IRP Hook, Win64/Patched.A, Luhe.Sirefef.A all detected using..PLEASE HELP!!

As of late my laptop has been running really slow. AVG detects

Threat Name: Win64/Patched.A
File Name: c:\Windows\System32\services.exe

but then prompts that it has been deleted, yet the infection keeps coming back. The pop-up comes at least every hour and a half or so. It seems like every hour or so my laptop beings to freeze and run EXTREMELY slow. Then all of a sudden everything will be fine for a little bit; then the cycle continues again an hour later.

Also, my homepage has been switched to Startnow, with a Yahoo search box in the middle of the page. I tried changing it back to what I originally had, but it won't change. I did a little research online and found that this may very well be a virus.

Another problem I've encountered is the Google redirect virus. Everytime I search something using Google, it redirects me to random websites. I also did a little research on Google redirecting to different links, and found this was also a virus.

When performing a whole system scan using AVG, it detected:

22 Rootkits

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_SET_INFORMATION -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_QUERY_EA -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_SET_EA -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_FLUSH_BUFFERS -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_QUERY_VOLUME_INFORMATION -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_SET_VOLUME_INFORMATION -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_DIRECTORY_CONTROL -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_FILE_SYSTEM_CONTROL -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_DEVICE_CONTROL -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_SHUTDOWN -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_LOCK_CONTROL -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_CLEANUP -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_CREATE_MAILSLOT -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_QUERY_SECURITY -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_SET_SECURITY -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_POWER -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_SYSTEM_CONTROL -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_DEVICE_CHANGE -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_QUERY_QUOTA -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_SET_QUOTA -> 0xFFFFFA8004914674";"Object is hidden"

"";"<unknown>";"IRP hook, \Driver\atapi IRP_MJ_PNP -> 0xFFFFFA8004914674";"Object is hidden"


3 Infections

"";"C:\Windows\System32\services.exe";"Virus identified Win64/Patched.A";"Object is white-listed (critical/system file that should not be removed)"

"";"C:\Program Files (x86)\Mozilla Firefox\firefox.exe (5224):\memory_00fd0000";"Found Luhe.Sirefef.A";"Object is inaccessible."

"";"C:\Program Files (x86)\Mozilla Firefox\firefox.exe (5224)";"Found Luhe.Sirefef.A";""


After the scan AVG was not successful in deleting the infections or rootkits. I do not have any of the reboot CD-ROM's due to the fact the laptop was my Uncle's old laptop and he never gave them to me. The laptop is currently running Windows 7.

I am about to run a Malwarebytes scan, and will post the findings following the completion of the scan.

Please help!! It would be greatly appreciated.

Thanks,

Steve




DDS (Ver_2012-11-05.02) - NTFS_AMD64
Internet Explorer: 9.0.8112.16447 BrowserJavaVersion: 1.6.0_31
Run by Mike at 2:41:38 on 2012-11-07
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
-netsvcs
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120919&user_guid=D780B0845FE241388A55EAB45BD3848C&machine_id=4e83a69f8e7f6f43ca67b730ccdeae73&browser=IE&os=win&os_version=6.1-x64-SP0&iesrc={referrer:source}
mStart Page = hxxp://home.sweetim.com
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO: Webblog: {C3947F4E-8894-4C04-98E0-DF182C706DDF} - C:\Program Files (x86)\wbtooltb\wbtoolDx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: Webblog: {C3947F4E-8894-4C04-98E0-DF182C706DDF} - C:\Program Files (x86)\wbtooltb\wbtoolDx.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [StartNow Search Protect] "C:\Program Files (x86)\StartNow Toolbar\search_protect.exe" /RELAY /REPORT /PROTECT
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ConduitHelper] "C:\Users\Public\Conduit\ConduitHelper\ConduitHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6BFDC052-F56E-42C8-923F-6B5A1F3133E3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6BFDC052-F56E-42C8-923F-6B5A1F3133E3}\07B64777C616E6 : DHCPNameServer = 192.168.11.1
TCP: Interfaces\{6BFDC052-F56E-42C8-923F-6B5A1F3133E3}\1343433547164756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6BFDC052-F56E-42C8-923F-6B5A1F3133E3}\2323034344143786C65697 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{6BFDC052-F56E-42C8-923F-6B5A1F3133E3}\3416C65626F575966696 : DHCPNameServer = 192.168.2.1 74.128.19.102 74.128.17.114
TCP: Interfaces\{6BFDC052-F56E-42C8-923F-6B5A1F3133E3}\765756E64786562737F237869647 : DHCPNameServer = 192.168.2.1 74.128.19.102 74.128.17.114
TCP: Interfaces\{6BFDC052-F56E-42C8-923F-6B5A1F3133E3}\96E63796768647E277966696E2132393 : DHCPNameServer = 192.168.2.1 74.128.19.102 74.128.17.114
TCP: Interfaces\{8B9208F3-50D2-4193-9C6A-E2E0407BF52B} : DHCPNameServer = 10.50.0.1 10.50.0.2 10.50.0.3
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [nwiz] nwiz.exe /install
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\db8u6osz.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.startnow.com/s/?src=startpage&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=20120919&user_guid=D780B0845FE241388A55EAB45BD3848C&machine_id=4e83a69f8e7f6f43ca67b730ccdeae73&browser=FF&os=win&os_version=6.1-x64-SP0
FF - prefs.js: keyword.URL - hxxp://search.startnow.com/s/?src=addrbar&provider=&provider_name=startnow&provider_code=&partner_id=999&product_id=10&affiliate_id=&channel=&toolbar_id=&toolbar_version=&install_country=&install_date=&user_guid=D780B0845FE241388A55EAB45BD3848C&machine_id=4e83a69f8e7f6f43ca67b730ccdeae73&browser=FF&os=win&os_version=6.1-x64-SP0&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\db8u6osz.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - 78db8b5a0000000000000024e8a072cf
FF - user.js: extensions.BabylonToolbar_i.hardId - 78db8b5a0000000000000024e8a072cf
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15322
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1713:32:50
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=18474
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.ovrDmn - isearch.babylon.com
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R? AVGIDSAgent;AVGIDSAgent
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? McComponentHostService;McAfee Security Scan Component Host Service
R? SBSDWSCService;SBSD Security Center Service
R? StorSvc;Storage Service
R? SwitchBoard;Adobe SwitchBoard
R? USBAAPL64;Apple Mobile USB Driver
R? WatAdminSvc;Windows Activation Technologies Service
S? AESTFilters;Andrea ST Filters Service
S? Avgfwfd;AVG network filter service
S? avgfws;AVG Firewall
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSHA;AVGIDSHA
S? Avgldx64;AVG AVI Loader Driver
S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx64;AVG Anti-Rootkit Driver
S? Avgtdia;AVG TDI Driver
S? avgwd;AVG WatchDog
S? e1yexpress;Intel(R) Gigabit Network Connections Driver
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar
.
=============== Created Last 30 ================
.
2012-10-11 02:56:42 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-11 02:56:42 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-24 19:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
.
============= FINISH: 2:59:15.34 ===============

Attached is the log of the Malwarebytes scan. After the Malwarebytes scan, AVG detected a multiple threat. The threat consisted of the following:

File Name: pocket.plussize-fashion.co.uk/r/pricelist.php
Threat Name: Trojan horse Exploit_c.VRQ

File Name: c:\Windows\assembly\GAC_32\Desktop.ini
Threat Name: Trojan horse BackDoor.Generic15.CGSY

File Name: c:\Windows\assembly\GAC_64\Desktop.ini
Threat Name: Trojan horse Generic29.ANPX

File Name: c:\Windows\SysWOW64\config\systemprofile \0.9794624152444374.exe
Threat Name: Trojan horse Generic30.HMJ

File Name: c:\Windows\SysWOW64\config\systemprofile\AppData\Local\{fa8a3e07-f614-39bb-48f0-722c8c28a10e}\n
Threat Name: Trojan horse BackDoor.Generic15.BHGZ

File Name: c:\Windows\SysWOW64\config\systemprofile\0.9794624152444374.exe
Threat Name: Trojan horse Generic30.HMJ

File Name: c:\Windows\SysWOW64\config\systemprofile\AppData\Local\{fa8a3e07-f614-39bb-48f0-722c8c28a10e}\n
Threat Name: Trojan horse BackDoor.Generic15.BHGZ

File Name: c:\Windows\SysWOW64\config\systemprofile\0.9794624152444374.exe
Threat Name: Trojan horse Generic30.HMJ

File Name: c:\Windows\SysWOW64\config\systemprofile\0.9794624152444374.exe
Threat Name: Trojan horse Generic30.HMJ




I have no idea as to why there are so many infections. If someone could please helpit would be greatly appreciated.

Attached Files

	attach.zip (1.7 KB)
	mbam-log-2012-11-07 (05-20-34).txt (3.4 KB)