Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

MAJOR DATA LOSS 07MAY2011 (RUNNING AVG INTERNET SECURITY)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

MAJOR DATA LOSS 07MAY2011 (RUNNING AVG INTERNET SECURITY)

Unread postby Central Scrutinizer » May 8th, 2011, 11:34 am

My daughter had been using my laptop extensively on 05/06 and 07 May 2011. It is a Dell Inspiron 6400 running MS Vista Premium 32 O/S. When I came to login to my Vista session I discovered that my desktop background had vanished and had reverted to the default windows wallpaper and that the layout of shortcut icons was altered. The amount of options available in the START menu was also significantly reduced. My ID picture was still showing in the user account pane. All my 'DOCUMENTS', 'PICTURES' and 'MUSIC' files seem to have dissapeared. Unitil 21 April I was running McAfee Total Security 2011 but as I could not afford to renew at the time I installed and was running AVG Internet Security. I ran a full scan and it detected a two Trojans (both the same) in the Recycle Bin, with the ID string:

File: C:\$Recycle.Bin\S-1-5-21-915503681-829026943-51739620-1000\$RX6F151.exe (Result/Infection: Trojan horse Crypt.AHZV)

I have deleted the trojan from the Recycle Bin per the instructions of AVG.

DDS Log:

============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Soluto\soluto.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\McAfee Online Backup\MOBKbackup.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP Wireless Printer Adapter\ConnectMgr.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVG\AVG10\avgui.exe
C:\Program Files\AVG\AVG10\avgcfgex.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\program files\bang & olufsen\beoplayer\beotray.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\program files\hp\digital imaging\bin\hpqtra08.exe
C:\program files\hp\hp software update\hpwuschd2.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\Program Files\AVG\AVG10\avgscanx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\cleanmgr.exe
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VLUYWF2B\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uWindow Title = Internet Explorer, optimized for Bing and MSN
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
uURLSearchHooks: H - No File
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\family toolbar\tbcore3.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101114023645.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: TalkTalk Mail Toolbar Loader: {97736b03-27dc-47fd-939e-12f77f73d792} - c:\program files\talktalk mail toolbar\talktalkmailtb.dll
BHO: AddThis Toolbar BHO: {9ebf8aaf-0a31-4786-909a-97a0ef101743} - c:\program files\addthis toolbar\Toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\family toolbar\tbcore3.dll
TB: TalkTalk Mail Toolbar: {e9d7aa34-9f3b-4a42-be5d-e049da305ec3} - c:\program files\talktalk mail toolbar\talktalkmailtb.dll
TB: AddThis Toolbar: {b43176cc-4d9e-493b-a636-d9cbfe39c6da} - c:\program files\addthis toolbar\Toolbar.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\john\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [<NO NAME>]
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [McPvTray] c:\program files\mcafee\anti-theft\McPvTray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/ph ... den-gb.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R? BBSvc;Bing Bar Update Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? cpuz132;cpuz132
R? ewusbnet;HUAWEI USB-NDIS miniport
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? HPWPAUSB;Wireless Printer Adapter
R? hwusbdev;Huawei DataCard USB PNP Device
R? IT9135BDA;IT9135 BDA Devices
R? massfilter;ZTE Mass Storage Filter Driver
R? mferkdet;McAfee Inc. mferkdet
R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service
R? MSSQLServerADHelper100;SQL Active Directory Helper Service
R? osppsvc;Office Software Protection Platform
R? PCAMp50;PCAMp50 NDIS Protocol Driver
R? RsFx0103;RsFx0103 Driver
R? SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ)
R? wlcrasvc;Windows Live Mesh remote connections service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? Avgfwfd;AVG network filter service
S? avgfws;AVG Firewall
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSEH;AVGIDSEH
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSShim;AVGIDSShim
S? Avgldx86;AVG AVI Loader Driver
S? Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx86;AVG Anti-Rootkit Driver
S? Avgtdix;AVG TDI Driver
S? avgwd;AVG WatchDog
S? BecHelperService;BecHelperService
S? cfwids;McAfee Inc. cfwids
S? FontCache;Windows Font Cache Service
S? hpnuhst;HP NUSB Host
S? HPNUHUB;HP NUSB Hub
S? McAfee SiteAdvisor Service;McAfee SiteAdvisor Service
S? McMPFSvc;McAfee Personal Firewall Service
S? McNaiAnn;McAfee VirusScan Announcer
S? McProxy;McAfee Proxy Service
S? McPvDrv;McPvDrv Driver
S? McShield;McShield
S? mfeavfk;McAfee Inc. mfeavfk
S? mfebopk;McAfee Inc. mfebopk
S? mfefire;McAfee Firewall Core Service
S? mfefirek;McAfee Inc. mfefirek
S? mfehidk;McAfee Inc. mfehidk
S? mfenlfk;McAfee NDIS Light Filter
S? mfevtp;McAfee Validation Trust Protection Service
S? mfewfpk;McAfee Inc. mfewfpk
S? MOBKbackup;McAfee Online Backup
S? MOBKFilter;MOBKFilter
S? NAUpdate;Nero Update
S? PCGenFAM;PCGenFAM
S? RapportCerberus_26169;RapportCerberus_26169
S? RapportEI;RapportEI
S? RapportKELL;RapportKELL
S? RapportMgmtService;Rapport Management Service
S? RapportPG;RapportPG
S? SolutoService;Soluto PCGenome Core Service
.
=============== Created Last 30 ================
.
2011-05-08 12:41:58 -------- d-----w- c:\users\john\appdata\local\{05B14E6E-16F3-4F9F-B15E-5ABC0C96A273}
2011-05-05 00:34:05 -------- d-----w- c:\program files\Bonjour
2011-05-04 22:44:55 -------- d-----w- c:\users\john\One Note Travel Guides
2011-05-04 22:32:13 -------- d-----w- c:\users\john\appdata\local\{E5D323FD-51BC-4DDE-B9B3-53B7C5CB3273}
2011-05-03 11:01:20 -------- d-----w- c:\users\john\appdata\local\{90286405-DA9B-4055-AEB0-3060A9A07457}
2011-05-02 12:23:17 -------- d-----w- c:\users\john\appdata\local\{5ED1BE03-67B3-4C58-A3A8-D9644E5315C0}
2011-05-01 20:36:48 -------- d-----w- c:\users\john\appdata\local\{5EB185FE-1F1E-445D-9991-A0A305A2EB58}
2011-05-01 19:06:06 -------- d-----w- c:\users\john\appdata\local\{17906C00-A2A6-437D-B8FF-88148BF3B703}
2011-04-30 19:02:11 -------- d-----w- c:\users\john\appdata\local\{E9CE2893-E26A-41C5-A18A-ECCCEAAF6611}
2011-04-30 13:50:56 -------- d--h--w- C:\$AVG
2011-04-29 21:26:25 -------- d-----w- c:\users\john\appdata\local\{05685D3E-FC9F-4151-9049-FF769DF39113}
2011-04-29 08:26:15 -------- d-----w- c:\users\john\appdata\local\{72BAFC3A-D59C-4DD9-95BC-28A8F02A0FB4}
2011-04-28 13:34:50 53816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-04-28 06:19:12 -------- d-----w- c:\users\john\appdata\local\{B0483027-5A1D-4D86-9353-110E000B1E99}
2011-04-27 21:20:45 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 21:20:42 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 21:20:07 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-26 07:35:08 -------- d-----w- c:\users\john\appdata\local\{4E61ACE4-C41F-4BCC-BF2C-9F4204653683}
2011-04-25 18:59:13 -------- d-----w- c:\users\john\appdata\local\{560E3707-A98E-4142-8C41-D66488A53D04}
2011-04-24 16:21:26 -------- d-----w- c:\users\john\appdata\local\{94511396-BD0F-4148-A920-D3F1A13059C2}
2011-04-23 15:46:13 -------- d-----w- c:\users\john\appdata\local\{77E8DF18-7404-4FCB-8019-6488384C174B}
2011-04-22 23:41:07 -------- d-----w- c:\users\john\appdata\local\{3D50944B-A6D3-4FF4-8B64-91A8C53F54FF}
2011-04-22 20:46:02 -------- d-----w- c:\users\john\Drivers
2011-04-22 01:53:50 -------- d-----w- c:\users\john\appdata\local\{6DA7EEE6-866C-40D4-A503-755ABB35042E}
2011-04-21 22:01:25 -------- d-----w- c:\users\john\appdata\roaming\AVG10
2011-04-21 21:52:08 -------- d--h--w- c:\progra~2\Common Files
2011-04-21 21:46:27 -------- d-----w- c:\windows\system32\drivers\AVG
2011-04-21 21:46:27 -------- d-----w- c:\progra~2\AVG10
2011-04-21 21:43:33 -------- d-----w- c:\program files\AVG
2011-04-21 20:57:57 -------- d-----w- c:\progra~2\MFAData
2011-04-21 11:39:26 -------- d-----w- c:\users\john\appdata\local\{E3E57000-C5F4-48CC-BC5C-9F00FA025B4A}
2011-04-20 19:59:19 -------- d-----w- c:\users\john\appdata\local\{5BE434AA-F60B-4E00-B540-7E1F1F77A22C}
2011-04-20 07:38:17 -------- d-----w- c:\users\john\appdata\local\{743F2A96-AD44-4C50-B3F2-5CA61782C500}
2011-04-19 19:02:11 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2149b2ec-f3a2-49e9-989b-f8907d814fe2}\mpengine.dll
2011-04-18 12:13:23 -------- d-----w- c:\users\john\appdata\local\{ABCA70B1-33F2-41F9-BB46-0DD2A47F7ECA}
2011-04-17 16:47:01 -------- d-----w- c:\users\john\appdata\local\{24E46021-D1AB-4FF4-B15A-D30A64022304}
2011-04-16 14:49:44 -------- d-----w- c:\users\john\appdata\local\{7987ED59-0AF1-4E83-B034-DC46422FEAC4}
2011-04-15 19:55:28 -------- d-----w- c:\users\john\appdata\local\{983ADADF-09AD-47B6-8E5F-FD6776D6AB50}
2011-04-15 19:47:59 -------- d-----w- c:\users\john\appdata\local\{7B6B5CCF-8EC7-4661-BA87-A12A15DCEC1A}
2011-04-14 14:37:31 -------- d-----w- c:\users\john\appdata\local\{7F22DB41-1637-4F96-A6EF-C015323853C6}
2011-04-14 02:39:02 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-04-13 19:13:28 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-13 19:13:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-13 19:13:17 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-13 19:13:17 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-13 19:13:16 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-13 19:13:16 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-13 19:13:06 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-13 19:13:06 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-13 19:12:57 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-13 19:12:56 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-13 19:12:56 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-13 19:12:47 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-13 19:12:47 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-13 19:12:39 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-13 19:12:30 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-13 19:12:16 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-13 17:58:16 -------- d-----w- c:\users\john\appdata\local\{73B9E94E-8EAC-4F59-87F7-0513A62ACF79}
2011-04-12 20:50:58 -------- d-----w- c:\users\john\appdata\local\{00EF9A59-7509-4680-A1F3-312BB9F79A2B}
2011-04-11 23:54:42 -------- d-----w- C:\.jagex_cache_32
2011-04-11 18:55:12 -------- d-----w- c:\users\john\appdata\local\{B0DB34AC-8E50-46B2-AB73-70C9C54B4CAA}
2011-04-11 06:51:46 -------- d-----w- c:\users\john\appdata\local\{AC287859-9A52-43D5-BED0-8D9CBF8D258F}
2011-04-10 18:50:55 -------- d-----w- c:\users\john\appdata\local\{B3D05159-038F-41E8-B537-3033C6140DF6}
2011-04-09 12:04:57 -------- d-----w- c:\users\john\appdata\local\{3D3FDC7F-B11E-4099-898E-18DB42828D3C}
2011-04-08 20:04:55 -------- d-----w- c:\users\john\appdata\local\{23FB4EAF-B493-4B4E-9AAA-C956F6247C40}
2011-04-08 15:50:38 -------- d-----w- c:\users\john\appdata\local\{EDB22306-4622-4F27-8488-231CE24F2A9B}
.
==================== Find3M ====================
.
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
.
============= FINISH: 15:45:00.51 ===============

INSTALLED PROGRAMMES LOG:

Installed Programmes: 20110508
.
==== Installed Programs ======================
.
1310
1310_Help
1310Trb
32 Bit HP CIO Components Installer
3Connect
3MobileWiFi
Acoustica Effects Pack
Acrobat.com
AddThis Toolbar
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader 9.4.4
Adobe Shockwave Player 11.5
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
BBC iPlayer Desktop
BeoPlayer
Bing Bar
BlazeDTV 6.0
Bonjour
Brother P-touch Address Book 1.1
Brother P-touch Editor 5.0
BufferChm
Business Contact Manager for Microsoft Outlook 2010
Conduit Engine
Cool Edit Pro 2.0
Copy
Coupon Printer
CustomerResearchQFolder
D3DX10
Definition update for Microsoft Office 2010 (KB982726)
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
Download Updater (AOL LLC)
Encyclopaedia Britannica 2005 Ultimate Reference Suite DVD
eSupportQFolder
Fax
Feedback Tool
Google Chrome
Google Earth
Google Update Helper
High-Definition Video Playback 10
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 8.0
HP Deskjet 1050 J410 series Basic Device Software
HP Deskjet 1050 J410 series Help
HP Deskjet 1050 J410 series Product Improvement Study
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photo Creations
HP Photosmart Essential
HP Product Assistant
HP Solution Center 8.0
HP Update
HP Wireless Printer Adapter
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Image Rescue 4
iTunes
Java Auto Updater
Java(TM) 6 Update 24
Junk Mail filter update
MarketResearch
McAfee Anti-Theft
McAfee Online Backup
McAfee Total Protection
Mesh Runtime
Messenger Companion
Meter Drivers for OneTouch(R) Software
Meter Drivers for OneTouch(R) Software v1.8.0
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft AutoRoute 2007
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Default Manager
Microsoft Image Composite Editor
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft PhotoDraw 2000
Microsoft Primary Interoperability Assemblies 2005
Microsoft Research AutoCollage 2008 version 1.1
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft® Office Language Pack 2010 – English (Business Contact Manager for Microsoft Outlook 2010)
MobileMe Control Panel
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Msxml4 for LDCF
MyHeritage Family Tree Builder
Nero 10 ClipartPack
Nero 10 Menu TemplatePack 1
Nero 10 Menu TemplatePack 2
Nero 10 Menu TemplatePack 3
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack 1
Nero 10 Movie ThemePack 2
Nero 10 Movie ThemePack Basic
Nero 10 Sample ImagePack
Nero 10 Sample Videos
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NVIDIA Drivers
Olympus Digital Wave Player
OLYMPUS DSS Player-Lite
OneTouch Software
PersonalBrain 6
PL-2303 USB-to-Serial
Professor Answers
Professor Teaches Excel 2007
QuickTime
Rapport
RawPacketDriver
RCA Logbook 7
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealSpeak Solo for UK English Emily
RealUpgrade 1.1
RICOH Media Driver ver.2.07.01.04
RICOH R5U8xx Media Driver ver.3.62.02
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Safari
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft Excel 2010 (KB2466146)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Segoe UI
Serif MontagePlus 1.0
Serif PagePlus X2
Serif PagePlus X2 Resources
Service Pack 1 for SQL Server 2008 (KB968369)
Shop for HP Supplies
SolutionCenter
Soluto
Sonic Activation Module
SPANISH in 10 minutes a day®
Spin It Again
Spotify
Sql Server Customer Experience Improvement Program
Status
Switch Sound File Converter
TalkTalk Mail Toolbar
The Times Software Series\Chess
Times Reader
Toolbox
TrayApp
UK-Info 2004
Uniblue RegistryBooster
Uniblue SystemTweaker
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2441641)
Vuze
Vuze Remote Toolbar
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
Xvid 1.2.1 final uninstall
ZTE_1.2059.0.8
.
==== End Of File ===========================
Central Scrutinizer
Active Member
 
Posts: 1
Joined: May 8th, 2011, 9:37 am
Advertisement
Register to Remove

Re: MAJOR DATA LOSS 07MAY2011 (RUNNING AVG INTERNET SECURITY

Unread postby Carolyn » May 10th, 2011, 6:54 am

Please familiarize yourself with the forum rules: >Forum Posting Rules - Please Read<

The DDS.txt and Attach.txt logs you posted were incomplete as they had the entire header missing.

Please follow the guideline at the link below to start a new topic and post your DDS log by pasting it into your post. Do not utilize attachments.

This topic is now closed. Please start a new topic by following the guideline posted here: >Guideline for posting your DDS log<
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 135 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware