma Deluxe
Zuma's Revenge

I had no idea any of the games were on the computer (except for Minecraft and ƒOƒŠ[ƒtƒVƒ“ƒhƒ[ƒ€ Ver1.10).
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,421 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
04-Jul-2012, 10:21 AM #4
Right-click COMPUTER, then click Properties.

- or -

Go to Control Panel - System

Advise what's listed in the

Windows edition

System


sections - exactly as you see it there.

Note: The blue highlighted information isn't needed.

------------------------------------------------------------

Why do you not have access to the Administrator account?

-----------------------------------------------------------
akemihomura's Avatar
akemihomura akemihomura is offline
Computer Specs
Member with 4 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
04-Jul-2012, 01:39 PM #5
Windows edition:
Windows 7 Starter
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

System:
Manufacturer: Acer
Model: AOD255
Rating: 2.0 Your Windows Experience Index needs to be refreshed
Processor: Intel(R) Atom(TM) CPU N450 @1.66GHz 1.67 GHz
Installed memory (RAM): 0.99 GB
System type: 32-bit Operating System
Pen and Touch: Pen Input Available

------------------------------------------------------------

I haven't enabled the account yet.

On another note, man, I feel kind of stupid having a base score of 2.0 out of 7.9. That... is pretty bad.

Last edited by akemihomura; 04-Jul-2012 at 01:45 PM..
akemihomura's Avatar
akemihomura akemihomura is offline
Computer Specs
Member with 4 posts.
THREAD STARTER
 
Join Date: Jul 2012
Experience: Beginner
04-Jul-2012, 01:54 PM #6
Ah! But wait! The base score has been augmented... by 0.3.
flavallee's Avatar
flavallee   (Frank) flavallee is offline flavallee is a Trusted Advisor with special permissions. flavallee has a Profile Picture
Computer Specs
Trusted Advisor with 57,421 posts.
 
Join Date: May 2002
Location: Hillsborough county, Florida
Experience: Advanced
04-Jul-2012, 02:27 PM #7
Here is the support and software/driver downloads site for the Acer Aspire One AOD255 netbook. I suggest you add and save this site in your browser favorites/bookmarks list so you can readily refer to it when needed.

You can't expect to have a high Windows Experience Index number with a netbook because of the limited processor and RAM and graphics that it has.

-------------------------------------------------------

Go to Control Panel - Programs And Features, then uninstall

AVG 2011

Spybot - Search & Destroy

uTorrentControl2 Toolbar


After they're all uninstalled, restart the computer.

-------------------------------------------------------

Download and save

AVG Remover(32bit) 2012

SUPERAntiSpyware 5.5.0.1106 (free version)

Microsoft Security Essentials 4.0.1526.0

-------------------------------------------------------

Run the AVG removal tool so it find and remove all the leftover file and registry "debris" from the AVG uninstall.

Restart the computer to complete the removal process, if prompted to.

-------------------------------------------------------

Install SUPERAntiSpyware.

Uncheck and decline to install any extras, such as toolbars and homepages, it may offer.

Allow it to update its definition files.

DON'T run any scan with it yet.

-------------------------------------------------------

Install Microsoft Security Essentials.

Allow it to update its definition files.

Allow it to run a quick scan if it prompts you to.

-------------------------------------------------------
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
malware, malware removal, trojan horse, trojan horse removal, virus removal

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑