Hijacked Web Browsers and Agent3.ATLI Can't Be Removed?

[trollitrade]

Hello, everyone! Sorry to bother you, but I'm hoping to fix a few problems I'm having... It's tough to do any internet research when both my Google and Yahoo web browsers have been hijacked. Eek!

A few weeks ago, whenever I tried to look up a website through Google and clicked on the link, it would take me to one of a handful of websites that were not what I had clicked on - most of them from "currencysearching.net" and "searchearly.com" in the address bar, though they would then change to website pages like "Hoppli" or "Ask the Team" or something. Hmm...

I thought it was just a Google problem, so I switched to the Yahoo search engine since then and had no problems until today. Now the Yahoo searches are throwing me to the same websites as the Google engine was.

And whenever I run my antivirus program (AVG 2012), it detects 48 problems every time. Pretty much all of them are the Trojan horse Agent3.ATLI, and when I ask AVG to fix the problems, it can always only fix 24 out of 48 problems.

I'm not really sure what to do about this, so I thought I'd ask for some help. Thank you very much for taking the time to consider my computer trouble!

Here's my computer info, in case it helps:

Computer Information
Operating System: Windows 7
Make and Model: HP Pavillion Entertainment PC
Memory Installed: 4.00GB
Security Programs: AVG 2012

When did the problem start?
A couple weeks ago. I guess I should have dealt with this sooner, but it got worse today, so I'm more concerned.

Did you do anything just before it started?
I'm not sure, but it was most likely triggered while looking for photo references on Google Images... That's how I always get into trouble.

[jholland1964]

Please do the following:
Please download TDSSKiller.zip and and extract it to a location where you can easily find it.

Run TDSSKiller.exe.
Click Start scan.
When it is finished the utility outputs a list of detected objects with description.
The utility automatically selects an action (Cure or Delete) for malicious objects.
The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options remain as it is, do not change them. and click Continue
Let reboot if needed and tell me if the tool needed a reboot.
Click on Report and post the contents of the text file that will open. Go up to Edit, Select All, Copy. Come back here, open a reply, place the cursor in the reply, right click and choose Paste. The log will be pasted into your reply. Hit the submit button.

After running the TDSKiller please next do the following:

Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

http://majorgeeks.com/downloadget.ph...d909666f809b26

DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version if one is available. There are always new updates to the definitions.
* Once the program has loaded, select Perform full scan, then choose the drive(s) then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected if malware is found.
* When MBA-M finishes, Notepad will open with the log. The log can be retrieved by opening up MBAM and clicking on the Logs Tab at the top of the program .

Reboot the computer

Once the computer is rebooted open MBA-M again. Go to the Logs tab. Double click the log from this scan...the logs are dated. Once the log is open, go up to Edit, Select All, Copy. Then come back here, open a reply and place the cursor into the reply box. Right click and choose Paste. The log will be placed into your reply. Hit the submit button.
After the logs are read you will be given the next steps.

[trollitrade]

Thank you very much! I'll give all that a shot, then I'll report back here with the scan logs.

[jholland1964]

Just post them if you get them, I'll take a look in the morning. If you have problems running either program, try them in safe mode, though normal is preferable. If you cannot run them then also post back with that information.

If both programs run well and you get the logs posted then the next step will be this one:

Download DDS by sUBs and save it to your Desktop.
http://www.bleepingcomputer.com/download/anti-virus/dds
Be sure follow the instructions below carefully
• If your AV has a script blocker, please disable it
• DoubleClick on dds.scr to run the tool
* A command box will open, displaying added information for your reading pleasure while DDS completes its scan.
* Upon completion, a Dialog Box should open instructing you to save and post the TWO resulting logs (DDS.txt & Attach.txt).
• Copy&Paste both the DDS.txt and the DDS Attach.txt into your post for assistance.
Notice I say copy/paste BOTH logs. The Attach.txt log says at the top to attach it, please do not attach it but copy/paste it also
Both of these logs are very long and because of that will take multiple replies in order to post them here. Please split the logs carefully as each and every line must be seen.

[trollitrade]

Got through the TDSSkiller part. It found a rootkit of some sort and said it was a high threat level. Here are the logs for that, and yes, it did require a system reboot.

TDSSKILLER LOGS
21:22:56.0215 5604 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
21:22:56.0714 5604 ================================================== ==========
21:22:56.0714 5604 Current date / time: 2012/03/04 21:22:56.0714
21:22:56.0714 5604 SystemInfo:
21:22:56.0714 5604
21:22:56.0714 5604 OS Version: 6.1.7601 ServicePack: 1.0
21:22:56.0714 5604 Product type: Workstation
21:22:56.0714 5604 ComputerName: USER-PC
21:22:56.0714 5604 UserName: User
21:22:56.0714 5604 Windows directory: C:\Windows
21:22:56.0714 5604 System windows directory: C:\Windows
21:22:56.0714 5604 Running under WOW64
21:22:56.0714 5604 Processor architecture: Intel x64
21:22:56.0714 5604 Number of processors: 2
21:22:56.0714 5604 Page size: 0x1000
21:22:56.0714 5604 Boot type: Normal boot
21:22:56.0714 5604 ================================================== ==========
21:23:00.0318 5604 Drive \Device\Harddisk1\DR1 - Size: 0x1D9C00000 (7.40 Gb), SectorSize: 0x200, Cylinders: 0x3C6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
21:23:00.0365 5604 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:23:00.0365 5604 Drive \Device\Harddisk1\DR1 - Size: 0x1D9C00000 (7.40 Gb), SectorSize: 0x200, Cylinders: 0x3C6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:23:00.0365 5604 \Device\Harddisk1\DR1:
21:23:00.0365 5604 MBR used
21:23:00.0365 5604 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xECC000
21:23:00.0365 5604 \Device\Harddisk0\DR0:
21:23:00.0380 5604 MBR used
21:23:00.0380 5604 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:23:00.0380 5604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23505800
21:23:00.0380 5604 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23569800, BlocksNum 0x1E91000
21:23:00.0380 5604 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0
21:23:00.0380 5604 \Device\Harddisk1\DR1:
21:23:00.0380 5604 MBR used
21:23:00.0380 5604 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xECC000
21:23:00.0458 5604 Initialize success
21:23:00.0458 5604 ================================================== ==========



Alrighty, now for step two with MBA-M. It took two and a half hours to get there, and it turned up eight things like "Trojan.ZBot.Trash" and... "PUP.Adware.K.OpenInstall" and "Trojan.QHost.BG"... But here are the reports for the scan:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.05.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
User :: USER-PC [administrator]

Protection: Enabled

3/4/2012 9:33:47 PM
mbam-log-2012-03-04 (21-33-47).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 585438
Time elapsed: 2 hour(s), 21 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\L ocal\dplaysvr.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\L ocal\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
C:\Users\User\AppData\Local\Temp\188696438.exe (Trojan.ZBot.Trash) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\188699792.exe (Trojan.ZBot.Trash) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\188703146.exe (Trojan.ZBot.Trash) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\6.503398809100355 E8.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\7.57062304021729E 7.tmp (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\thpm1640998338789 760615.tmp (Exploit.Drop.3P) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Local\Temp\XHksYxFH.exe.part (PUP.Adware.K.OpenInstall) -> Quarantined and deleted successfully.
C:\Users\User\Desktop\El Dorado\Z. Program Files\oi_free-wma-mp3-converter.exe (PUP.Adware.K.OpenInstall) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\ThinkPoint.lnk (Rogue.ThinkPoint) -> Quarantined and deleted successfully.

(end)

[trollitrade]

Thank you so much for the info!
Here is the DDS Log, part 1/2...

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_20
Run by User at 0:41:19 on 2012-03-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2111 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_960c1f056a541068\STacSV64.e xe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stw rt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.e xe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\SPLASH.SYS\config\DVMExportService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\User\AppData\Roaming\Spotify\spotify.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE
C:\Windows\system32\msiexec.exe
C:\Windows\splwow64.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Spotify] "C:\Users\User\AppData\Roaming\Spotify\Spotify.exe " /uri spotify:autostart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStart Menu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManage r.exe" -launchedbylogin
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [2c5fe66f] C:\Windows\system32\config\systemprofile\AppData\L ocal\yds.exe
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\L ocal\dplaysvr.exe
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STA RTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Sta rtup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelper s\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelper s\freeyoutubetomp3converter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D76063E6-8983-4F96-B7F9-7B2ED99466B6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D76063E6-8983-4F96-B7F9-7B2ED99466B6}\2375942554636373 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D76063E6-8983-4F96-B7F9-7B2ED99466B6}\47275667F627723702E6564777F627B6 : DhcpNameServer = 10.0.1.1
TCP: Interfaces\{D76063E6-8983-4F96-B7F9-7B2ED99466B6}\D6F6F6E627F636B637 : DhcpNameServer = 66.76.175.70 208.180.42.100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} -

[trollitrade]

And here's part 2/2 of the DDS Log:

C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: AC-Pro: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
BHO-X64: SuggestMeYesBHO - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \IE\rpbrowserrecordplugin.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mRun-x64: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStart Menu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManage r.exe" -launchedbylogin
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\9l8gt7h6.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Baa31ecfc-402d-4148-9b14-c3162dfb4590%7D&mid=62b8e803131047d6950ca113f047f3 a5-decb8cfe5f41a5d779b35c05071c36f80ee9da84&ds=AVG&v= 10.0.0.7&lang=en&pr=fr&d=2011-09-27%2014%3A34%3A16&sap=ku&q=
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\compon ents\IGeared_tavgp_xputils3.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\compon ents\IGeared_tavgp_xputils35.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\compon ents\xpavgtbapi.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dl l
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinti ng.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.d ll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \Firefox\Ext\components\nprpffbrowserrecordlegacye xt.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin \MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instanc es\0.9.7.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGI DSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 DVMIO;DVMIO;C:\SPLASH.SYS\config\dvmio.sys [2009-9-27 21624]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileReposi tory\stwrt64.inf_amd64_neutral_960c1f056a541068\AE STSr64.exe [2009-3-2 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SPLASH.SYS\config\DVMExportService.exe [2009-7-8 323584]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-4 652360]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-12-28 5790064]
R2 TeamViewer5;TeamViewer 5;C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-12-1 2011944]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-12-28 487280]
R2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-1-18 909152]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIV ERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIV ERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-5 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system3 2\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1cb0c455d39118;Google Update Service (gupdate1cb0c455d39118);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-14 133104]
S3 AVerFx2hbtv64;AVerMedia C038 USB Capture Card;C:\Windows\system32\drivers\AVerFx2hbtv64.sys --> C:\Windows\system32\drivers\AVerFx2hbtv64.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-1-10 517448]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-14 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VS TAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VS TDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVER S\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsus bflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.s ys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== Created Last 30 ================
.
2012-03-05 05:32:34 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes
2012-03-05 05:32:27 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-03-05 05:32:26 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-05 05:32:25 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-05 05:32:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-05 05:17:33 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-17 00:36:27 -------- d-----w- C:\Users\User\AppData\Local\Spotify
2012-02-17 00:35:56 -------- d-----w- C:\Users\User\AppData\Roaming\Spotify
2012-02-16 01:10:18 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-16 01:10:18 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-16 01:09:49 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-16 01:09:49 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-16 01:09:22 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-16 01:08:53 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
==================== Find3M ====================
.
2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 08:46:06 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 07:52:58 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 0:42:25.93 ===============

[trollitrade]

Lastly, here is the "attach" log.
Again, thank you so much for taking the time to have a look at this for me. It's very kind of you.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 6/3/2010 3:27:45 PM
System Uptime: 3/5/2012 12:11:26 AM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 3642
Processor: AMD Turion(tm) II Dual-Core Mobile M520 | Socket S1G3 | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 26.875 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 2.508 GiB free.
E: is FIXED (FAT32) - 0 GiB total, 0.091 GiB free.
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP150: 2/21/2012 3:00:15 AM - Windows Update
RP151: 3/3/2012 7:10:59 PM - HPSF Restore Point
.
==== Installed Programs ======================
.
7-Zip 4.65
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Professional CS5.5
Adobe Photoshop CS5.1
Adobe Reader 9.1 MUI
Adobe Shockwave Player
Amazon MP3 Downloader 1.0.10
AMD USB Filter Driver
Apple Application Support
Apple Software Update
Ask Toolbar
Atheros Driver Installation Program
Audacity 1.2.6
Audacity 1.3.8 (Unicode)
AutocompletePro
AVerMedia C038 USB Capture Card 2.0.64.124
CaptureWizPro 4.40
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
CyberLink DVD Suite
CyberLink PhotoNow
CyberLink PowerProducer
DVD Menu Pack for HP MediaSmart Video
File Uploader
Free Audio CD Burner version 1.4.7
Free Mp3 Wma Ogg Converter 7.1.1
Free RAR Extract Frog
Free Studio version 4.8
Free WMA to MP3 Converter 1.16
Free YouTube Download version 3.0.16.923
Free YouTube to MP3 Converter version 3.10.7.804
Google Chrome
Google Update Helper
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart Software Notebook Demo
HP MediaSmart Webcam
HP MediaSmart/TouchSmart Netflix
HP Quick Launch Buttons
HP QuickWeb
HP Setup
HP Smart Web Printing
HP Support Assistant
HP Update
HP User Guides 0146
HP Wireless Assistant
HPAsset component for HP Active Support Library
Hulu Desktop
IDT Audio
Java Auto Updater
Java(TM) 6 Update 20
JMicron Flash Media Controller Driver
Junk Mail filter update
KRISTAL Audio Engine
LabelPrint
LightScribe System Software
Macromedia FreeHand MX
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee Security Scan Plus
Microsoft Choice Guard
Microsoft Live Search Toolbar
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Small Business
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 10.0.2 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon Message Center
Nikon Transfer
Norton Online Backup
OpenOffice.org 3.2
PageFour 1.70
PDF Settings CS5
Power2Go
PowerDirector
Prism Video File Converter
QLBCASL
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek 8136 8168 8169 Ethernet Driver
RealUpgrade 1.1
Recovery Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
SIW version 2010.04.28
Skype Toolbars
Skype™ 5.5
Spotify
Switch Sound File Converter
TeamViewer 5
TeamViewer 7
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office Word 2007 (KB974631)
Update for Office 2007 (KB934528)
Vegas Movie Studio HD 9.0
Vegas Movie Studio HD Platinum 10.0
Vegas Movie Studio Platinum 9.0
Visual Studio 2008 x64 Redistributables
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Movie Maker 2.6
WinRAR 4.01 (32-bit)
ZIP Reader 8.00.0018
.
==== Event Viewer Messages From Past Week ========
.
3/5/2012 12:12:10 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
3/5/2012 12:11:54 AM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
3/4/2012 9:21:44 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 5 service to connect.
3/4/2012 9:21:44 PM, Error: Service Control Manager [7000] - The TeamViewer 5 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/2/2012 12:18:37 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0x0000000000000884, 0xfffff880039e1a68, 0xfffff880039e12c0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 030212-48141-01.
2/29/2012 7:11:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EFS service.
2/27/2012 7:39:56 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002ccbb5a, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 022712-43633-01.
2/27/2012 1:40:18 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TouchServicePen service.
.
==== End Of File ===========================

[MikeN.]

Next do this:
Please Run the ESET Online Scanner
http://www.eset.com/onlinescan/

*If you use Internet Explorer to complete this scan , you will need to allow an Active X to be installed or you may use Firefox
* You will need to temporarily Disable your current Anti-virus program.
* Be sure the option to Remove found threats is checked and the option to Scan unwanted applications is Checked.
* When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us.

You can uninstall the Ask Toolbar, AVG Safe Search Toolbar

[jholland1964]

Your host file definitely needs fixing also.

Follow these instructions:

Please go here to get the zip file:
http://winhelp2002.mvps.org/hosts.htm

and then to these instructions for Windows 7
http://winhelp2002.mvps.org/hostswin7.htm

Download the zip file.
by default it should be located in your "User" Download folder.
Highlight the file (single-click) then right-click and select > Extract All from the menu ...

Next: Make sure there is a check in the "Show extracted files when complete" option

Next: right-click the installer "mvps.bat" and select: Run as Administrator (see below)

Ok the UAC prompt and the batch file will run ... which will backup the existing HOSTS file (HOSTS.MVP) then copy the updated HOSTS file to the proper location. You should see a completed prompt (press any key) and that's it ...
You should see this screen shown in the attachment if replacement was successful

[trollitrade]

Alright, the ESET scan finally finished.
Here are the logs:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2f88a9e30980874cb702fadaebd4abcc
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-05 05:27:07
# local_time=2012-03-05 09:27:07 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 13715130 13715130 0 0
# compatibility_mode=5893 16776574 66 94 18007593 82504109 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=410289
# found=16
# cleaned=16
# scan_time=7768
C:\TDSSKiller_Quarantine\04.03.2012_21.16.09\mbr00 00\tdlfs0000\tsk0003.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\04.03.2012_21.16.09\mbr00 00\tdlfs0000\tsk0004.dta Win64/Olmarik.X trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\04.03.2012_21.16.09\mbr00 00\tdlfs0000\tsk0005.dta a variant of Win32/Olmarik.AXV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\04.03.2012_21.16.09\mbr00 00\tdlfs0000\tsk0006.dta Win64/Olmarik.AC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\04.03.2012_21.16.09\mbr00 00\tdlfs0000\tsk0007.dta a variant of Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\04.03.2012_21.16.09\mbr00 00\tdlfs0000\tsk0008.dta Win64/Olmarik.Z trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Default\eboknghcdjcehlomdgbolfknalbob jmp\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\User\AppData\Local\Temp\640E.tmp a variant of Win32/Olmarik.AWA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\9l8gt7h6.default\extensions\{040f7634-8e86-454c-a72d-5025fe7c8a66}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Prof iles\9l8gt7h6.default\extensions\{695d0e91-df2d-4078-a4f2-2f2c8bef9984}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\65VXVVN9\milf[1].html HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\C1B0W82U\crystmassoft5_net[1].htm HTML/TrojanDownloader.Applet.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\JEPLRUSO\jquery.bgiframe.min[1].js JS/Agent.NEJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\KPZZFGNV\pornvideos_de_nu[1].txt HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\XU6EAIHS\cn_download[1].htm HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\XU6EAIHS\landing[1].php HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C



That's all. Oh, and thank you for the next step! I'll get on that once I get home later tonight.

[MikeN.]

Go ahead and do the Host file fix posted by Judy, will get back to you on other directions for the next step

[MikeN.]

Do the Host file fix, then uninstall AVG, reboot. Take the machine offline, Judy is posting directions for another tool, check back for her directions AFTER you have uninstalled AVG

[jholland1964]

Please download ComboFix by sUBs from

http://www.bleepingcomputer.com/down...virus/combofix

Please note that the BleepingComputer.com download link will expire in 10 minutes after you click it so if you don’t click within ten minutes after reaching the page you will need to refresh the page.

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

[trollitrade]

I did the host file fix, and then uninstalled AVG2012 so I could do the ComboFix, except then ComboFix told me that these real time scanners are active:

antivirus: AVG Anti-Virus Free Edition 2012
antispyware: AVG Anti-Virus Free Edition 2012

I'm sort of confused, because I already uninstalled AVG. Now I'm trying to figure out how to uninstall it completely, except that there's no file in the uninstall programs list... because I already uninstalled it and rebooted the computer. Hmm... How odd! Maybe I should've checked the boxes that said things like "delete virus vault" and such, except that sounded like I was gonna take the vault files off of quarantine or something.

Sorry for the extra trouble! I'm looking around to solve it.

[MikeN.]

Quote:

Originally Posted by trollitrade

I did the host file fix, and then uninstalled AVG2012 so I could do the ComboFix, except then ComboFix told me that these real time scanners are active:

antivirus: AVG Anti-Virus Free Edition 2012
antispyware: AVG Anti-Virus Free Edition 2012

I'm sort of confused, because I already uninstalled AVG. Now I'm trying to figure out how to uninstall it completely, except that there's no file in the uninstall programs list... because I already uninstalled it and rebooted the computer. Hmm... How odd! Maybe I should've checked the boxes that said things like "delete virus vault" and such, except that sounded like I was gonna take the vault files off of quarantine or something.

Sorry for the extra trouble! I'm looking around to solve it.

Link for the AVG removal tool. Once you run this, reboot then do a search for AVG files and manually remove them if you have to, to include program folders

http://download.avg.com/filedir/util..._2012_1796.exe

[trollitrade]

Hmm, I ran the uninstaller tool and then did a search for AVG programs using the search bar in the start menu, and this was all that showed up:

avgremover (notepad document)
avgremover (Another notepad document with less text, but the same name)
avg_remover_stf_x64_2012_1796 (Program file)
AdobeFlash11.5-mul.proxy
AdobeFlash11.5-Driver-mul.proxy

I didn't think any of those were active AVG files, because most of them are the remover tool's files, but when I tried to run ComboFix, it gave me the same warning, that these real time scanners are active:

antivirus: AVG Anti-Virus Free Edition 2012
antispyware: AVG Anti-Virus Free Edition 2012

Odd... I tried to dig around in the Program Files, Program Files (x86), and even in the ProgramData areas, but I'm not finding anything. Should I post the remover tool logs? They were pretty long.

[jholland1964]

Quote:

Originally Posted by trollitrade

Maybe I should've checked the boxes that said things like "delete virus vault" and such, except that sounded like I was gonna take the vault files off of quarantine or something.

It would not have taken the vault files off of quarantine, it would have removed quarantine along with all files inside, which is what you want to do. You want those completely off the computer along with that AVG program that didn't work and now is stopping this necessary program from being run.

[jholland1964]

Quote:

Originally Posted by trollitrade

Hmm, I ran the uninstaller tool and then did a search for AVG programs using the search bar in the start menu, and this was all that showed up:

avgremover (notepad document)
avgremover (Another notepad document with less text, but the same name)
avg_remover_stf_x64_2012_1796 (Program file)
AdobeFlash11.5-mul.proxy
AdobeFlash11.5-Driver-mul.proxy

I didn't think any of those were active AVG files, because most of them are the remover tool's files, but when I tried to run ComboFix, it gave me the same warning, that these real time scanners are active:

antivirus: AVG Anti-Virus Free Edition 2012
antispyware: AVG Anti-Virus Free Edition 2012

Odd... I tried to dig around in the Program Files, Program Files (x86), and even in the ProgramData areas, but I'm not finding anything. Should I post the remover tool logs? They were pretty long.

Don't manually search in single folders, just do a straight search on the computer for AVG.

Start, Search and just type AVG Anti-Virus Free Edition 2012
No we don't need the remover tool logs.

[jholland1964]

Tell you what, never mind doing that. Delete that combofix that you downloaded.

Go back to http://www.bleepingcomputer.com/down...virus/combofix

download a brand new copy and save it to the desktop.
Then reboot to Safe Mode and run Combofix. If it says AVG is still there, ignore that and run Combofix in Safe Mode.

Once it is finished and says the log is saved then reboot and go to C:\ComboFix.txt. and get the log and post it here.