Can't remove Generic33 Trojan.  Help

Inactive
By red32
Jun 14, 2013
Topic Status:
Not open for further replies.
  1. AVG keeps showing Generic33 attacks, but can't clean it. How do I get rid of Generic33?

    --------------------------------------------
    MBAM

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org
    Database version: v2013.06.14.08
    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Rick :: RICK-PC [administrator]
    6/14/2013 8:36:11 PM
    mbam-log-2013-06-14 (20-36-11).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 225053
    Time elapsed: 22 minute(s), 26 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
    ------------------------------
    DDS

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 1.6.0_35
    Run by Rick at 21:13:16 on 2013-06-14
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.1272 [GMT -4:00]
    .
    AV: AVG Internet Security 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Internet Security 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\system32\DRIVERS\xaudio64.exe
    C:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\RAVCpl64.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
    C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
    C:\Program Files (x86)\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
    C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files (x86)\Browny02\BrYNSvc.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
    c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\hp\kbd\kbd.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\splwow64.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    uProxyServer = hxxp=1.0.0.1:61535
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    uURLSearchHooks: {37153479-1976-43c3-a1ee-557513977b64} - <orphaned>
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Download Manager Browser Helper Object: {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files (x86)\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
    uRun: [Valve] rundll32.exe C:\Users\Rick\AppData\Local\Valve\ejmqpmrq.dll,cQzPuGBtZawssbEkgjvidBWTyNH
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [KBD] C:\HP\KBD\KbdStub.EXE
    mRun: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
    mRun: [BrStsMon00] "C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe" /AUTORUN
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
    mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTW~1.LNK - C:\Program Files (x86)\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
    IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - <orphaned>
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.dotphoto.com/ImageUploader4.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{9CCD81DF-41BE-4FD3-9875-FD8016E35625} : DHCPNameServer = 192.168.1.1
    Handler: linkscanner - <Clsid value has no data>
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
    x64-Run: [RtHDVCpl] RAVCpl64.exe
    x64-Run: [IAAnotif] "C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
    x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe
    x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - <orphaned>
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-Handler: linkscanner - <Clsid value has no data>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Rick\AppData\Roaming\Mozilla\Firefox\Profiles\wk3fjlfk.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=GM2TDF&PC=GM2TDF&q=
    FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
    FF - prefs.js: browser.startup.homepage - hxxps://portal.fellowshipone.com/login.aspx?ReturnUrl=%2f
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=524517&p=
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 61535
    FF - prefs.js: network.proxy.type - 1
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\fluxDVD\APIX\NPAPIX.dll
    FF - plugin: C:\Program Files (x86)\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
    FF - plugin: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
    FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
    FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Program Files\View22\Version 3.10.50\NPView22.dll
    FF - plugin: C:\Users\Rick\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
    FF - plugin: C:\Users\Rick\AppData\Roaming\Mozilla\plugins\npatgpc.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - ExtSQL: !HIDDEN! 2009-06-24 03:00; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
    R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\System32\drivers\SmartDefragDriver.sys [2011-3-1 17720]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-29 45856]
    R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-11-11 464256]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-4-1 428640]
    R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-21 1015984]
    R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-12-28 245760]
    R3 CAXHWBS3;CAXHWBS3;C:\Windows\System32\drivers\CAXHWBS3.sys [2008-2-12 286208]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
    S1 lwrycgwo;lwrycgwo;C:\Windows\System32\drivers\lwrycgwo.sys [2013-6-14 49872]
    S1 vkbzelbb;vkbzelbb;C:\Windows\System32\drivers\vkbzelbb.sys [2013-6-14 49872]
    S1 wipfyevc;wipfyevc;C:\Windows\System32\drivers\wipfyevc.sys [2013-6-14 49872]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-14 128048]
    S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;C:\Windows\System32\drivers\hcw72ADFilter.sys [2010-4-23 38656]
    S3 hcw72ATV;WinTV HVR-950 NTSC;C:\Windows\System32\drivers\hcw72ATV.sys [2010-4-23 1631488]
    S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;C:\Windows\System32\drivers\hcw72DTV.sys [2010-4-23 1634176]
    S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2011-4-1 341856]
    S3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2011-4-1 4184672]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
    S3 PCD5SRVC{E2AF211B-86DA020A-05040000};PCD5SRVC{E2AF211B-86DA020A-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~2\PC-DOC~1\PCD5SRVC_x64.pkms [2007-12-11 25888]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\System32\drivers\wg111v2.sys [2007-12-26 340992]
    S3 tivoir;TiVo IR Transceiver Driver;C:\Windows\System32\drivers\tivoir64.sys [2008-10-15 15104]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]
    SUnknown iiulqqps;iiulqqps; [x]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1
    FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1
    FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1
    FileExt: .vbs: VBSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
    FileExt: .js: JSFile=C:\Windows\SysWow64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2013-06-15 01:11:53 49872 ----a-w- C:\Windows\System32\drivers\vkbzelbb.sys
    2013-06-15 00:36:10 49872 ----a-w- C:\Windows\System32\drivers\wipfyevc.sys
    2013-06-14 08:34:23 49872 ----a-w- C:\Windows\System32\drivers\lwrycgwo.sys
    2013-06-13 07:02:55 75825640 ----a-w- C:\Windows\System32\mrt.exe
    2013-06-11 19:23:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-11 19:23:22 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-05-21 16:33:18 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2013-05-17 04:05:41 17824768 ----a-w- C:\Windows\System32\mshtml.dll
    2013-05-17 03:27:25 10926080 ----a-w- C:\Windows\System32\ieframe.dll
    2013-05-17 03:09:56 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2013-05-17 03:02:53 1346560 ----a-w- C:\Windows\System32\urlmon.dll
    2013-05-17 03:02:29 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2013-05-17 03:01:13 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2013-05-17 03:00:22 237056 ----a-w- C:\Windows\System32\url.dll
    2013-05-17 02:58:20 85504 ----a-w- C:\Windows\System32\jsproxy.dll
    2013-05-17 02:56:09 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2013-05-17 02:56:00 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2013-05-17 02:55:59 816640 ----a-w- C:\Windows\System32\jscript.dll
    2013-05-17 02:54:09 729088 ----a-w- C:\Windows\System32\msfeeds.dll
    2013-05-17 02:53:20 2147840 ----a-w- C:\Windows\System32\iertutil.dll
    2013-05-17 02:51:49 96768 ----a-w- C:\Windows\System32\mshtmled.dll
    2013-05-17 02:51:27 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-05-17 02:46:31 248320 ----a-w- C:\Windows\System32\ieui.dll
    2013-05-16 23:08:55 12329984 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2013-05-16 22:49:25 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2013-05-16 22:39:39 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-05-16 22:28:40 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2013-05-16 22:28:26 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-05-16 22:27:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2013-05-16 22:26:07 231936 ----a-w- C:\Windows\SysWow64\url.dll
    2013-05-16 22:23:35 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2013-05-16 22:21:37 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2013-05-16 22:21:34 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
    2013-05-16 22:20:30 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2013-05-16 22:19:25 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2013-05-16 22:17:30 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2013-05-16 22:17:21 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2013-05-16 22:16:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-05-16 22:12:55 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
    2013-05-08 06:10:12 770384 ----a-w- C:\Windows\SysWow64\msvcr100.dll
    2013-05-08 06:10:12 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
    2013-05-08 04:14:40 1417576 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-05-08 02:27:42 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
    2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe
    2013-05-02 04:16:27 686080 ----a-w- C:\Windows\System32\win32spl.dll
    2013-05-02 04:04:25 443904 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-05-02 04:03:42 37376 ----a-w- C:\Windows\SysWow64\printcom.dll
    2013-04-24 04:09:48 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-04-24 04:09:48 132096 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-04-24 04:09:48 1269248 ----a-w- C:\Windows\System32\crypt32.dll
    2013-04-24 04:09:41 50688 ----a-w- C:\Windows\System32\certenc.dll
    2013-04-24 04:00:30 985600 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-04-24 04:00:30 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-04-24 04:00:30 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-04-24 04:00:24 41984 ----a-w- C:\Windows\SysWow64\certenc.dll
    2013-04-24 02:10:00 1078272 ----a-w- C:\Windows\System32\certutil.exe
    2013-04-24 01:46:29 812544 ----a-w- C:\Windows\SysWow64\certutil.exe
    2013-04-17 13:04:03 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
    2013-04-17 12:30:06 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
    2013-04-15 14:17:12 901496 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-04-13 03:34:30 47104 ----a-w- C:\Windows\System32\cdd.dll
    2013-04-09 01:55:57 2774016 ----a-w- C:\Windows\System32\win32k.sys
    2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-03-29 06:53:48 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2013-03-21 07:08:24 240952 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2006-05-03 09:06:54 163328 --sh--r- C:\Windows\SysWOW64\flvDX.dll
    2007-02-21 10:47:16 31232 --sh--r- C:\Windows\SysWOW64\msfDX.dll
    2008-03-16 12:30:52 216064 --sh--r- C:\Windows\SysWOW64\nbDX.dll
    .
    ============= FINISH: 21:15:57.23 ===============
  2. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================

    [​IMG] I still need Attach.txt log from DDS.

    [​IMG] You're running two AV programs, AVG and MSE.
    You must uninstall one of them.
    If AVG use AVG Remover: http://www.avg.com/us-en/utilities
  3. red32

    red32 Newcomer, in training Topic Starter

    Sorry. Thank you for your help. Here is the Attach Zip. I have removed AVG.

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 46,179   +251

    Please observe forum rules.
    All logs have to be pasted not attached.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.