1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

trojan horse patched_c.xlt found in system; need help removing

Discussion in 'Virus & Other Malware Removal' started by akemihomura, Jul 3, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. akemihomura

    akemihomura Thread Starter

    Joined:
    Jul 2, 2012
    Messages:
    4
    The infected computer is an Acer Aspire One netbook; its model number is AOD255, it has a 32-bit system and is running Windows 7 Starter.

    HijackThis log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:06:58 PM, on 03/07/2012
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.17006)
    Boot mode: Normal
    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\EgisTec IPS\PmmUpdate.exe
    C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\EgisTec IPS\EgisUpdate.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Program Files\pipa.jp\TEGAKI Messenger\TEGAKI Messenger.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Users\Chloe\Desktop\Caitlin\Important\HijackThis.exe
    C:\Windows\system32\DllHost.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    R3 - URLSearchHook: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: uTorrentControl2 - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O2 - BHO: Windows 7 Starter Helper - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
    O3 - Toolbar: uTorrentControl2 Toolbar - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
    O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
    O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files\EgisTec IPS\EgisUpdate.exe" -d
    O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files\EgisTec IPS\PmmUpdate.exe"
    O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
    O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Chloe\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - Global Startup: Acer VCM.lnk = ?
    O4 - Global Startup: TEGAKI Messenger.lnk = ?
    O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/webgames/popcaploader_v10.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe
    O23 - Service: GREGService - Acer Incorporated - C:\Program Files\Acer\Registration\GREGsvc.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
    O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
    O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

    DDS log:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
    Run by Chloe at 14:12:30 on 2012-07-03
    Microsoft Windows 7 Starter 6.1.7600.0.1252.2.1033.18.1013.131 [GMT -3:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Launch Manager\dsiwmis.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\Program Files\Acer\Registration\GREGsvc.exe
    C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\Acer\Acer Updater\UpdaterService.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Windows\Explorer.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Launch Manager\LMworker.exe
    C:\Program Files\EgisTec IPS\PmmUpdate.exe
    C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe
    C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\EgisTec IPS\EgisUpdate.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files\Acer\Acer VCM\AcerVCM.exe
    C:\Program Files\pipa.jp\TEGAKI Messenger\TEGAKI Messenger.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Users\Chloe\Desktop\Caitlin\Important\HijackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.ca/
    uDefault_Page_URL = hxxp://acer.msn.com
    mDefault_Page_URL = hxxp://acer.msn.com
    mStart Page = hxxp://acer.msn.com
    uURLSearchHooks: H - No File
    uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
    mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
    mURLSearchHooks: H - No File
    uWinlogon: Shell=c:\program files\oceanis\systemsetting\WallPaperAgent.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Windows 7 Starter Helper: {d381ff29-7cfb-4d4e-b92a-c4eddc696614} - c:\program files\oceanis\systemsetting\StarterHelper.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
    TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Google Update] "c:\users\chloe\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    mRun: [LManager] c:\program files\launch manager\LManager.exe
    mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [SuiteTray] "c:\program files\egistec mywinlockersuite\x86\SuiteTray.exe"
    mRun: [EgisUpdate] "c:\program files\egistec ips\EgisUpdate.exe" -d
    mRun: [EgisTecPMMUpdate] "c:\program files\egistec ips\PmmUpdate.exe"
    mRun: [mwlDaemon] c:\program files\egistec mywinlocker\x86\mwlDaemon.exe
    mRun: [Norton Online Backup] c:\program files\symantec\norton online backup\NOBuClient.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tegaki~1.lnk - c:\windows\installer\{2179f23d-eae1-4a94-b987-01a7e50e4222}\_37FE98316099EB6275226C.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{C2DC5396-6980-4407-B857-1DFA25C5AECE} : DhcpNameServer = 192.168.0.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\chloe\appdata\roaming\mozilla\firefox\profiles\jjui0cxz.default\
    FF - prefs.js: browser.startup.homepage - hxxp://google.ca/
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B77224c50-4f10-4642-82df-85f4c2e072ec%7D&mid=c77699cf072747d6bef1cd3c4ee27f45-d01dcbd3749ea46f79340a3569efb98adf7ca340&ds=AVG&v=10.0.0.7&lang=us&pr=fr&d=2011-12-15%2012%3A05%3A48&sap=ku&q=
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff10.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff6.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff7.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff8.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff9.dll
    FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.1.0\npsitesafety.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\tabletplugins\npwacom.dll
    FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\chloe\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.id - 6ce8b5cb0000000000000026c790c9c6
    FF - user.js: extensions.BabylonToolbar_i.hardId - 6ce8b5cb0000000000000026c790c9c6
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15396
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:42:34
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=108298
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
    R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2009-6-2 18992]
    R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2009-6-2 16432]
    R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2009-6-2 60976]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2012-1-31 7391072]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DsiWMIService;Dritek WMI Service;c:\program files\launch manager\dsiwmis.exe [2010-9-3 321104]
    R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2010-10-6 735776]
    R2 GREGService;GREGService;c:\program files\acer\registration\GREGsvc.exe [2010-1-8 23584]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2010-9-3 13336]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-3 654408]
    R2 NOBU;Norton Online Backup;c:\program files\symantec\norton online backup\NOBuAgent.exe [2012-5-1 3530904]
    R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2010-9-3 260640]
    R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
    R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2012-6-22 5554552]
    R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2012-6-22 451960]
    R2 Updater Service;Updater Service;c:\program files\acer\acer updater\UpdaterService.exe [2010-9-3 243232]
    R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-11 935480]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-9-13 68208]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-3 22344]
    R3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2010-9-3 6766080]
    R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
    R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
    R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
    R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
    R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-2-20 1153368]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 167264]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [2010-9-3 82768]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-27 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-12 113120]
    S3 MWLService;MyWinLocker Service;c:\program files\egistec mywinlocker\x86\MWLService.exe [2010-5-26 305520]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2012-6-22 10752]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-07-03 15:53:32 -------- d-----w- c:\users\chloe\appdata\local\{E25744F4-40DC-421A-82E7-42C80CA71D40}
    2012-07-03 15:45:26 -------- d-----w- c:\users\chloe\appdata\local\{E217F313-BF33-48C6-A0D6-63794E00E94D}
    2012-07-03 15:45:07 -------- d-----w- c:\users\chloe\appdata\local\{7105BBC5-F7F2-4A37-94F6-B1A1C1281A92}
    2012-07-03 14:50:03 -------- d-----w- c:\users\chloe\appdata\roaming\Malwarebytes
    2012-07-03 14:49:48 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
    2012-07-03 14:49:39 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-03 14:49:37 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-03 14:49:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-07-03 13:41:05 -------- d-----w- c:\users\chloe\appdata\local\{33482CD1-506A-4C45-A27E-F66462917497}
    2012-07-03 13:40:52 -------- d-----w- c:\users\chloe\appdata\local\{6FDE0096-50D7-45D1-A639-DD80BE00386F}
    2012-07-03 13:40:18 -------- d-----w- c:\users\chloe\Tracing
    2012-07-02 20:02:19 -------- d-----w- c:\users\chloe\appdata\local\{0BAC71F6-E7BA-4C54-BEC2-AEDB3D40184F}
    2012-07-02 20:02:06 -------- d-----w- c:\users\chloe\appdata\local\{F8EE3D2A-6651-4E82-9510-E779FAC56AF1}
    2012-07-02 15:57:30 -------- d-----w- c:\users\chloe\appdata\local\{52CBED00-57AC-426C-B95B-B22D04E256E0}
    2012-07-01 17:04:41 -------- d-----w- c:\users\chloe\appdata\local\{59C1FE21-6B1A-4ABE-809B-092F02D25E34}
    2012-07-01 15:58:52 -------- d-sh--w- C:\found.002
    2012-07-01 00:36:10 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-27 22:38:14 -------- d-----w- c:\users\chloe\appdata\local\{7FA45097-5E0C-4681-8071-C221E4C65A52}
    2012-06-27 22:36:41 -------- d-----w- c:\users\chloe\appdata\local\{F4A21557-09F9-44A5-BC8A-E1F5E5F6732E}
    2012-06-27 22:15:29 -------- d-----w- c:\windows\en
    2012-06-27 22:12:17 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2012-06-27 21:56:20 19736 ----a-w- c:\programdata\microsoft\identitycrl\production\ppcrlconfig600.dll
    2012-06-27 21:48:40 2983424 ----a-w- c:\windows\system32\UIRibbon.dll
    2012-06-27 21:48:38 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
    2012-06-27 21:44:26 15712 ----a-w- c:\program files\common files\windows live\.cache\5f1b64a1cd54ae04\MeshBetaRemover.exe
    2012-06-27 21:44:18 89944 ----a-w- c:\program files\common files\windows live\.cache\b7e5c41cd54ae03\DSETUP.dll
    2012-06-27 21:44:18 537432 ----a-w- c:\program files\common files\windows live\.cache\b7e5c41cd54ae03\DXSETUP.exe
    2012-06-27 21:44:18 1801048 ----a-w- c:\program files\common files\windows live\.cache\b7e5c41cd54ae03\dsetup32.dll
    2012-06-27 21:42:26 -------- d-----w- c:\users\chloe\appdata\local\{C52F7332-C0C6-40E0-9193-95881CC74536}
    2012-06-27 21:42:14 -------- d-----w- c:\users\chloe\appdata\local\{0971B14F-37C8-4B6D-B2D9-084A1E8B4558}
    2012-06-27 21:41:43 -------- d-----w- c:\users\chloe\appdata\local\{8464F8D4-DD5E-41D9-9242-FEA7C84183A5}
    2012-06-27 21:41:27 -------- d-----w- c:\users\chloe\appdata\local\{5B3ADAF5-B6BA-4F8F-9C3E-2FA2D36AD510}
    2012-06-23 13:07:31 -------- d-----w- c:\users\chloe\appdata\local\Macromedia
    2012-06-23 12:36:39 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
    2012-06-23 12:36:39 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
    2012-06-22 21:15:35 -------- d-----w- c:\users\chloe\appdata\local\{CD475CA7-8055-4A2E-9A14-8D4019208722}
    2012-06-22 21:09:19 -------- d-----w- c:\users\chloe\appdata\roaming\WTablet
    2012-06-22 21:09:17 1107832 ----a-w- c:\windows\system32\Pen_Touch_Tablet.dll
    2012-06-22 21:08:53 10752 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
    2012-06-22 21:08:35 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
    2012-06-22 21:07:12 14120 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
    2012-06-22 21:07:07 1156472 ----a-w- c:\windows\system32\Wintab32.dll
    2012-06-22 21:07:07 1152888 ----a-w- c:\windows\system32\WacomMT.dll
    2012-06-22 21:07:06 1369464 ----a-w- c:\windows\system32\Pen_Tablet.dll
    2012-06-22 21:06:55 -------- d-----w- c:\program files\Tablet
    2012-06-22 20:58:47 -------- d-----w- c:\users\chloe\appdata\local\{B8BF6140-A55C-4C20-9C13-88FBCBF39EBF}
    2012-06-22 20:48:52 -------- d-----w- c:\users\chloe\appdata\local\{1827281E-A51E-48A6-A44B-85F87A0A1C68}
    2012-06-21 23:16:59 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-21 23:15:25 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-21 23:13:54 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-21 23:13:54 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-14 22:27:59 -------- d-----w- c:\users\chloe\appdata\local\AVG Secure Search
    2012-06-12 22:14:49 2342400 ----a-w- c:\windows\system32\win32k.sys
    2012-06-12 22:14:26 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-12 22:12:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-12 22:12:53 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-12 22:12:53 57856 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-12 22:12:46 163328 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-12 22:11:56 139264 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-12 22:11:56 1156608 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-12 22:11:55 103936 ----a-w- c:\windows\system32\cryptnet.dll
    .
    ==================== Find3M ====================
    .
    2012-07-01 00:12:25 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-01 00:12:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-15 03:08:48 981504 ----a-w- c:\windows\system32\wininet.dll
    2012-04-26 23:18:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-04-20 05:05:47 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2012-04-20 03:58:07 386048 ----a-w- c:\windows\system32\html.iec
    2012-04-20 03:24:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2012-04-07 11:34:37 2342400 ----a-w- c:\windows\system32\msi.dll
    .
    ============= FINISH: 14:14:46.75 ===============

    I could not provide a GMER log since the program stops working or freezes every time I try to run it.

    ***The infected computer (I am typing this on a clean computer) has been running smoothly so far, with the exception of an application error concerning Skype. I closed it right after I read it, then found out that I should have copied the error message word for word. I tried restarting the computer, but the message has not appeared since.

    The computer also seems to have limited access to Internet; this could partially be a problem with the modem since when the clean computer is connected, the infected computer cannot connect. However, even when the clean computer isn't connected, the infected seems to struggle to connect for more than a few minutes at a time.

    I also have reason to believe that the trojan is installing malicious software on the computer; Malwarebytes detected 6 other malicious files. I tried running every antivirus/antispyware program I have -- AVG, Malwarebytes, Spybot - Search & Destroy --to find more. Babylon Toolbar, more malware, is actually installed on the laptop, but I can't remove it since I need access to the administrator account. Of course, with the trojan on the computer I'm nervous to enable the account. Should I enable it?

    I will attach the other log provided by DDS upon request. Any help would be greatly appreciated; I'm desperate to get this off my computer.
     
  2. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,659
    Why hasn't Windows 7 been upgraded to SP1 - which was released over a year ago?

    Have you been installing the important/recommended updates that Microsoft releases on a regular basis?

    ---------------------------------------------------------

    Start HiJackThis.

    Click on the "Open The Misc Tools Section" button.

    Click on the "Open Uninstall Manager" button.

    Click on the "Save List" button.

    Save the "uninstall_list.txt" file somewhere.

    It'll then open in Notepad.

    Return here to your thread, then copy-and-paste the entire file here.

    ----------------------------------------------------------
     
  3. akemihomura

    akemihomura Thread Starter

    Joined:
    Jul 2, 2012
    Messages:
    4
    flavallee,

    As far as I know, I have been installing the updates when Windows notifies me of them. I'd never heard of SP1 until you told me, though.

    uninstall_list.txt

    µTorrent
    Acer Crystal Eye webcam
    Acer ePower Management
    Acer eRecovery Management
    Acer Game Console
    Acer Games
    Acer Registration
    Acer ScreenSaver
    Acer Updater
    Acer VCM
    Acrobat.com
    Adobe AIR
    Adobe AIR
    Adobe Community Help
    Adobe Community Help
    Adobe Download Assistant
    Adobe Download Assistant
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop CS5.1
    Adobe Reader 9.1 MUI
    ASIO4ALL
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Audacity 1.3.13 (Unicode)
    AVG 2011
    AVG 2011
    AVG 2011
    Bamboo
    Bejeweled 2 Deluxe
    Blackhawk Striker 2
    Chuzzle Deluxe
    D3DX10
    Diner Dash 2 Restaurant Rescue
    Dora's Carnival Adventure
    eBay Worldwide
    ENE USB Card Reader Driver
    eSobi v2
    Farm Frenzy
    FATE
    Final Drive Nitro
    FL Studio 10
    ƒOƒŠ[ƒtƒVƒ“ƒhƒ[ƒ€ Ver1.10
    IconArt
    Identity Card
    IL Download Manager
    Insaniquarium Deluxe
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Rapid Storage Technology
    Java(TM) 6 Update 31
    Jewel Quest
    Jewel Quest - Heritage
    Jewel Quest Solitaire 2
    JTablet
    Junk Mail filter update
    Launch Manager
    Livestream Procaster
    Malwarebytes Anti-Malware version 1.61.0.1400
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_CRT_x86
    Minecraft Beta Cracked
    Mozilla Firefox 13.0.1 (x86 en-GB)
    Mozilla Maintenance Service
    MSVCRT
    MyWinLocker
    MyWinLocker Suite
    MyWinLocker Suite
    Norton Online Backup
    Oceanis Change Background Windows 7
    Penguins!
    PESTERCHUM
    Plants vs. Zombies
    Polar Bowler
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    sfArk
    Shredder
    Skype™ 5.9
    Spybot - Search & Destroy
    Synaptics Pointing Device Driver
    TEGAKI Messenger
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    uTorrentControl2 Toolbar
    Virtual Villagers 4 - The Tree of Life
    WebTablet FB Plugin
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Welcome Center
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    Wisdom-soft Set up ScreenHunter 5.1 Free
    Zuma Deluxe
    Zuma's Revenge

    I had no idea any of the games were on the computer (except for Minecraft and ƒOƒŠ[ƒtƒVƒ“ƒhƒ[ƒ€ Ver1.10).
     
  4. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,659
    Right-click COMPUTER, then click Properties.

    - or -

    Go to Control Panel - System

    Advise what's listed in the

    Windows edition

    System


    sections - exactly as you see it there.

    Note: The blue highlighted information isn't needed.

    ------------------------------------------------------------

    Why do you not have access to the Administrator account?

    -----------------------------------------------------------
     
  5. akemihomura

    akemihomura Thread Starter

    Joined:
    Jul 2, 2012
    Messages:
    4
    Windows edition:
    Windows 7 Starter
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.

    System:
    Manufacturer: Acer
    Model: AOD255
    Rating: 2.0 Your Windows Experience Index needs to be refreshed
    Processor: Intel(R) Atom(TM) CPU N450 @1.66GHz 1.67 GHz
    Installed memory (RAM): 0.99 GB
    System type: 32-bit Operating System
    Pen and Touch: Pen Input Available

    ------------------------------------------------------------

    I haven't enabled the account yet.

    On another note, man, I feel kind of stupid having a base score of 2.0 out of 7.9. That... is pretty bad.
     
  6. akemihomura

    akemihomura Thread Starter

    Joined:
    Jul 2, 2012
    Messages:
    4
    Ah! But wait! The base score has been augmented... by 0.3.
     
  7. flavallee

    flavallee Frank Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    63,659
    Here is the support and software/driver downloads site for the Acer Aspire One AOD255 netbook. I suggest you add and save this site in your browser favorites/bookmarks list so you can readily refer to it when needed.

    You can't expect to have a high Windows Experience Index number with a netbook because of the limited processor and RAM and graphics that it has.

    -------------------------------------------------------

    Go to Control Panel - Programs And Features, then uninstall

    AVG 2011

    Spybot - Search & Destroy

    uTorrentControl2 Toolbar


    After they're all uninstalled, restart the computer.

    -------------------------------------------------------

    Download and save

    AVG Remover(32bit) 2012

    SUPERAntiSpyware 5.5.0.1106 (free version)

    Microsoft Security Essentials 4.0.1526.0

    -------------------------------------------------------

    Run the AVG removal tool so it find and remove all the leftover file and registry "debris" from the AVG uninstall.

    Restart the computer to complete the removal process, if prompted to.

    -------------------------------------------------------

    Install SUPERAntiSpyware.

    Uncheck and decline to install any extras, such as toolbars and homepages, it may offer.

    Allow it to update its definition files.

    DON'T run any scan with it yet.

    -------------------------------------------------------

    Install Microsoft Security Essentials.

    Allow it to update its definition files.

    Allow it to run a quick scan if it prompts you to.

    -------------------------------------------------------
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1059551