Jump to content

Can't get rid of savings sidekick


ccarrell
 Share

Recommended Posts

I am running Windows 7 with Firefox and savings sidekick appeared on my web browser as I was searching a product website. I uninstalled the program thru windows control panel but it still shows up on Firefox. I ran a full scan with Malwarebites but it still shows up. how do I get rid of it?

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.09.03.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.7601.17514

Chuck :: FAMILY-COMPUTER [administrator]

9/3/2012 11:51:40 AM

mbam-log-2012-09-03 (11-51-40).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 490476

Time elapsed: 1 hour(s), 2 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 3

HKCU\Software\Cr_Installer\5060 (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\CouponAlert_2p (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 1

HKCU\Software\InstalledBrowserExtensions\215 Apps|5060 (PUP.CrossFire.SA) -> Data: Savings Sidekick -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23

Run by Chuck at 10:23:30 on 2012-09-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.4869 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.myheritage.com

uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173601104204p2329u985408i17413

mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173601104204p2329u985408i17413

mStart Page = hxxp://search.myheritage.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

BHO: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Logitech Scroll App: {e11db59d-5008-42ff-9069-535843bc0be1} - C:\Program Files\Logitech\ScrollApp\32-bit\LogiSmooth.dll

BHO: TMIEGBHO Class: {f1ad4a42-ba52-47bc-89df-3f68f24c017f} - C:\Program Files (x86)\Trend Micro\Browser Guard\TMAMS.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: TMBGBAR TOOLBAR: {c8137a8d-415d-450c-a1b1-d0c519d45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [GrooveMonitor] C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE

mRun: [NPSStartup]

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

StartupFolder: C:\Users\Chuck\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: $talisma_url$

Trusted Zone: intuit.com\ttlc

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A646CD0A-B559-4556-811C-11FD9051927B} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{FE6DAEFC-AF23-460D-859D-53A6D4FBF792} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO-X64: Canon Easy-WebPrint EX BHO - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File

BHO-X64: Windows Live Family Safety Browser Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

BHO-X64: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File

BHO-X64: IEGBH0 - No File

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Logitech Scroll App: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\ScrollApp\32-bit\LogiSmooth.dll

BHO-X64: TMIEGBHO Class: {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\TMAMS.dll

BHO-X64: TMIEGBHO - No File

TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: TMBGBAR TOOLBAR: {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [NPSStartup]

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

Hosts: 74.55.76.230 www.google-analytics.com.

Hosts: 74.55.76.230 ad-emea.doubleclick.net.

Hosts: 74.55.76.230 www.statcounter.com.

Hosts: 178.250.45.15 www.google-analytics.com.

Hosts: 178.250.45.15 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={97BA5140-A1A4-465A-9BFD-0C39FA1774C6}&mid=dfc153ab53e9712624dcd3558e47908e-c48e441145dd1ac2c2658faa98ba5401f64420d4〈=en&ds=AVG&pr=fr&d=2012-05-06 10:39:05&v=12.2.5.32&sap=ku&q=

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Users\Chuck\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]

R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-2-12 517632]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]

R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-21 240160]

R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-4 722528]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 cxpl_mhd;CX23885/7 PCI-E AvStream Video Capture (PalomarMHD);C:\Windows\system32\drivers\y_cx88x.sys --> C:\Windows\system32\drivers\y_cx88x.sys [?]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-23 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 250056]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-1 947528]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-23 136176]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\system32\DRIVERS\rtl819xp.sys --> C:\Windows\system32\DRIVERS\rtl819xp.sys [?]

S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n64.sys --> C:\Windows\system32\DRIVERS\RTL85n64.sys [?]

S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);C:\Windows\system32\DRIVERS\sscebus.sys --> C:\Windows\system32\DRIVERS\sscebus.sys [?]

S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;C:\Windows\system32\DRIVERS\sscemdfl.sys --> C:\Windows\system32\DRIVERS\sscemdfl.sys [?]

S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;C:\Windows\system32\DRIVERS\sscemdm.sys --> C:\Windows\system32\DRIVERS\sscemdm.sys [?]

S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2010-7-20 16448]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]

S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]

.

=============== Created Last 30 ================

.

2012-09-04 15:57:37 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2012-09-03 17:10:54 -------- d-----w- C:\Users\Chuck\AppData\Local\{A4530A9C-37B5-43A4-824E-2AD09D619DA2}

2012-09-03 17:08:29 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-09-03 17:06:46 -------- d-----w- C:\Users\Chuck\AppData\Local\{DFA62747-98CA-43E7-9721-0806CE2E5336}

2012-09-01 00:53:41 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll

2012-08-27 02:11:17 -------- d-----w- C:\Users\Chuck\AppData\Local\Microsoft Games

2012-08-24 20:27:39 616736 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_369\uninstall.exe

2012-08-24 20:26:55 616736 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_566\uninstall.exe

2012-08-24 20:26:44 -------- d-----w- C:\Users\Chuck\AppData\Local\Savings Sidekick

2012-08-24 20:26:26 616736 ----a-w- C:\Program Files (x86)\Uninstall Information\ib_uninst_0\uninstall.exe

2012-08-24 19:04:11 -------- d-----w- C:\ProgramData\DivX

.

==================== Find3M ====================

.

2012-08-15 01:44:38 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 01:44:38 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-27 07:06:53 1188864 ----a-w- C:\Windows\System32\wininet.dll

2012-06-27 05:53:07 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-27 04:53:10 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-27 04:10:55 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-16 05:16:04 609792 ----a-w- C:\Windows\System32\vbscript.dll

2012-06-16 04:26:57 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2005-09-23 14:56:56 69632 ----a-w- C:\Program Files\mfcm80.dll

2005-09-23 14:56:36 479232 ----a-w- C:\Program Files\msvcm80.dll

2005-09-23 14:56:34 57344 ----a-w- C:\Program Files\mfcm80u.dll

2005-09-23 09:16:14 57344 ----a-w- C:\Program Files\MFC80ENU.dll

2005-09-23 09:16:14 1093632 ----a-w- C:\Program Files\mfc80.dll

2005-09-23 09:16:14 1079808 ----a-w- C:\Program Files\mfc80u.dll

2005-09-23 07:05:58 626688 ----a-w- C:\Program Files\msvcr80.dll

2005-09-23 07:05:58 548864 ----a-w- C:\Program Files\msvcp80.dll

2005-03-25 02:31:12 348672 ----a-w- C:\Program Files\msvcrt.dll

.

============= FINISH: 10:24:01.69 ===============

Attach.txt

Link to post
Share on other sites

Hello ccarrell.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

You will want to print out or copy these instructions to Notepad for offline reference!

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to ESET Online Scanner website:

http://www.eset.com/onlinescan/

  • Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Enable (check) the Remove found threats option, and run the scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files (x86)\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://go.eset.com/us/online-scanner/faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.
    • Do not use the system while the scan is running. Once the full scan is underway, go take a long break popcorn.gifpepsi.gif

Re-enable the antivirus program.

Reply with copy of the Eset scan log

Link to post
Share on other sites

Thank you for your help. I followed your instructions with Firefox, I do not use Exploder. Here is the file.

Log.txt

C:\Program Files (x86)\Uninstall Information\ib_uninst_0\uninstall.exe Win32/InstallBrain application cleaned by deleting - quarantined

C:\Program Files (x86)\Uninstall Information\ib_uninst_369\uninstall.exe Win32/InstallBrain application cleaned by deleting - quarantined

C:\Program Files (x86)\Uninstall Information\ib_uninst_566\uninstall.exe Win32/InstallBrain application cleaned by deleting - quarantined

C:\Users\Chuck\AppData\Local\Temp\YontooLayers\background.html Win32/Adware.Yontoo.C application cleaned by deleting - quarantined

C:\Users\Chuck\Downloads\7zip-setup.exe Win32/DownloadAdmin.A.Gen application cleaned by deleting - quarantined

C:\Users\Chuck\Downloads\cnet2_A9CADV2Setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

C:\Users\Chuck\Downloads\cnet2_XProMill_Demo_Setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

C:\Users\Chuck\Downloads\cnet_bbff_zip.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined

C:\Users\Chuck\Downloads\freeripmp3-setup.exe multiple threats cleaned by deleting - quarantined

C:\Users\Chuck\Downloads\VideoPerformerSetup.exe Win32/InstallBrain application cleaned by deleting - quarantined

C:\Users\Chuck\Downloads\winamp5601_full_emusic-7plus_en-us.exe Win32/OpenCandy application cleaned by deleting - quarantined

C:\Users\Chuck\Downloads\winamp561_full_emusic-7plus_en-us.exe Win32/OpenCandy application cleaned by deleting - quarantined

Link to post
Share on other sites

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Link to post
Share on other sites

here are the results

Crypto.dll;C:\$Recycle.Bin\S-1-5-21-3946652921-1277461710-1299094945-1000\$RU8NVBG\EarthLink\SKU0\Bin;Trojan.PWS.Siggen.30176;Deleted.; toolbarhomewmp.dll;C:\Documents and Settings\All Users\Application Data\AVG Secure Search\10.2.0.3\components\FF4;Win32.HLLM.Reset.395;Deleted.; toolbarhomewmp.dll;C:\Documents and Settings\All Users\Application Data\AVG Secure Search\9.0.0.18\components\FF4;Win32.HLLM.Reset.395;Deleted.; devlin1.exe;C:\Documents and Settings\Chuck\Downloads;Trojan.MulDrop3.21354;Incurable.Moved.; devlin2.exe;C:\Documents and Settings\Chuck\Downloads;Trojan.MulDrop3.20790;Incurable.Moved.; rec_letters_job.exe;C:\Documents and Settings\Chuck\Downloads;Trojan.MulDrop3.20240;Incurable.Moved.; ShopAtHome_Toolbar.exe;C:\Documents and Settings\Chuck\Downloads;Adware.SAHAgent.193 - read error;Invalid path to file ; Crypto.dll;C:\OEM\Preload\Autorun\APP\EarthLink Gateway Edition\EarthLink_8.1.7.7_Gateway\SKU0\Bin;Trojan.PWS.Siggen.30176;Deleted.;

Link to post
Share on other sites

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

Link to post
Share on other sites

QuickScan 64-bit v0.9.9.118

---------------------------

Scan date: Sat Sep 08 10:13:40 2012

Machine ID: AE021F7E

No infection found.

-------------------

Processes

---------

(verified) Acer Update Service 2104 C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

(verified) Adobe Acrobat 4388 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

(verified) AMD External Events 4032 C:\Windows\System32\atieclxx.exe

(verified) AMD External Events 692 C:\Windows\System32\atiesrxx.exe

(verified) AVG Internet Security 452 C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

(verified) AVG Internet Security 2844 C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

(verified) AVG Internet Security 2276 C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

(verified) AVG Internet Security 2828 C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

(verified) AVG Internet Security 4372 C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

(verified) AVG Internet Security 1836 C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

(verified) AVG Internet Security 412 C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

(verified) Backup Manager Module 1716 C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

(verified) Bonjour 1900 C:\Program Files\Bonjour\mDNSResponder.exe

(verified) Business Contact Manager for Microsoft 1872 C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

(verified) Firefox 5088 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(verified) Firefox 4456 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

(verified) Firefox 2852 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

(verified) Global Registration 1976 C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

(verified) Intuit Update Service 3992 C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

(verified) iTunes 4484 C:\Program Files (x86)\iTunes\iTunesHelper.exe

(verified) iTunes 4964 C:\Program Files\iPod\bin\iPodService.exe

(verified) LSI Soft Modem Call Progress Service 1760 C:\Program Files\LSI SoftModem\agr64svc.exe

(verified) mcci+McciCMService 840 C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

(verified) mcci+McciCMService 1440 C:\Program Files\Common Files\Motive\McciCMService.exe

(verified) Microsoft Office 2010 4236 C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE

(verified) Microsoft Office 2010 4228 C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

(verified) Microsoft OneNote 4260 C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

(verified) Microsoft SQL Server 2656 C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe

(verified) Microsoft® CoReXT 2176 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(verified) Microsoft® CoReXT 2312 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(verified) Microsoft® Windows® Operating System 2772 C:\Program Files\Windows Media Player\wmpnetwk.exe

(verified) Microsoft® Windows® Operating System 3848 C:\Windows\explorer.exe

(verified) Microsoft® Windows® Operating System 1384 C:\Windows\servicing\TrustedInstaller.exe

(verified) Microsoft® Windows® Operating System 848 C:\Windows\System32\csrss.exe

(verified) Microsoft® Windows® Operating System 728 C:\Windows\System32\csrss.exe

(verified) Microsoft® Windows® Operating System 4780 C:\Windows\System32\dllhost.exe

(verified) Microsoft® Windows® Operating System 2184 C:\Windows\System32\dwm.exe

(verified) Microsoft® Windows® Operating System 904 C:\Windows\System32\lsass.exe

(verified) Microsoft® Windows® Operating System 912 C:\Windows\System32\lsm.exe

(verified) Microsoft® Windows® Operating System 884 C:\Windows\System32\services.exe

(verified) Microsoft® Windows® Operating System 284 C:\Windows\System32\smss.exe

(verified) Microsoft® Windows® Operating System 1640 C:\Windows\System32\spoolsv.exe

(verified) Microsoft® Windows® Operating System 380 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 2144 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1104 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1020 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1680 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1496 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1416 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1404 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 3704 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1196 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 1156 C:\Windows\System32\svchost.exe

(verified) Microsoft® Windows® Operating System 3580 C:\Windows\System32\taskeng.exe

(verified) Microsoft® Windows® Operating System 1284 C:\Windows\System32\taskeng.exe

(verified) Microsoft® Windows® Operating System 2100 C:\Windows\System32\taskhost.exe

(verified) Microsoft® Windows® Operating System 824 C:\Windows\System32\wininit.exe

(verified) Microsoft® Windows® Operating System 1072 C:\Windows\System32\winlogon.exe

(verified) Microsoft® Windows® Operating System 3092 C:\Windows\System32\WUDFHost.exe

(verified) MobileDeviceService 1796 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(verified) Shockwave Flash 3144 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

(verified) Shockwave Flash 5128 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

(verified) ToolbarU Application 2152 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

(verified) VProtect Application 4380 C:\Program Files (x86)\AVG Secure Search\vprot.exe

(verified) Windows Live Family Safety Service 1936 C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

(verified) Windows® Internet Explorer 5336 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 5376 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Search 3220 C:\Windows\System32\SearchIndexer.exe

Network activity

----------------

Process svchost.exe (380) listens on ports: 135 (RPC)

Process wininit.exe (824) listens on ports: 49152 (RPC)

Process services.exe (884) listens on ports: 49156 (RPC)

Process lsass.exe (904) listens on ports: 49157 (RPC)

Process svchost.exe (1104) listens on ports: 49153 (RPC)

Process svchost.exe (1196) listens on ports: 49154 (RPC)

Process GregHSRW.exe (1976) listens on ports: 8093

Process wmpnetwk.exe (2772) listens on ports: 554 (RTSP)

Autoruns and critical files

---------------------------

(unsigned) Internet Explorer C:\Program Files (x86)\Internet Explorer

(unsigned) QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe

(unsigned) Wondershare Studio C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe

(verified) Adobe® Flash® Player Update Service C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

(verified) Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(verified) AVG Internet Security C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

(verified) iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe

(verified) Logitech SetPoint c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

(verified) Microsoft Office 2010 c:\program files (x86)\microsoft office\office14\grooveex.dll

(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE

(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

(verified) Microsoft OneNote C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

(verified) Microsoft® Windows® Operating System C:\Windows\system32\PhotoScreensaver.scr

(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

(verified) ROC_ROC_JULY_P1.exe C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe

(verified) VProtect Application C:\Program Files (x86)\AVG Secure Search\vprot.exe

Browser plugins

---------------

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

(unsigned) QuickTime Plug-in 7.7.1 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

(verified) Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll

(verified) Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

(verified) AVG Internet Security C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll

(verified) AVG Internet Security C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll

(verified) Bitdefender QuickScan C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

(verified) Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax64.dll

(verified) Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll

(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

(verified) Browser Guard 2011 c:\program files (x86)\trend micro\browser guard\x64\tmams64.dll

(verified) Browser Guard 2011 c:\program files (x86)\trend micro\browser guard\x64\tmieg64.dll

(verified) CouponNetwork Coupon Activator Netscape C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

(verified) CouponNetwork Coupon Activator Netscape C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll

(verified) Java Deployment Toolkit 6.0.230.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

(verified) Microsoft Office 2010 C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL

(verified) Microsoft Office 2010 c:\program files\microsoft office\office14\urlredir.dll

(verified) Microsoft® CoReXT C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL

(verified) Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

(verified) Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

(verified) Microsoft® Windows Media Player Firefox C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll

(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

(verified) Move Streaming Media Player C:\Users\Chuck\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll

(verified) NPSWF64_11_3_300_271.dll C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll

(verified) Pando Web Installer C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

(verified) ScrollApp c:\program files\logitech\scrollapp\logismooth.dll

(verified) Winamp Toolbar for Firefox Plugin Dynam C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

(verified) Windows® Internet Explorer C:\Windows\System32\ieframe.dll

Missing files

-------------

File not found: C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe

--> HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\"ROC_roc_dec12"

Scan

----

MD5: 9c2078437d6fc541bd268ba903f6aeb4 C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll

MD5: 47c3fa43f99202e2f92efa1eb9bdecf7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll

MD5: 484b0d16f7d2a1bf51e84d6a9636e0b1 C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\ACE.dll

MD5: 2a6d346451e4d8aa8650fbe7f0135099 C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\agent_stub.dll

MD5: af43c4f7f3c8bc95dad95024f96cdc4a C:\Program Files (x86)\QuickTime\QTTask.exe

MD5: b334fca2f0878c2af77826211dbe55bb C:\Windows\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll

MD5: 884258c8e81da9d65eed846ad611ce3c C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll

MD5: c2335d714efafffb4c7a3c164f2024b1 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MD5: 17fadecb631ff8dbe735ba33409885c2 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll

MD5: 26a68554f95a344b62e5771af598e0e8 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MD5: 3353b667e1ef7898b1b936ee631d9fe0 C:\Windows\System32\CNMLMA0.DLL

MD5: 4db7376155e964d49ae8296fa36f2290 C:\Windows\System32\CNMN6PPM.DLL

MD5: 0ce3dfa09526a8297cd5b9a895a7c8b2 C:\Windows\System32\spool\drivers\x64\3\CNMLHA0.DLL

MD5: 345709e87e47a9f028e8973aec9d3bc2 C:\Windows\System32\spool\prtprocs\x64\CNMPDA0.DLL

No file uploaded.

Scan finished - communication took 5 sec

Total traffic - 0.10 MB sent, 3.56 KB recvd

Scanned 2050 files and modules - 192 seconds

==============================================================================

Link to post
Share on other sites

Bitdefender scan result is good.

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Accept the EULA & Download the latest version of >> Windows Offline << from here
    or >> from here <<
    and save it to your desktop.
  • Given that you have a 64-bit Windows, get both the 32-bit & the 64-bit Windows java files.
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u7-windows-i586.exe to install the newest version.
    ( jre-7u7-windows-x64.exe also. This is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

2

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Control Panel's Program and Features, Un-install Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

3

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

4

Temporarily turn off your antivirus.

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy and Paste the MBAM scan log for review.

Turn on your antivirus.

You already have DDS report tool.

double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.50

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG Anti-Virus Free Edition 2012

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.62.0.1300

Java 7 Update 7

Adobe Flash Player 11.3.300.271 Flash Player out of Date!

Adobe Reader X (10.1.4)

Mozilla Firefox (15.0.1)

````````Process Check: objlist.exe by Laurent````````

AVG avgwdsvc.exe

AVG avgtray.exe

Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.09.08.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Chuck :: FAMILY-COMPUTER [administrator]

9/8/2012 3:23:18 PM

mbam-log-2012-09-08 (15-23-18).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 263788

Time elapsed: 4 minute(s), 8 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2

Run by Chuck at 15:32:08 on 2012-09-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.5818 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE

C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.myheritage.com

uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173601104204p2329u985408i17413

mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173601104204p2329u985408i17413

mStart Page = hxxp://search.myheritage.com

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

BHO: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Logitech Scroll App: {e11db59d-5008-42ff-9069-535843bc0be1} - C:\Program Files\Logitech\ScrollApp\32-bit\LogiSmooth.dll

BHO: TMIEGBHO Class: {f1ad4a42-ba52-47bc-89df-3f68f24c017f} - C:\Program Files (x86)\Trend Micro\Browser Guard\TMAMS.dll

TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: TMBGBAR TOOLBAR: {c8137a8d-415d-450c-a1b1-d0c519d45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File

{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [GrooveMonitor] C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE

mRun: [NPSStartup]

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\Users\Chuck\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: $talisma_url$

Trusted Zone: intuit.com\ttlc

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A646CD0A-B559-4556-811C-11FD9051927B} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{FE6DAEFC-AF23-460D-859D-53A6D4FBF792} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll

BHO-X64: Canon Easy-WebPrint EX BHO - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No File

BHO-X64: Windows Live Family Safety Browser Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

BHO-X64: {9F3209E2-334B-41E9-B09C-703F398742E7} - No File

BHO-X64: IEGBH0 - No File

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO-X64: Logitech Scroll App: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\ScrollApp\32-bit\LogiSmooth.dll

BHO-X64: TMIEGBHO Class: {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files (x86)\Trend Micro\Browser Guard\TMAMS.dll

BHO-X64: TMIEGBHO - No File

TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: TMBGBAR TOOLBAR: {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files (x86)\Trend Micro\Browser Guard\tmieg.dll

TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

TB-X64: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File

EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File

mRun-x64: [NPSStartup]

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={97BA5140-A1A4-465A-9BFD-0C39FA1774C6}&mid=dfc153ab53e9712624dcd3558e47908e-c48e441145dd1ac2c2658faa98ba5401f64420d4〈=en&ds=AVG&pr=fr&d=2012-05-06 10:39:05&v=12.2.5.32&sap=ku&q=

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - component: C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll

FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\npsitesafety.dll

FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Users\Chuck\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll

FF - plugin: C:\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 193288]

R2 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

R2 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]

R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-2-12 517632]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]

R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-21 240160]

R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-9-4 722528]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 cxpl_mhd;CX23885/7 PCI-E AvStream Video Capture (PalomarMHD);C:\Windows\system32\drivers\y_cx88x.sys --> C:\Windows\system32\drivers\y_cx88x.sys [?]

R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

R3 WSDScan;WSD Scan Support via UMB;C:\Windows\system32\DRIVERS\WSDScan.sys --> C:\Windows\system32\DRIVERS\WSDScan.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-23 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 250056]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-1 947528]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-23 136176]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 51740536]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\system32\DRIVERS\rtl819xp.sys --> C:\Windows\system32\DRIVERS\rtl819xp.sys [?]

S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\system32\DRIVERS\RTL85n64.sys --> C:\Windows\system32\DRIVERS\RTL85n64.sys [?]

S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);C:\Windows\system32\DRIVERS\sscebus.sys --> C:\Windows\system32\DRIVERS\sscebus.sys [?]

S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;C:\Windows\system32\DRIVERS\sscemdfl.sys --> C:\Windows\system32\DRIVERS\sscemdfl.sys [?]

S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;C:\Windows\system32\DRIVERS\sscemdm.sys --> C:\Windows\system32\DRIVERS\sscemdm.sys [?]

S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.Sys [2010-7-20 16448]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]

S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]

.

=============== Created Last 30 ================

.

2012-09-08 22:04:26 916456 ----a-w- C:\Windows\System32\deployJava1.dll

2012-09-08 22:04:26 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-09-08 22:04:16 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2012-09-08 22:00:02 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-09-08 21:59:49 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-08 16:54:11 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-09-08 16:54:11 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-09-08 16:48:59 -------- d-----w- C:\Program Files\Common Files\Bitdefender

2012-09-08 16:41:52 -------- d-----w- C:\Users\Chuck\AppData\Roaming\QuickScan

2012-09-07 16:14:39 -------- d-----w- C:\Users\Chuck\DoctorWeb

2012-09-07 00:31:32 -------- d-----w- C:\Program Files (x86)\ESET

2012-09-04 15:57:37 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2012-09-03 17:10:54 -------- d-----w- C:\Users\Chuck\AppData\Local\{A4530A9C-37B5-43A4-824E-2AD09D619DA2}

2012-09-03 17:08:29 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2012-09-03 17:06:46 -------- d-----w- C:\Users\Chuck\AppData\Local\{DFA62747-98CA-43E7-9721-0806CE2E5336}

2012-08-27 02:11:17 -------- d-----w- C:\Users\Chuck\AppData\Local\Microsoft Games

2012-08-24 20:26:44 -------- d-----w- C:\Users\Chuck\AppData\Local\Savings Sidekick

2012-08-24 19:04:11 -------- d-----w- C:\ProgramData\DivX

2012-08-15 23:29:31 503808 ----a-w- C:\Windows\System32\srcore.dll

2012-08-15 23:29:31 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

2012-08-15 23:29:23 751104 ----a-w- C:\Windows\System32\win32spl.dll

2012-08-15 23:29:23 67072 ----a-w- C:\Windows\splwow64.exe

2012-08-15 23:29:23 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2012-08-15 23:29:23 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-08-15 23:29:19 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-08-15 23:29:19 136704 ----a-w- C:\Windows\System32\browser.dll

2012-08-15 23:29:18 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-08-15 23:28:44 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-08-15 23:28:35 956928 ----a-w- C:\Windows\System32\localspl.dll

.

==================== Find3M ====================

.

2012-09-08 21:59:37 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-08-15 01:44:38 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-15 01:44:38 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2005-09-23 14:56:56 69632 ----a-w- C:\Program Files\mfcm80.dll

2005-09-23 14:56:36 479232 ----a-w- C:\Program Files\msvcm80.dll

2005-09-23 14:56:34 57344 ----a-w- C:\Program Files\mfcm80u.dll

2005-09-23 09:16:14 57344 ----a-w- C:\Program Files\MFC80ENU.dll

2005-09-23 09:16:14 1093632 ----a-w- C:\Program Files\mfc80.dll

2005-09-23 09:16:14 1079808 ----a-w- C:\Program Files\mfc80u.dll

2005-09-23 07:05:58 626688 ----a-w- C:\Program Files\msvcr80.dll

2005-09-23 07:05:58 548864 ----a-w- C:\Program Files\msvcp80.dll

2005-03-25 02:31:12 348672 ----a-w- C:\Program Files\msvcrt.dll

.

============= FINISH: 15:32:55.00 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 1/3/2010 10:42:29 PM

System Uptime: 9/8/2012 2:55:26 PM (1 hours ago)

.

Motherboard: Gateway | | RS780

Processor: AMD Phenom 9750 Quad-Core Processor | AM2 | 1200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 914 GiB total, 730.519 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&2A700557&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&2A700557&0

Service: i8042prt

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Realtek 8185 Extensible 802.11b/g Wireless Device

Device ID: PCI\VEN_10EC&DEV_8185&SUBSYS_822510EC&REV_20\4&2966AB86&0&28A4

Manufacturer: Realtek Semiconductor Corp

Name: Realtek 8185 Extensible 802.11b/g Wireless Device

PNP Device ID: PCI\VEN_10EC&DEV_8185&SUBSYS_822510EC&REV_20\4&2966AB86&0&28A4

Service: RTL85n64

.

==== System Restore Points ===================

.

RP324: 8/26/2012 10:34:58 AM - Installed Microsoft Outlook Hotmail Connector 64-bit

RP325: 9/3/2012 10:07:58 AM - Installed Microsoft SQL Server 2005 Compact Edition [ENU]

RP326: 9/3/2012 10:34:51 AM - Removed Sibelius Scorch (Firefox, Opera, Netscape only)

RP327: 9/8/2012 9:54:14 AM - Windows Update

RP328: 9/8/2012 2:48:33 PM - Removed Java 6 Update 23

RP329: 9/8/2012 2:58:54 PM - Installed Java 7 Update 7

RP330: 9/8/2012 3:03:49 PM - Installed Java 7 Update 7 (64-bit)

RP331: 9/8/2012 3:08:27 PM - Removed Adobe Reader 9.4.7 MUI.

.

==== Installed Programs ======================

.

.

7-Zip 4.65

A9CAD

Acrobat.com

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.6

Advertising Center

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Software Update

ATT-HSI

Backup Manager Advance

Browser Guard v3.0

CamBam

Canon Digital Camera Solution Disk 40-46 Software Starter Guide

Canon Easy-PhotoPrint EX

Canon Easy-WebPrint EX

Canon IJ Network Scan Utility

Canon IJ Network Tool

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon MP Navigator EX 3.0

Canon MP560 series User Registration

Canon My Printer

Canon Personal Printing Guide

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

Canon Utilities MyCamera

Canon Utilities MyCamera DC

Canon Utilities PhotoStitch

Canon Utilities RemoteCapture Task for ZoomBrowser EX

Canon Utilities Solution Menu

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CircuitMaker 2000 (Professional Edition)

CircuitMaker 2000 Service Pack 1

D3DX10

e-Sword

e-Sword Macros for Word 2010

eReg

ERUNT 1.1j

FX Configurator-EN

Gateway InfoCentre

Gateway MyBackup

Gateway Photo Frame 4.2.3.10

Gateway Recovery Management

Gateway Registration

Gateway ScreenSaver

Gateway Updater

Google Earth Plug-in

Google SketchUp 8

Google Update Helper

GX Developer-FX

Identity Card

ImagXpress

Img2CAD 7.1

Internet TV for Windows Media Center

Java 7 Update 7

Java Auto Updater

Junk Mail filter update

LazyCam 3.00.2

Mach3

Malwarebytes Anti-Malware version 1.62.0.1300

MediaMonkey 4.0

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 RsFx Driver

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Move Media Player

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyHeritage Family Tree Builder

NBC Direct

Nero 9 Essentials

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero StartSmart

Nero StartSmart Help

Nero StartSmart OEM

NeroExpress

neroxml

Pando Media Booster

Quicken 2004

Quicken 2010

QuickTime

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Service Pack 1 for SQL Server 2008 (KB968369)

Skype Click to Call

Skype™ 5.5

Solid Edge 2D Drafting ST4

Sql Server Customer Experience Improvement Program

swMSM

TurboTax 2009

TurboTax 2009 wcaiper

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wrapper

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VC80CRTRedist - 8.0.50727.6195

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

Wondershare Video Converter Ultimate(Build 5.7.5.4)

XProMill (Demo) 2.1.6

.

==== Event Viewer Messages From Past Week ========

.

9/8/2012 2:57:12 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

9/8/2012 2:56:02 PM, Error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.

9/4/2012 3:48:23 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

9/3/2012 12:59:56 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

9/3/2012 11:34:10 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

9/3/2012 11:32:33 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

9/3/2012 11:32:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

9/3/2012 11:32:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

9/3/2012 11:32:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

9/3/2012 11:32:26 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

9/3/2012 11:32:10 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache spldr VBoxDrv VBoxUSBMon Wanarpv6

9/3/2012 11:30:06 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

9/3/2012 11:24:26 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The data is invalid.

9/3/2012 11:24:25 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: A system shutdown is in progress.

9/3/2012 11:23:00 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.

.

==== End Of File ===========================

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member Ccarrell only. If you are a casual viewer, do NOT try this on your system!

If you are not Ccarrell and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop. {{Do not run it at this point. You will do that a bit later}}

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Using your mouse, Highlight and then Right-click | Copy the entire contents of the Code box below, including blank lines:

DDS:: 
BHO: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}
BHO: {9F3209E2-334B-41E9-B09C-703F398742E7}
TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}

Open a new Notepad session (Do not use a Word Processor or WordPad). Click "Format" and be certain that Word Wrap is not enabled. Right-click | Paste the Code box contents from above into Notepad. Click File, Save as..., and set the location to your Desktop, and enter (including quotation marks) as the filename: "CFscript.txt" . Using your mouse, drag the new file CFscript.txt and drop it on the ComboFix.exe icon (red-lion icon) as shown:

CFScript.gif

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Edited by Maurice Naggar
Link to post
Share on other sites

The adware no longer appears in Firefox. I opened several product websites such as newegg.com, amazon.com, walmart.com. ComboFix seems to have fixed it. Thank you very much for you help.

ComboFix 12-09-09.02 - Chuck 09/09/2012 14:32:17.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.5320 [GMT -7:00]

Running from: c:\users\Chuck\Desktop\ComboFix.exe

Command switches used :: c:\users\Chuck\Desktop\CFscript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files (x86)\Common Files\Help

c:\program files (x86)\Common Files\Help\_updated.js

c:\program files (x86)\Common Files\Help\qnue.chm

c:\program files (x86)\Common Files\Help\qnue.lif

c:\program files (x86)\Common Files\Help\qnue.lt3

c:\program files (x86)\Common Files\Help\qnue.rul

c:\program files (x86)\Common Files\Help\quicken.chm

c:\program files (x86)\Common Files\Help\quicken.lif

c:\program files (x86)\Common Files\Help\Quicken.lt3

c:\program files (x86)\Common Files\Help\Quicken.rul

c:\program files (x86)\Common Files\Help\quickenProject.lt3

c:\program files (x86)\Common Files\Help\quickenProject.rul

c:\programdata\xmlE5FD.tmp

c:\programdata\xmlE939.tmp

c:\programdata\xmlEAEE.tmp

c:\users\Chuck\AppData\Local\assembly\tmp

c:\users\Chuck\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2F168C67-6F6A-4789-8FEB-6BB6DF8F0A21}.xps

c:\users\Chuck\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4F646A46-AC8B-4335-8071-FDE88B4A3C5A}.xps

c:\users\Chuck\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BAA64290-43FC-42E6-B8C0-37C6A618866C}.xps

c:\users\Chuck\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C8A8BC3F-C085-4701-ABE2-4BD4277AD3AB}.xps

c:\users\Chuck\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EBF2BBD2-FC71-4815-9E65-92FEE6F01CA3}.xps

c:\users\Chuck\AppData\Local\Savings Sidekick

c:\users\Chuck\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx

c:\users\Chuck\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome.manifest

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome\content\background.html

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome\content\browser.xul

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome\content\crossrider.js

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome\content\crossriderapi.js

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome\content\dialog.js

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome\content\options.js

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome\content\options.xul

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome\content\search_dialog.xul

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome\content\update.html

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\defaults\preferences\prefs.js

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\install.rdf

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\locale\en-US\translations.dtd

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\button1.png

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\button2.png

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\button3.png

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\button4.png

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\button5.png

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\crossrider_statusbar.png

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\icon128.png

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\icon16.png

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\icon24.png

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\icon48.png

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\panelarrow-up.png

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\popup.css

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\popup.html

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\popup_binding.xml

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\skin.css

c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\update.css

c:\users\Chuck\AppData\Roaming\Smart Engine

c:\users\Chuck\AppData\Roaming\Smart Engine\cookies.sqlite

c:\users\Chuck\Documents\~WRL0373.tmp

c:\users\Chuck\Documents\~WRL2201.tmp

c:\users\Mommy\Documents\~WRL0912.tmp

c:\users\Mommy\Documents\~WRL1434.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))

.

.

2012-09-08 22:04 . 2012-09-08 22:04 916456 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-08 22:04 . 2012-09-08 22:04 289768 ----a-w- c:\windows\system32\javaws.exe

2012-09-08 22:04 . 2012-09-08 22:04 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-08 22:04 . 2012-09-08 22:04 189416 ----a-w- c:\windows\system32\javaw.exe

2012-09-08 22:04 . 2012-09-08 22:04 188904 ----a-w- c:\windows\system32\java.exe

2012-09-08 22:04 . 2012-09-08 22:04 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2012-09-08 22:04 . 2012-09-08 22:04 -------- d-----w- c:\program files\Java

2012-09-08 22:00 . 2012-09-08 22:00 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-09-08 22:00 . 2012-09-08 21:59 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-09-08 21:59 . 2012-09-08 21:59 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-08 16:54 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-09-08 16:54 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-09-08 16:48 . 2012-09-08 16:48 -------- d-----w- c:\program files\Common Files\Bitdefender

2012-09-08 16:41 . 2012-09-08 22:59 -------- d-----w- c:\users\Chuck\AppData\Roaming\QuickScan

2012-09-07 16:14 . 2012-09-07 18:14 -------- d-----w- c:\users\Chuck\DoctorWeb

2012-09-07 00:31 . 2012-09-07 00:31 -------- d-----w- c:\program files (x86)\ESET

2012-09-06 23:56 . 2012-09-06 23:56 -------- d-----w- c:\program files (x86)\ERUNT

2012-09-04 15:57 . 2012-09-04 15:57 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-09-03 17:08 . 2012-09-03 17:08 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition

2012-08-27 02:11 . 2012-08-27 02:12 -------- d-----w- c:\users\Chuck\AppData\Local\Microsoft Games

2012-08-24 20:16 . 2012-08-25 15:37 -------- d-----w- c:\program files (x86)\Real

2012-08-24 19:09 . 2012-08-24 19:09 -------- d-----w- c:\users\Chuck\AppData\Roaming\DivX

2012-08-24 19:04 . 2012-08-25 15:40 -------- d-----w- c:\programdata\DivX

2012-08-15 23:29 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-15 23:29 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-15 23:29 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-08-15 23:29 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-15 23:29 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe

2012-08-15 23:29 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-08-15 23:29 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-08-15 23:29 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll

2012-08-15 23:29 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll

2012-08-15 23:29 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-08-15 23:28 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 23:28 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-08 21:59 . 2011-02-10 21:48 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-16 10:00 . 2010-01-08 07:13 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-08-15 01:44 . 2012-04-24 14:45 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-15 01:44 . 2011-09-19 23:49 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-03 20:46 . 2011-03-11 01:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2005-09-23 14:56 . 2011-12-23 01:10 69632 ----a-w- c:\program files\mfcm80.dll

2005-09-23 14:56 . 2011-12-23 01:10 479232 ----a-w- c:\program files\msvcm80.dll

2005-09-23 14:56 . 2011-12-23 01:10 57344 ----a-w- c:\program files\mfcm80u.dll

2005-09-23 09:16 . 2011-12-23 01:10 57344 ----a-w- c:\program files\MFC80ENU.dll

2005-09-23 09:16 . 2011-12-23 01:10 1093632 ----a-w- c:\program files\mfc80.dll

2005-09-23 09:16 . 2011-12-23 01:10 1079808 ----a-w- c:\program files\mfc80u.dll

2005-09-23 07:05 . 2011-12-23 01:10 626688 ----a-w- c:\program files\msvcr80.dll

2005-09-23 07:05 . 2011-12-23 01:10 548864 ----a-w- c:\program files\msvcp80.dll

2005-03-25 02:31 . 2011-12-23 01:10 348672 ----a-w- c:\program files\msvcrt.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-09-04 15:57 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-09-04 1734240]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-18 911160]

"GrooveMonitor"="c:\program files\Microsoft Office\Office14\GROOVEMN.EXE" [2011-02-05 1371528]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-04 947808]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

.

c:\users\Chuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 245120]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-05 5160568]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 136176]

R2 mrtRate;mrtRate; [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-03-18 947528]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 136176]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2009-07-03 607232]

R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [2010-03-23 2061856]

R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS [2009-06-10 411136]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-04-27 127488]

R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-04-27 18944]

R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-04-27 161280]

R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2011-02-18 45616]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-20 1255736]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]

R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-02-18 228272]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-02-18 56688]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]

S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-11-18 517632]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-12 62208]

S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]

S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 cxpl_mhd;CX23885/7 PCI-E AvStream Video Capture (PalomarMHD);c:\windows\system32\drivers\y_cx88x.sys [2009-06-22 714752]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-02-18 156080]

S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-02-18 175664]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 01:44]

.

2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 10:55]

.

2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 10:55]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.myheritage.com

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://search.myheritage.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

Trusted Zone: $talisma_url$

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.1.254

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll

FF - ProfilePath - c:\users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={97BA5140-A1A4-465A-9BFD-0C39FA1774C6}&mid=dfc153ab53e9712624dcd3558e47908e-c48e441145dd1ac2c2658faa98ba5401f64420d4〈=en&ds=AVG&pr=fr&d=2012-05-06 10:39&v=12.2.5.32&sap=ku&q=

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

Toolbar-Locked - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

Wow6432Node-HKLM-Run-NPSStartup - (no file)

Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe

Toolbar-Locked - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Microsoft SQL Server 10 - c:\program files (x86)\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe

AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E} - c:\program files (x86)\Pando Networks\Media Booster\uninst.exe

AddRemove-{317FEBDE-0F3B-4E4C-B183-70AFACD318E1} - c:\users\Chuck\AppData\Local\{1B27CC5E-FD6E-4B58-A2EF-347BAF18837A}\Blueberry PDF Form Filler Setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Windows Live\Family Safety\fsssvc.exe

c:\program files (x86)\Common Files\Motive\McciCMService.exe

c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe

c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files (x86)\Java\jre7\bin\javaws.exe

c:\program files (x86)\Java\jre7\bin\javaw.exe

.

**************************************************************************

.

Completion time: 2012-09-09 14:52:39 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-09 21:52

.

Pre-Run: 824,469,307,392 bytes free

Post-Run: 824,358,178,816 bytes free

.

- - End Of File - - 88BBB63CD46DEF0C114EB13F4EBDE275

Link to post
Share on other sites

2012-09-09 21:51:26 . 2012-09-09 21:51:26 572 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{317FEBDE-0F3B-4E4C-B183-70AFACD318E1}.reg.dat

2012-09-09 21:51:25 . 2012-09-09 21:51:25 1,832 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-{980A182F-E0A2-4A40-94C1-AE0C1235902E}.reg.dat

2012-09-09 21:51:25 . 2012-09-09 21:51:25 1,300 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Microsoft SQL Server 10.reg.dat

2012-09-09 21:51:25 . 2012-09-09 21:51:25 1,380 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-Adobe Shockwave Player.reg.dat

2012-09-09 21:51:16 . 2012-09-09 21:51:16 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}.reg.dat

2012-09-09 21:51:16 . 2012-09-09 21:51:16 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat

2012-09-09 21:51:16 . 2012-09-09 21:51:16 92 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Toolbar-Locked.reg.dat

2012-09-09 21:50:57 . 2012-09-09 21:50:57 202 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-ROC_roc_dec12.reg.dat

2012-09-09 21:50:57 . 2012-09-09 21:50:57 109 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-HKLM-Run-NPSStartup.reg.dat

2012-09-09 21:50:55 . 2012-09-09 21:50:55 144 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829}.reg.dat

2012-09-09 21:50:55 . 2012-09-09 21:50:55 104 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-Toolbar-Locked.reg.dat

2012-09-09 21:50:53 . 2012-09-09 21:50:53 118 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Wow6432Node-URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C}.reg.dat

2012-09-09 21:36:05 . 2012-09-09 21:36:05 8,518 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg

2012-09-09 21:31:54 . 2012-09-09 21:31:54 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt

2012-09-09 21:30:09 . 2012-09-09 21:30:09 51 ----a-w- C:\Qoobox\Quarantine\catchme.log

2012-08-31 00:24:03 . 2012-08-31 02:37:26 2,399 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome\content\search_dialog.xul.vir

2012-08-31 00:24:03 . 2012-08-31 02:37:26 4,677 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\icon48.png.vir

2012-08-31 00:24:03 . 2012-08-31 02:37:26 917 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\panelarrow-up.png.vir

2012-08-31 00:24:03 . 2012-08-31 02:37:26 1,839 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome\content\options.js.vir

2012-08-31 00:24:03 . 2012-08-31 02:37:26 425 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\locale\en-US\translations.dtd.vir

2012-08-31 00:24:03 . 2012-08-31 02:37:26 396 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome.manifest.vir

2012-08-31 00:24:03 . 2012-08-31 02:37:26 1,382 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\defaults\preferences\prefs.js.vir

2012-08-31 00:24:03 . 2012-08-31 02:37:26 51,529 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome\content\crossrider.js.vir

2012-08-31 00:24:03 . 2012-08-31 02:37:26 140 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\update.css.vir

2012-08-31 00:24:03 . 2012-08-31 02:37:26 382 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\popup_binding.xml.vir

2012-08-31 00:24:02 . 2012-08-31 02:37:26 31,413 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome\content\crossriderapi.js.vir

2012-08-31 00:24:02 . 2012-08-31 02:37:26 1,298 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome\content\dialog.js.vir

2012-08-31 00:24:02 . 2012-08-31 02:37:26 3,326 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\icon16.png.vir

2012-08-31 00:24:02 . 2012-08-31 02:37:26 1,621 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome\content\browser.xul.vir

2012-08-31 00:24:02 . 2012-08-31 02:37:26 1,361 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\button1.png.vir

2012-08-31 00:24:02 . 2012-08-31 02:37:26 300 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\popup.html.vir

2012-08-31 00:24:02 . 2012-08-31 02:37:26 3,939 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\icon24.png.vir

2012-08-31 00:24:02 . 2012-08-31 02:37:26 1,361 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\crossrider_statusbar.png.vir

2012-08-31 00:24:02 . 2012-08-31 02:37:26 1,361 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\button2.png.vir

2012-08-31 00:24:02 . 2012-08-31 02:37:26 1,361 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\button3.png.vir

2012-08-31 00:24:02 . 2012-08-31 02:37:26 1,873 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome\content\options.xul.vir

2012-08-31 00:24:02 . 2012-08-31 02:37:26 1,074 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\install.rdf.vir

2012-08-31 00:24:02 . 2012-08-31 02:37:26 1,361 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\button4.png.vir

2012-08-31 00:24:02 . 2012-08-31 02:37:26 1,361 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\button5.png.vir

2012-08-31 00:24:02 . 2012-08-31 02:37:26 1,791 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome\content\update.html.vir

2012-08-31 00:24:02 . 2012-08-31 02:37:26 1,171 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\chrome\content\background.html.vir

2012-08-31 00:24:02 . 2012-08-31 02:37:26 816 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\skin.css.vir

2012-08-31 00:24:02 . 2012-08-31 02:37:26 534 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\popup.css.vir

2012-08-31 00:24:02 . 2012-08-31 02:37:26 4,418 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Mozilla\Firefox\Profiles\b6pnqe7i.default\extensions\crossriderapp5060@crossrider.com\skin\icon128.png.vir

2012-08-28 21:03:40 . 2012-08-28 21:11:21 13,382 ----a-w- C:\Qoobox\Quarantine\C\Users\Mommy\Documents\~WRL1434.tmp.vir

2012-08-28 20:45:49 . 2012-08-28 21:27:54 14,185 ----a-w- C:\Qoobox\Quarantine\C\Users\Mommy\Documents\~WRL0912.tmp.vir

2012-08-22 08:12:08 . 2012-08-22 08:12:08 42,439 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx.vir

2012-04-27 16:15:17 . 2012-04-27 16:18:31 65,462 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\Documents\~WRL0373.tmp.vir

2011-03-15 23:36:58 . 2011-03-15 23:36:58 2,263 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\xmlEAEE.tmp.vir

2011-03-15 23:36:57 . 2011-03-15 23:36:58 13,454 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\xmlE939.tmp.vir

2011-03-15 23:36:56 . 2011-03-15 23:36:57 7,415 ----a-w- C:\Qoobox\Quarantine\C\ProgramData\xmlE5FD.tmp.vir

2011-01-25 02:00:12 . 2011-01-25 02:00:12 46,556 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BAA64290-43FC-42E6-B8C0-37C6A618866C}.xps.vir

2011-01-25 01:59:52 . 2011-01-25 01:59:52 46,556 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Local\Microsoft\Windows\Temporary Internet Files\{4F646A46-AC8B-4335-8071-FDE88B4A3C5A}.xps.vir

2011-01-25 01:57:56 . 2011-01-25 01:57:56 46,556 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2F168C67-6F6A-4789-8FEB-6BB6DF8F0A21}.xps.vir

2011-01-25 01:54:39 . 2011-01-25 01:54:39 46,138 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C8A8BC3F-C085-4701-ABE2-4BD4277AD3AB}.xps.vir

2011-01-06 20:02:16 . 2011-01-06 20:02:16 207,831 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Local\Microsoft\Windows\Temporary Internet Files\{EBF2BBD2-FC71-4815-9E65-92FEE6F01CA3}.xps.vir

2010-10-12 21:46:50 . 2010-10-13 10:08:51 609,280 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Smart Engine\cookies.sqlite.vir

2010-10-12 21:15:07 . 2010-10-12 21:15:07 46 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp.vir

2010-10-02 05:11:34 . 2010-10-02 05:11:35 14,973 ----a-w- C:\Qoobox\Quarantine\C\Users\Chuck\Documents\~WRL2201.tmp.vir

2010-03-03 21:29:30 . 2010-03-03 01:26:54 58,596 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\Quicken.lt3.vir

2010-03-03 21:29:30 . 2010-03-03 01:26:54 66,794 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\Quicken.rul.vir

2010-03-03 21:29:30 . 2010-03-03 01:26:54 58,592 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\quickenProject.lt3.vir

2010-03-03 21:29:30 . 2010-03-03 01:26:54 66,794 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\quickenProject.rul.vir

2010-03-03 21:29:30 . 2010-03-03 01:26:54 6,536 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\_updated.js.vir

2010-03-03 21:29:28 . 2010-03-03 01:26:52 58,592 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\qnue.lt3.vir

2010-03-03 21:29:28 . 2010-03-03 01:26:52 66,794 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\qnue.rul.vir

2010-03-03 21:29:28 . 2010-04-17 03:03:44 1,608,744 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\quicken.chm.vir

2010-03-03 21:29:28 . 2010-03-03 01:26:54 4,095,607 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\quicken.lif.vir

2010-03-03 21:29:26 . 2010-03-03 01:26:52 4,095,607 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\qnue.lif.vir

2010-03-03 21:29:24 . 2010-04-17 03:03:42 1,608,744 ----a-w- C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\qnue.chm.vir

2007-11-07 15:03:18 . 2007-11-07 15:03:18 562,688 ----a-w- C:\Qoobox\Quarantine\C\install.exe.vir

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for ccarrell only. If you are a casual viewer, do NOT try this on your system!

If you are not ccarrell and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

For help reference, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

2. Open notepad and copy/paste the text in the quotebox below into it:

DEQUARANTINE::
C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\Quicken.lt3.vir
C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\Quicken.rul.vir
C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\quickenProject.lt3.vir
C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\quickenProject.rul.vir
C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\qnue.lt3.vir
C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\qnue.rul.vir
C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\quicken.chm.vir
C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\quicken.lif.vir
C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\qnue.lif.vir
C:\Qoobox\Quarantine\C\Program Files (x86)\Common Files\Help\qnue.chm.vir
QUIT::

Save this as CFScript.txt, in the same location as ComboFix.exe

3. Close any (all) open browsers.

4:

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Re-Enable your antivirus program.

and tell me, How is your system now ?

Link to post
Share on other sites

OK. The dequarantine worked as intended. That has put back some Quicken help files which, imho, should not have been moved. You should be in good shape with Quicken.

To de-install Flash Player

Use Programs and Features (Windows 7 & Vista) or Add-or-Remove Programs (Windows XP) to de-install older versions of Flash Player.

For stubborn cases,

Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

If you have Windows 64-bit, use this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<

Close all browsers and instant messenger (IM) programs.

Run the uninstaller.

To get latest Flash Player

Go to http://www.adobe.com/go/getflash

and get the latest Flash Player

Un-Check any checkbox for McAfee Security Scan Plus, or Google or any other widget or toolbar !!!

Reference: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

http://support.microsoft.com/kb/827218

Now, please advise if "savings sidekick" is gone ?

How is the system now ?

Link to post
Share on other sites

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix icon_exclaim.gif),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Highlight the line in this CODEBOX.
    Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
    c:\users\Chuck\Desktop\ComboFix.exe /uninstall


  • Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
    Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
    Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

DrWeb Cure-It

SecurityCheck.exe

Use Control Panel >> Programs and Features and select & Uninstall the following

ESET Online scanner

BitDefender Quickscan

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites

There was an issue with command prompt. I was unable to perform the steps after opening it. No user account control prompt came up to ask for any changes. I did the ctrl+shift+enter. It opened the same as if hitting enter or clicking on it. Even right clicking and selecting "run as administrator" showed no difference, and still with the same results. I pasted (c:\users\Chuck\Desktop\ComboFix.exe /uninstall) in the command line and it erred.

post-117615-0-77302600-1347589765.jpg

post-117615-0-70856800-1347589766.jpg

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.