2 replies to this topic

[Arjan]

Dear helpers, Cecilia,
How to start this story, at the beginning or the end?
Let me follow your instructions and add my other experiences later.
Step 1: I've scanned my pc with the fully updated AdAware 11th july, after IObit Malware fighter found1 threat "Misleading. DefenseCenter". AA quick scan also detected and deleted 1 threat.

Much to my surprise next day the same behaviour as days before: slow internet connection, not found sites, connection problems reported which couldn't be fixed by Windows etc. Even my Yahoo mail and Live messenger became unaccesible. It looked like this infection was learning from my surfing behaviour. So it was still infected and needed more serious attention. I started to run total scans with all i had: IObit, Spyware Doctor, AVG 2012, Spybot S&D and of course AA. At the 16th AA detected this Trojan.Win32.Generic!BT and deleted it, together with a moderate threat. No lasting results, this virus or the stuff it brought with it was something stubborn, that came back everytime i booted. So i decided to restore the pc to a date before the infection began.
Again, after restoring no lasting result. The flashes of pop ups already started while booting. I started wondering: am i gonna look for help, is this too much for me? That's how i came here on the AA support.
I've been working in safe mode several times. During scanning and restoring, which gave no problems.

Step2: Today I've downloaded and ran DDS. I must say that i was glad it described the process would take only 3 mins, however, this wasn't true, it took 10-11 mins and i was about to close DDS disappointed that it didn't work, just like Combofix, which i ran yesterday and stopped.

Below u'll find the logs, Attach.txt first
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5-10-2007 23:28:24
System Uptime: 19-7-2012 23:25:40 (0 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5GC-MX/MEDION/SI
Processor: Intel® Core™2 Duo CPU E4400 @ 2.00GHz | LGA 775 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 118,278 GiB free.
D: is FIXED (FAT32) - 20 GiB total, 5,629 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is FIXED (NTFS) - 35 GiB total, 15,363 GiB free.
J: is FIXED (NTFS) - 39 GiB total, 19,431 GiB free.
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Minipoort-adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Microsoft Tun Minipoort-adapter #2
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Minipoort-adapter
Device ID: ROOT\*TUNMP\0002
Manufacturer: Microsoft
Name: Microsoft Tun Minipoort-adapter #3
PNP Device ID: ROOT\*TUNMP\0002
Service: tunmp
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
4Media Video Editor 2
7-Zip 9.20
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.1 - Nederlands
Advanced SystemCare 5
Aiseesoft Total Media Converter 6.2.26
Ann Video Converter 4.5.0
AnvSoft Photo Flash Maker Professional 5.40
Ashampoo Registry Cleaner v.1.00
AVG 2012
Bass Audio Decoder (remove only)
CD Audio Reader Filter (remove only)
Cinema HD 2.0
CVE-2012-1889
D3DX10
DCoder Image Source (remove only)
DirectVobSub (remove only)
Driver Magician 3.61
ffdshow v1.1.4222 [2012-01-03]
FFMPEG Core Files (remove only)
FoxTab FLV Player
Gabest MPEG Splitter (remove only)
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Haali Media Splitter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HyperCam 3
Inpaint 4.3
IObit Malware Fighter
Java Auto Updater
Java™ 6 Update 33
Junk Mail filter update
LAV Filters (remove only)
Logitech Webcam Software
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2007
Microsoft Office Proof (German) 2010
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (Dutch) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Works
Movavi Video Editor 7 SE
MSVCRT
Nuria 3.6
Online Interview Applicatie
OpenSource AVI Splitter (remove only)
OpenSource DTS/AC3/DD+ Source Filter (remove only)
OpenSource Flash Video Splitter (remove only)
Paragon Migrate OS to SSD™ 2.0 Special Edition
PDF OCR 4.2
PDF Protector Splitter and Merger Pro
Photo Stamp Remover 4.2
Picasa 3
Pivot Pro Plugin
SDK
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
SecurityKISS Tunnel v0.2.2
Segoe UI
Skype™ 5.8
Smart Defrag 2
SmartControl
Speed MP3 Downloader
SpywareBlaster 4.6
SterJo Portable Firewall PRO
TaskmgrPro V1.4.4
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
uRex Video Converter Platinum
v0.2.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wondershare PDF Converter (Build 3.0.0)
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Toolbar
Zoom Player (remove only)
.
==== End Of File ===========================
and DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by AdminAcc at 23:41:12 on 2012-07-19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2551.1216 [GMT 2:00]
.
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
D:\Programma Bestanden\Advanced SystemCare 3\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.115\GoogleCrashHandler.exe
D:\Programma Bestanden\Ad-Aware Antivirus\AdAwareService.exe
D:\Programma Bestanden\AVG\avgwdsvc.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\kmw_run.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Gedownloade programma's\Nuria\Nuria.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
D:\Programma Bestanden\AVG\avgnsx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
D:\Programma Bestanden\AVG\avgrsx.exe
D:\Programma Bestanden\AVG\avgchsvx.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
D:\Programma Bestanden\AVG\avgcsrvx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\KMW_SHOW.EXE
D:\Programma Bestanden\TaskmgrPro\TaskmgrPro.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Programma Bestanden\Ad-Aware Antivirus\SBAMSvc.exe
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\GROOVEMONITOR.EXE
C:\PROGRAM FILES\LOGITECH\LOGITECH WEBCAM SOFTWARE\LWS.EXE
C:\GEDOWNLOADE PROGRAMMA'S\INSTANTTIMEZONE\INSTANTTIMEZONE.EXE
C:\GEDOWNLOADE PROGRAMMA'S\INSTANTTIMEZONE\InstantTimeZone.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.mentoor.nl/
uLocal Page = c:\program files\microsoft sdks\windows\v7.1\samples\security\authorization\azman\app\asp\blank.htm
mStart Page = hxxp://www.nixat.com/
mDefault_Page_URL = hxxp://www.aldi.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
uURLSearchHooks: PHPNukeDU Toolbar: {46735dee-f862-49d1-876d-6382794dc625} -
mURLSearchHooks: PHPNukeDU Toolbar: {46735dee-f862-49d1-876d-6382794dc625} -
mURLSearchHooks: H - No File
mURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Disabled:{02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: PHPNukeDU Toolbar: {46735dee-f862-49d1-876d-6382794dc625} -
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {70F241F6-52AB-4D45-993E-C1C09920095B} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [TaskmgrPro] d:\programma bestanden\taskmgrpro\TaskmpStart.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Nuria] c:\gedownloade programma's\nuria\Nuria.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [toolbar_eula_launcher] c:\program files\googleeula\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [kmw_run.exe] kmw_run.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {4BEEA052-726D-4A6E-B65D-A6BD07C263F3} - {80A21664-E813-4F79-B965-2058C0F7A84C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\programma bestanden\spybot - search & destroy\SDHelper.dll
Trusted Zone: im-history.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 62.45.45.45 62.45.46.46
TCP: Interfaces\{885CD58D-0C12-4820-9BD4-CA7D96E79045} : DhcpNameServer = 62.45.45.45 62.45.46.46
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {621FCD24-4498-4324-A81E-07D331376EDF} - c:\program files\pixiepack codec pack\InstallerHelper.exe
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-7-14 64512]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-1 207280]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-1-2 15672]
R1 AvgLdx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 AvgMfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 AvgTdiX;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R2 Ad-Aware Service;Ad-Aware Service;d:\programma bestanden\ad-aware antivirus\AdAwareService.exe [2012-7-12 1239952]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\programma bestanden\advanced systemcare 3\advanced systemcare 5\ASCService.exe [2011-12-15 913792]
R2 avg9wd;AVG Free WatchDog;d:\programma bestanden\avg\avgwdsvc.exe [2010-12-28 308136]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-20 21504]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2012-7-14 821592]
R2 PdiService;Portrait Displays SDK Service;c:\program files\common files\portrait displays\drivers\pdisrvc.exe [2011-10-29 109168]
R2 SBAMSvc;Ad-Aware;d:\programma bestanden\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-11-29 77816]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-15 935008]
R3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\drivers\l260x86.sys [2008-10-16 29184]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\drivers\Ph3xIB32.sys [2007-4-3 1131136]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2007-8-22 13976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca5dfa875e0b3;Google Update Service (gupdate1ca5dfa875e0b3);c:\program files\google\update\GoogleUpdate.exe [2009-11-5 133104]
S2 ioloFileInfoList;iolo FileInfoList Service; [x]
S2 ioloSystemService;iolo System Service; [x]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 3xHybrid;Philips SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2007-7-31 1136600]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250056]
S3 DfSdkS;Defragmentation-Service;d:\programma bestanden\ashampoo winoptimizer 6\DfSdkS.exe [2010-5-28 406016]
S3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\FileMonitor.sys [2012-7-5 20336]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-5 133104]
S3 KSerMous;Kensington Serial Mouse Driver;c:\windows\system32\drivers\ksermous.sys [2007-10-22 50136]
S3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2008-2-3 3768]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\RegFilter.sys [2012-7-5 30640]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-7-19 93816]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-1 358600]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-5-1 1141200]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wlh_x86\UrlFilter.sys [2012-7-5 19832]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2010-11-30 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2010-11-30 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2010-11-30 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2010-11-30 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2010-11-30 25704]
.
=============== File Associations ===============
.
JSEFile=NOTEPAD.EXE %1
scrfile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2012-07-19 10:51:35 -------- d-----w- c:\users\adminacc\appdata\local\adaware
2012-07-19 10:51:33 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-07-19 10:51:01 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-07-19 10:50:58 -------- d-----w- c:\windows\system32\drivers\VDD
2012-07-19 09:33:40 -------- d-----w- c:\users\adminacc\appdata\local\{C1FEA720-38D5-4127-A4F6-A7DCF61E9E8E}
2012-07-19 09:33:30 -------- d-----w- c:\users\adminacc\appdata\local\{CC9D9EE8-8D46-4EBB-8C6C-57D6FF5C0F4A}
2012-07-18 21:42:57 -------- d-----w- C:\ComboFix
2012-07-18 21:13:16 -------- d-----w- c:\programdata\GFI Software
2012-07-18 13:40:49 -------- d-----w- c:\users\adminacc\appdata\local\{7C0B9623-0849-4276-B04E-F4063D78B96D}
2012-07-18 13:40:23 -------- d-----w- c:\users\adminacc\appdata\local\{254B69D8-A014-4AA4-A9F9-131312313816}
2012-07-18 13:39:54 -------- d-----w- c:\users\adminacc\appdata\local\{912E594F-2A48-4176-A155-F700A4DD05C8}
2012-07-17 21:50:26 -------- d-----w- c:\users\adminacc\appdata\local\{452EB6FB-DAF8-43E4-B9AF-991B7BECA347}
2012-07-17 21:50:16 -------- d-----w- c:\users\adminacc\appdata\local\{5933876B-2958-40D0-855E-11C73B47373E}
2012-07-17 21:50:07 -------- d-----w- c:\users\adminacc\appdata\local\{C54C535A-B2D4-4206-83DE-93C3AFC9604A}
2012-07-17 21:48:29 -------- d-----w- c:\users\adminacc\appdata\local\{81991E57-BFEB-4145-B5D0-DDC05ACE5C62}
2012-07-17 15:24:06 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f4dbfbc0-f30b-4f1e-8460-770bb52cb162}\mpengine.dll
2012-07-16 22:10:15 -------- d-----w- c:\users\adminacc\appdata\local\{A4A78C8A-F1CA-4F65-A7DF-CFDF4919764B}
2012-07-16 22:10:05 -------- d-----w- c:\users\adminacc\appdata\local\{5185BBC9-32E9-44FD-A04D-3D4A9A69CE5F}
2012-07-14 08:10:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-14 07:50:37 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-14 07:50:35 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-14 07:50:35 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-14 07:49:29 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-14 07:49:29 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-14 07:49:29 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-14 07:32:26 9226440 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-11 08:22:30 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-07-11 08:19:32 -------- d-----w- c:\users\adminacc\appdata\local\adawarebp
2012-07-11 08:19:25 -------- d-----w- c:\program files\Toolbar Cleaner
2012-07-11 08:19:19 -------- d-----w- c:\program files\adawaretb
2012-07-10 19:50:23 -------- d-----w- c:\users\adminacc\appdata\roaming\Ad-Aware Antivirus
2012-06-21 08:12:33 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 08:11:55 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 08:11:35 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 08:11:35 171904 ----a-w- c:\windows\system32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-19 21:25:54 7304 ----a-w- c:\windows\TMP0001.TMP
2012-07-14 07:32:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-14 07:32:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 16:43:56 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-14 16:43:56 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-31 10:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 06:01:08 265797 ----a-w- c:\windows\system32\pdvcodec.dll
2012-05-01 14:03:49 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:00:53 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- c:\windows\system32\cryptsvc.dll
.
============= FINISH: 23:50:25,99 ===============
I hope you will be able to help me out with it, I'll wait for your reaction on this and always available to give more information if nessesary.
yours sincerly,
Arjan

[CeciliaB]

Hi Arjan,

Your main problem is probably that you have too many antivirus programs. When several antivirus programs with full real-time protection are installed, they will fight over resources and cause conflicts. You have to use one of AVG, Ad-Aware 10 and Spyware Doctor with AntiVirus. You also have left-overs from Ad-Aware 9 and AVG 9 running. Even if LS Digger Barnes' explanation about possible conflicts with other security programs in the post http://www.lavasofts...ndpost&p=125582 is written for Ad-Aware 9 Pro, the principle is the same for other antivirus programs as well. A more technical explanation is written in http://www.lavasofts...post__p__136994 by LS Andy.

But you also have an add-on in Internet Explorer that probably is questionable and I recommend an uninstallation:
Ask Toolbar, see http://www.systemloo...NERI_1_DLL.html

When you have uninstalled two antivirus programs, please restart the computer and paste a new DDS log.

[CeciliaB]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !