Can't get rid of savings sidekick

ccarrell · September 5, 2012

I am running Windows 7 with Firefox and savings sidekick appeared on my web browser as I was searching a product website. I uninstalled the program thru windows control panel but it still shows up on Firefox. I ran a full scan with Malwarebites but it still shows up. how do I get rid of it?

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.09.03.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.7601.17514

Chuck :: FAMILY-COMPUTER [administrator]

9/3/2012 11:51:40 AM

mbam-log-2012-09-03 (11-51-40).txt

Scan type: Full scan (C:\|)

Scan options disabled: P2P

Objects scanned: 490476

Time elapsed: 1 hour(s), 2 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 3

HKCU\Software\Cr_Installer\5060 (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\CouponAlert_2p (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 1

HKCU\Software\InstalledBrowserExtensions\215 Apps|5060 (PUP.CrossFire.SA) -> Data: Savings Sidekick -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23

Run by Chuck at 10:23:30 on 2012-09-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.4869 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.myheritage.com

uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173601104204p2329u985408i17413

mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173601104204p2329u985408i17413

mStart Page = hxxp://search.myheritage.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

BHO: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Logitech Scroll App: {e11db59d-5008-42ff-9069-535843bc0be1} - C:\Program Files\Logitech\ScrollApp\32-bit\LogiSmooth.dll

BHO: TMIEGBHO Class: {f1ad4a42-ba52-47bc-89df-3f68f24c017f} - C:\Program Files (x86)\Trend Micro\Browser Guard\TMAMS.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: TMBGBAR TOOLBAR: {c8137a8d-415d-450c-a1b1-d0c519d45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [GrooveMonitor] C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE

mRun: [NPSStartup]

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

StartupFolder: C:\Users\Chuck\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: $talisma_url$

Trusted Zone: intuit.com\ttlc

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A646CD0A-B559-4556-811C-11FD9051927B} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{FE6DAEFC-AF23-460D-859D-53A6D4FBF792} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO-X64: Canon Easy-WebPrint EX BHO - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File

BHO-X64: Windows Live Family Safety Browser Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

BHO-X64: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File

BHO-X64: IEGBH0 - No File

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Logitech Scroll App: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\ScrollApp\32-bit\LogiSmooth.dll

BHO-X64: TMIEGBHO Class: {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\TMAMS.dll

BHO-X64: TMIEGBHO - No File

TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: TMBGBAR TOOLBAR: {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [NPSStartup]

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

Hosts: 74.55.76.230 www.google-analytics.com.

Hosts: 74.55.76.230 ad-emea.doubleclick.net.

Hosts: 74.55.76.230 www.statcounter.com.

Hosts: 178.250.45.15 www.google-analytics.com.

Hosts: 178.250.45.15 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={97BA5140-A1A4-465A-9BFD-0C39FA1774C6}&mid=dfc153ab53e9712624dcd3558e47908e-c48e441145dd1ac2c2658faa98ba5401f64420d4〈=en&ds=AVG&pr=fr&d=2012-05-06 10:39:05&v=12.2.5.32&sap=ku&q=

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Users\Chuck\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]

R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-2-12 517632]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]

R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-21 240160]

R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-4 722528]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 cxpl_mhd;CX23885/7 PCI-E AvStream Video Capture (PalomarMHD);C:\Windows\system32\drivers\y_cx88x.sys --> C:\Windows\system32\drivers\y_cx88x.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-23 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 250056]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-1 947528]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-23 136176]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\system32\DRIVERS\rtl819xp.sys --> C:\Windows\system32\DRIVERS\rtl819xp.sys [?]

S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n64.sys --> C:\Windows\system32\DRIVERS\RTL85n64.sys [?]

S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);C:\Windows\system32\DRIVERS\sscebus.sys --> C:\Windows\system32\DRIVERS\sscebus.sys [?]

S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;C:\Windows\system32\DRIVERS\sscemdfl.sys --> C:\Windows\system32\DRIVERS\sscemdfl.sys [?]

S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;C:\Windows\system32\DRIVERS\sscemdm.sys --> C:\Windows\system32\DRIVERS\sscemdm.sys [?]

S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2010-7-20 16448]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]

S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]

.

=============== Created Last 30 ================

.

2012-09-04 15:57:37 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2012-09-03 17:10:54 -------- d-----w- C:\Users\Chuck\AppData\Local\{A4530A9C-37B5-43A4-824E-2AD09D619DA2}

2012-09-03 17:08:29 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-09-03 17:06:46 -------- d-----w- C:\Users\Chuck\AppData\Local\{DFA62747-98CA-43E7-9721-0806CE2E5336}

2012-09-01 00:53:41 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-08-27 02:11:17 -------- d-----w- C:\Users\Chuck\AppData\Local\Microsoft Games

2012-08-24 20:27:39 616736 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_369\uninstall.exe

2012-08-24 20:26:55 616736 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_566\uninstall.exe

2012-08-24 20:26:44 -------- d-----w- C:\Users\Chuck\AppData\Local\Savings Sidekick

2012-08-24 20:26:26 616736 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_0\uninstall.exe

2012-08-24 19:04:11 -------- d-----w- C:\ProgramData\DivX

.

==================== Find3M ====================

.

2012-08-15 01:44:38 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 01:44:38 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-16 05:16:04 609792 ----a-w- C:\Windows\System32\vbscript.dll

2012-06-16 04:26:57 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2005-09-23 14:56:56 69632 ----a-w- C:\Program Files\mfcm80.dll

2005-09-23 14:56:36 479232 ----a-w- C:\Program Files\msvcm80.dll

2005-09-23 14:56:34 57344 ----a-w- C:\Program Files\mfcm80u.dll

2005-09-23 09:16:14 57344 ----a-w- C:\Program Files\MFC80ENU.dll

2005-09-23 09:16:14 1093632 ----a-w- C:\Program Files\mfc80.dll

2005-09-23 09:16:14 1079808 ----a-w- C:\Program Files\mfc80u.dll

2005-09-23 07:05:58 626688 ----a-w- C:\Program Files\msvcr80.dll

2005-09-23 07:05:58 548864 ----a-w- C:\Program Files\msvcp80.dll

2005-03-25 02:31:12 348672 ----a-w- C:\Program Files\msvcrt.dll

.

============= FINISH: 10:24:01.69 ===============

Attach.txt

Maurice Naggar · September 6, 2012

Hello ccarrell.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

Go to your Desktop
Double-Click the Computer icon.
From the menu options, Select Tools, then Folder Options.
Next click the View tab.
Locate and uncheck Hide file extensions for known file types.
Locate and uncheck Hide protected operating system files (Recommended).
Locate and click Show hidden files and folders and drives.
Click Apply > OK.

Step 3

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

Accept the Terms of Use and press Start button;
Approve the install of the required ActiveX Control, then follow on-screen instructions;
Enable (check) the Remove found threats option, and run the scan.
After the scan completes, the Details tab in the Results window will display what was found and removed.
- A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.
Look at contents of this file using Notepad.
The Frequently Asked Questions for ESET Online Scanner can be viewed here
http://go.eset.com/us/online-scanner/faq
- It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
  (And the prompt re-enabling when finished.)
- If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
- Do not use the system while the scan is running. Once the full scan is underway, go take a long break

Re-enable the antivirus program.

Reply with copy of the Eset scan log

ccarrell · September 7, 2012

Thank you for your help. I followed your instructions with Firefox, I do not use Exploder. Here is the file.

Log.txt

C:\Program Files (x86)\Uninstall Information\ib_uninst_0\uninstall.exe Win32/InstallBrain application cleaned by deleting - quarantined

C:\Program Files (x86)\Uninstall Information\ib_uninst_369\uninstall.exe Win32/InstallBrain application cleaned by deleting - quarantined

C:\Program Files (x86)\Uninstall Information\ib_uninst_566\uninstall.exe Win32/InstallBrain application cleaned by deleting - quarantined

C:\Users\Chuck\AppData\Local\Temp\YontooLayers\background.html Win32/Adware.Yontoo.C application cleaned by deleting - quarantined

C:\Users\Chuck\Downloads\7zip-setup.exe Win32/DownloadAdmin.A.Gen application cleaned by deleting - quarantined

C:\Users\Chuck\Downloads\cnet2_A9CADV2Setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

C:\Users\Chuck\Downloads\cnet2_XProMill_Demo_Setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

C:\Users\Chuck\Downloads\cnet_bbff_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

C:\Users\Chuck\Downloads\freeripmp3-setup.exe multiple threats cleaned by deleting - quarantined

C:\Users\Chuck\Downloads\VideoPerformerSetup.exe Win32/InstallBrain application cleaned by deleting - quarantined

C:\Users\Chuck\Downloads\winamp5601_full_emusic-7plus_en-us.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\Chuck\Downloads\winamp561_full_emusic-7plus_en-us.exe Win32/OpenCandy application cleaned by deleting - quarantined

Maurice Naggar · September 7, 2012

Download Dr.Web CureIt to the desktop.

Turn OFF your antivirus program.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, chose the Complete Scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look and see if you can click the following icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer to allow files that were in use to be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

ccarrell · September 8, 2012

here are the results

Crypto.dll;C:\$Recycle.Bin\S-1-5-21-3946652921-1277461710-1299094945-1000\$RU8NVBG\EarthLink\SKU0\Bin;Trojan.PWS.Siggen.30176;Deleted.; toolbarhomewmp.dll;C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\components\FF4;Win32.HLLM.Reset.395;Deleted.; toolbarhomewmp.dll;C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.18\components\FF4;Win32.HLLM.Reset.395;Deleted.; devlin1.exe;C:\Documents and Settings\Chuck\Downloads;Trojan.MulDrop3.21354;Incurable.Moved.; devlin2.exe;C:\Documents and Settings\Chuck\Downloads;Trojan.MulDrop3.20790;Incurable.Moved.; rec_letters_job.exe;C:\Documents and Settings\Chuck\Downloads;Trojan.MulDrop3.20240;Incurable.Moved.; ShopAtHome_Toolbar.exe;C:\Documents and Settings\Chuck\Downloads;Adware.SAHAgent.193 - read error;Invalid path to file ; Crypto.dll;C:\OEM\Preload\Autorun\APP\EarthLink Gateway Edition\EarthLink_8.1.7.7_Gateway\SKU0\Bin;Trojan.PWS.Siggen.30176;Deleted.;

Maurice Naggar · September 8, 2012

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

ccarrell · September 8, 2012

QuickScan 64-bit v0.9.9.118

---------------------------

Scan date: Sat Sep 08 10:13:40 2012

Machine ID: AE021F7E

No infection found.

-------------------

Processes

---------

(verified) Acer Update Service 2104 C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

(verified) Adobe Acrobat 4388 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

(verified) AMD External Events 4032 C:\Windows\System32\atieclxx.exe

(verified) AMD External Events 692 C:\Windows\System32\atiesrxx.exe

(verified) AVG Internet Security 452 C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

(verified) AVG Internet Security 2844 C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

(verified) AVG Internet Security 2276 C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

(verified) AVG Internet Security 2828 C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

(verified) AVG Internet Security 4372 C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

(verified) AVG Internet Security 1836 C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

(verified) AVG Internet Security 412 C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

(verified) Backup Manager Module 1716 C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

(verified) Bonjour 1900 C:\Program Files\Bonjour\mDNSResponder.exe

(verified) Business Contact Manager for Microsoft 1872 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

(verified) Firefox 5088 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(verified) Firefox 4456 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

(verified) Firefox 2852 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

(verified) Global Registration 1976 C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

(verified) Intuit Update Service 3992 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

(verified) iTunes 4484 C:\Program Files (x86)\iTunes\iTunesHelper.exe

(verified) iTunes 4964 C:\Program Files\iPod\bin\iPodService.exe

(verified) LSI Soft Modem Call Progress Service 1760 C:\Program Files\LSI SoftModem\agr64svc.exe

(verified) mcci+McciCMService 840 C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

(verified) mcci+McciCMService 1440 C:\Program Files\Common Files\Motive\McciCMService.exe

(verified) Microsoft Office 2010 4236 C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE

(verified) Microsoft Office 2010 4228 C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

(verified) Microsoft OneNote 4260 C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

(verified) Microsoft SQL Server 2656 C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe

(verified) Microsoft® CoReXT 2176 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(verified) Microsoft® CoReXT 2312 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(verified) Microsoft® Windows® Operating System 2772 C:\Program Files\Windows Media Player\wmpnetwk.exe

(verified) Microsoft® Windows® Operating System 3848 C:\Windows\explorer.exe

(verified) Microsoft® Windows® Operating System 1384 C:\Windows\servicing\TrustedInstaller.exe

(verified) Microsoft® Windows® Operating System 848 C:\Windows\System32\csrss.exe

(verified) Microsoft® Windows® Operating System 728 C:\Windows\System32\csrss.exe

(verified) Microsoft® Windows® Operating System 4780 C:\Windows\System32\dllhost.exe

(verified) Microsoft® Windows® Operating System 2184 C:\Windows\System32\dwm.exe

(verified) Microsoft® Windows® Operating System 904 C:\Windows\System32\lsass.exe

(verified) Microsoft® Windows® Operating System 912 C:\Windows\System32\lsm.exe

(verified) Microsoft® Windows® Operating System 884 C:\Windows\System32\services.exe

(verified) Microsoft® Windows® Operating System 284 C:\Windows\System32\smss.exe

(verified) Microsoft® Windows® Operating System 1640 C:\Windows\System32\spoolsv.exe

(verified) Microsoft® Windows® Operating System 380 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 2144 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1104 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1020 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1680 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1496 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1416 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1404 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 3704 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1196 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1156 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 3580 C:\Windows\System32\taskeng.exe

(verified) Microsoft® Windows® Operating System 1284 C:\Windows\System32\taskeng.exe

(verified) Microsoft® Windows® Operating System 2100 C:\Windows\System32\taskhost.exe

(verified) Microsoft® Windows® Operating System 824 C:\Windows\System32\wininit.exe

(verified) Microsoft® Windows® Operating System 1072 C:\Windows\System32\winlogon.exe

(verified) Microsoft® Windows® Operating System 3092 C:\Windows\System32\WUDFHost.exe

(verified) MobileDeviceService 1796 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(verified) Shockwave Flash 3144 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

(verified) Shockwave Flash 5128 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

(verified) ToolbarU Application 2152 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

(verified) VProtect Application 4380 C:\Program Files (x86)\AVG Secure Search\vprot.exe

(verified) Windows Live Family Safety Service 1936 C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

(verified) Windows® Internet Explorer 5336 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 5376 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Search 3220 C:\Windows\System32\SearchIndexer.exe

Network activity

----------------

Process svchost.exe (380) listens on ports: 135 (RPC)

Process wininit.exe (824) listens on ports: 49152 (RPC)

Process services.exe (884) listens on ports: 49156 (RPC)

Process lsass.exe (904) listens on ports: 49157 (RPC)

Process svchost.exe (1104) listens on ports: 49153 (RPC)

Process svchost.exe (1196) listens on ports: 49154 (RPC)

Process GregHSRW.exe (1976) listens on ports: 8093

Process wmpnetwk.exe (2772) listens on ports: 554 (RTSP)

Autoruns and critical files

---------------------------

(unsigned) Internet Explorer C:\Program Files (x86)\Internet Explorer

(unsigned) QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe

(unsigned) Wondershare Studio C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

(verified) Adobe® Flash® Player Update Service C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

(verified) Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(verified) AVG Internet Security C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(verified) iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe

(verified) Logitech SetPoint c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

(verified) Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\grooveex.dll

(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE

(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

(verified) Microsoft OneNote C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

(verified) Microsoft® Windows® Operating System C:\Windows\system32\PhotoScreensaver.scr

(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

(verified) ROC_ROC_JULY_P1.exe C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe

(verified) VProtect Application C:\Program Files (x86)\AVG Secure Search\vprot.exe

Browser plugins

---------------

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

(verified) Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll

(verified) Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

(verified) AVG Internet Security C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll

(verified) AVG Internet Security C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll

(verified) Bitdefender QuickScan C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

(verified) Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax64.dll

(verified) Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll

(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

(verified) Browser Guard 2011 c:\program files (x86)\trend micro\browser guard\x64\tmams64.dll

(verified) Browser Guard 2011 c:\program files (x86)\trend micro\browser guard\x64\tmieg64.dll

(verified) CouponNetwork Coupon Activator Netscape C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

(verified) CouponNetwork Coupon Activator Netscape C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll

(verified) Java Deployment Toolkit 6.0.230.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL

(verified) Microsoft Office 2010 c:\program files\microsoft office\office14\urlredir.dll

(verified) Microsoft® CoReXT C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL

(verified) Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

(verified) Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

(verified) Microsoft® Windows Media Player Firefox C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

(verified) Move Streaming Media Player C:\Users\Chuck\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll

(verified) NPSWF64_11_3_300_271.dll C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll

(verified) Pando Web Installer C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

(verified) ScrollApp c:\program files\logitech\scrollapp\logismooth.dll

(verified) Winamp Toolbar for Firefox Plugin Dynam C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

(verified) Windows® Internet Explorer C:\Windows\System32\ieframe.dll

Missing files

-------------

File not found: C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe

--> HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\"ROC_roc_dec12"

Scan

----

MD5: 9c2078437d6fc541bd268ba903f6aeb4 C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

MD5: 484b0d16f7d2a1bf51e84d6a9636e0b1 C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll

MD5: 2a6d346451e4d8aa8650fbe7f0135099 C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\agent_stub.dll

MD5: af43c4f7f3c8bc95dad95024f96cdc4a C:\Program Files (x86)\QuickTime\QTTask.exe

MD5: b334fca2f0878c2af77826211dbe55bb C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll

MD5: 884258c8e81da9d65eed846ad611ce3c C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll

MD5: c2335d714efafffb4c7a3c164f2024b1 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MD5: 17fadecb631ff8dbe735ba33409885c2 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll

MD5: 26a68554f95a344b62e5771af598e0e8 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MD5: 3353b667e1ef7898b1b936ee631d9fe0 C:\Windows\System32\CNMLMA0.DLL

MD5: 4db7376155e964d49ae8296fa36f2290 C:\Windows\System32\CNMN6PPM.DLL

MD5: 0ce3dfa09526a8297cd5b9a895a7c8b2 C:\Windows\System32\spool\drivers\x64\3\CNMLHA0.DLL

MD5: 345709e87e47a9f028e8973aec9d3bc2 C:\Windows\System32\spool\prtprocs\x64\CNMPDA0.DLL

No file uploaded.

Scan finished - communication took 5 sec

Total traffic - 0.10 MB sent, 3.56 KB recvd

Scanned 2050 files and modules - 192 seconds

==============================================================================

Maurice Naggar · September 8, 2012

Bitdefender scan result is good.

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

Accept the EULA & Download the latest version of >> Windows Offline << from here
or >> from here <<
and save it to your desktop.
Given that you have a 64-bit Windows, get both the 32-bit & the 64-bit Windows java files.
Close any programs you may have running - especially your web browser(s).
Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.
Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7u7-windows-i586.exe to install the newest version.
( jre-7u7-windows-x64.exe also. This is a 64-bit Windows o.s.)

After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
    Trace and Log Files
  [*]Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

2

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Program and Features, Un-install Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

3

Download Security Check by screen317 from here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

4

Temporarily turn off your antivirus.

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy and Paste the MBAM scan log for review.

Turn on your antivirus.

You already have DDS report tool.

double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

ccarrell · September 8, 2012

Results of screen317's Security Check version 0.99.50

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG Anti-Virus Free Edition 2012

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

Java 7 Update 7

Adobe Flash Player 11.3.300.271 Flash Player out of Date!

Adobe Reader X (10.1.4)

Mozilla Firefox (15.0.1)

````````Process Check: objlist.exe by Laurent````````

AVG avgwdsvc.exe

AVG avgtray.exe

Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.09.08.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Chuck :: FAMILY-COMPUTER [administrator]

9/8/2012 3:23:18 PM

mbam-log-2012-09-08 (15-23-18).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 263788

Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2

Run by Chuck at 15:32:08 on 2012-09-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.5818 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.myheritage.com

uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173601104204p2329u985408i17413

mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173601104204p2329u985408i17413

mStart Page = hxxp://search.myheritage.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

BHO: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll