1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Lavasoft securesearch

Discussion in 'Virus & Other Malware Removal' started by red43560, Mar 6, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    follow advice here and post the logs those programs make
     
  2. red43560

    red43560 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    22
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:58:13 AM, on 3/15/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Fingerprint Sensor\AtService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\drivers\audio\r213367\stacsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\SN0XRCV.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Google\Drive\googledrivesync.exe
    C:\Documents and Settings\Chris\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe
    C:\Program Files\Google\Drive\googledrivesync.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\Chris\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securesearch.lavasoft.com/?s...retb&v=2_5&u=472D5C3109B5DBDCE2CBED5135D96D9F
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/USREL/1
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
    R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [SN0XRCV] C:\WINDOWS\system32\spool\drivers\w32x86\3\SN0XRCV.exe
    O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SearchProtection] C:\Documents and Settings\All Users\Application Data\Search Protection\_run.bat
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Sticky-Notes] C:\Program Files\Sticky-Notes\stickynotes.exe
    O4 - HKCU\..\Run: [Spotify] "C:\Documents and Settings\Chris\Application Data\Spotify\Spotify.exe" /uri spotify:autostart
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Chris\Application Data\Dropbox\bin\Dropbox.exe
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Web-Based Email Tools - http://email02.secureserver.net/Download.CAB
    O16 - DPF: {02ED726B-6517-4245-8E46-233E4B91CEE3} (Bo6bootstrap Control) - https://pmol-busobj02.pledgemaker.com/wijsp/distribution/install.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243955004859
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com/cp/install/Crusher.cab
    O16 - DPF: {EE6DD3BD-B5E5-4A05-9FF2-9DB265522F0E} (ZaboCheckAndRunControl Class) - https://pmol-busobj02.pledgemaker.com/wijsp/distribution/ZaboIEen.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/html - {bbb7e2e0-5dfa-450e-91af-2775dd181d5c} - C:\WINDOWS\system32\xwreg32.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: a-squared Free Service (a2free) - Unknown owner - C:\DOCUME~1\CHRIS\LOCALS~1\TEMP\A2FREE\a2service.exe (file missing)
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AuthenTec Fingerprint Service (ATService) - AuthenTec, Inc. - C:\Program Files\Fingerprint Sensor\AtService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Broadcom Management Agent (BrcmMgmtAgent) - Broadcom Corporation - C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
    O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r213367\stacsv.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 15854 bytes
     
  3. red43560

    red43560 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    22
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.17.2
    Run by Chris at 7:01:43 on 2013-03-15
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3539.2516 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ================
    .
    \??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    \??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\Fingerprint Sensor\AtService.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\drivers\audio\r213367\stacsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\SN0XRCV.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Google\Drive\googledrivesync.exe
    C:\Documents and Settings\Chris\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Google\Drive\googledrivesync.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=472D5C3109B5DBDCE2CBED5135D96D9F
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uSearch Page = hxxp://www.google.com
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uProxyServer = :0
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - c:\program files\avg\avg2012\avgdtiex.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "c:\documents and settings\chris\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Sticky-Notes] c:\program files\sticky-notes\stickynotes.exe
    uRun: [Spotify] "c:\documents and settings\chris\application data\spotify\Spotify.exe" /uri spotify:autostart
    uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
    mRun: [AESTFltr] c:\windows\system32\AESTFltr.exe /NoDlg
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
    mRun: [SN0XRCV] c:\windows\system32\spool\drivers\w32x86\3\SN0XRCV.exe
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SearchProtection] c:\documents and settings\all users\application data\search protection\_run.bat
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\docume~1\chris\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\chris\application data\dropbox\bin\Dropbox.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: Web-Based Email Tools - hxxp://email02.secureserver.net/Download.CAB
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {02ED726B-6517-4245-8E46-233E4B91CEE3} - hxxps://pmol-busobj02.pledgemaker.com/wijsp/distribution/install.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243955004859
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://www.imgag.com/cp/install/Crusher.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {EE6DD3BD-B5E5-4A05-9FF2-9DB265522F0E} - hxxps://pmol-busobj02.pledgemaker.com/wijsp/distribution/ZaboIEen.cab
    TCP: NameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{E03FB336-7928-4D43-B1D3-7931A06BFA2D} : DHCPNameServer = 209.18.47.61 209.18.47.62
    Filter: text/html - {bbb7e2e0-5dfa-450e-91af-2775dd181d5c} -
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 31952]
    R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-3-5 13560]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 250080]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 41040]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 301920]
    R1 SASDIFSV;SASDIFSV;c:\docume~1\chris\locals~1\temp\superas\SASDIFSV.SYS [2009-6-2 8944]
    R1 SASKUTIL;SASKUTIL;c:\docume~1\chris\locals~1\temp\superas\SASKUTIL.sys [2009-6-2 55024]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-6-27 1664248]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-11-2 5174392]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 193288]
    R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2008-7-1 110592]
    R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-12-6 214896]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-3-3 450848]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-5-4 112512]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 142176]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-5-4 109568]
    R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2012-4-10 25856]
    S2 a2free;a-squared Free Service;"c:\docume~1\chris\locals~1\temp\a2free\a2service.exe" --> c:\docume~1\chris\locals~1\temp\a2free\a2service.exe [?]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys --> c:\windows\system32\drivers\motfilt.sys [?]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys --> c:\windows\system32\drivers\motccgp.sys [?]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys --> c:\windows\system32\drivers\motccgpfl.sys [?]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\motousbnet.sys --> c:\windows\system32\drivers\Motousbnet.sys [?]
    S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]
    S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-2-5 13312]
    S3 SASENUM;SASENUM;c:\docume~1\chris\locals~1\temp\superas\SASENUM.SYS [2009-6-2 7408]
    .
    =============== Created Last 30 ================
    .
    2013-03-14 10:35:26 155 ----a-w- c:\windows\DeleteOnReboot.bat
    2013-03-12 10:36:42 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-03-05 11:44:19 -------- d-----w- c:\documents and settings\chris\application data\LavasoftStatistics
    2013-03-05 11:38:39 44424 ----a-w- c:\windows\system32\sbbd.exe
    2013-03-05 11:38:39 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
    2013-02-16 21:10:09 -------- d-----r- c:\program files\Skype
    .
    ==================== Find3M ====================
    .
    2013-03-14 01:07:15 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-03-14 01:07:15 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-03-12 10:36:32 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-03-12 10:36:32 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-03-12 10:36:32 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-02-05 20:05:47 916480 ----a-w- c:\windows\system32\wininet.dll
    2013-02-05 20:05:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-02-05 20:05:46 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-02-05 05:53:57 385024 ----a-w- c:\windows\system32\html.iec
    2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-07 01:32:34 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:45:12 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:32:36 1876224 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    .
    ============= FINISH: 7:02:49.25 ===============
     
  4. red43560

    red43560 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    22
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/28/2009 3:06:20 PM
    System Uptime: 3/15/2013 6:53:30 AM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0DW634
    Processor: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz | Microprocessor | 2370/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 93.7 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP382: 12/10/2012 8:29:09 AM - System Checkpoint
    RP383: 12/11/2012 5:34:10 PM - System Checkpoint
    RP384: 12/11/2012 11:00:43 PM - Software Distribution Service 3.0
    RP385: 12/13/2012 7:54:02 AM - Software Distribution Service 3.0
    RP386: 12/15/2012 11:00:56 AM - System Checkpoint
    RP387: 12/16/2012 11:13:41 AM - System Checkpoint
    RP388: 12/17/2012 7:39:13 PM - System Checkpoint
    RP389: 12/20/2012 5:29:14 PM - System Checkpoint
    RP390: 12/20/2012 11:00:15 PM - Software Distribution Service 3.0
    RP391: 12/27/2012 7:04:13 PM - System Checkpoint
    RP392: 12/29/2012 10:02:10 AM - System Checkpoint
    RP393: 12/31/2012 3:00:38 PM - System Checkpoint
    RP394: 1/1/2013 3:49:51 PM - System Checkpoint
    RP395: 1/2/2013 7:00:03 PM - System Checkpoint
    RP396: 1/4/2013 11:00:14 PM - Software Distribution Service 3.0
    RP397: 1/6/2013 1:47:56 PM - System Checkpoint
    RP398: 1/7/2013 6:24:46 PM - System Checkpoint
    RP399: 1/9/2013 7:14:07 PM - System Checkpoint
    RP400: 1/9/2013 11:12:37 PM - Software Distribution Service 3.0
    RP401: 1/12/2013 9:52:00 AM - System Checkpoint
    RP402: 1/13/2013 2:53:07 PM - System Checkpoint
    RP403: 1/14/2013 11:00:15 PM - Software Distribution Service 3.0
    RP404: 1/17/2013 7:16:29 PM - Installed Java 7 Update 11
    RP405: 1/18/2013 10:20:06 PM - System Checkpoint
    RP406: 1/21/2013 7:48:05 AM - System Checkpoint
    RP407: 1/22/2013 8:26:55 PM - System Checkpoint
    RP408: 1/24/2013 8:11:08 PM - System Checkpoint
    RP409: 1/26/2013 4:24:32 PM - System Checkpoint
    RP410: 1/27/2013 5:36:12 PM - System Checkpoint
    RP411: 1/28/2013 7:35:13 PM - System Checkpoint
    RP412: 1/29/2013 8:44:30 PM - System Checkpoint
    RP413: 1/31/2013 8:30:30 PM - System Checkpoint
    RP414: 2/2/2013 1:09:29 PM - Removed Java 7 Update 7
    RP415: 2/2/2013 1:09:45 PM - Installed Java 7 Update 13
    RP416: 2/3/2013 5:35:26 PM - System Checkpoint
    RP417: 2/5/2013 8:20:03 PM - System Checkpoint
    RP418: 2/8/2013 7:54:59 PM - System Checkpoint
    RP419: 2/9/2013 8:28:40 PM - System Checkpoint
    RP420: 2/11/2013 1:17:26 AM - System Checkpoint
    RP421: 2/12/2013 1:39:10 AM - System Checkpoint
    RP422: 2/13/2013 1:43:48 AM - System Checkpoint
    RP423: 2/13/2013 6:02:21 AM - Software Distribution Service 3.0
    RP424: 2/13/2013 11:00:17 PM - Software Distribution Service 3.0
    RP425: 2/15/2013 6:04:37 PM - System Checkpoint
    RP426: 2/18/2013 8:00:01 AM - System Checkpoint
    RP427: 2/20/2013 6:22:50 AM - System Checkpoint
    RP428: 2/21/2013 8:33:34 PM - Removed Java 7 Update 13
    RP429: 2/21/2013 8:33:50 PM - Installed Java 7 Update 15
    RP430: 2/26/2013 7:47:06 PM - System Checkpoint
    RP431: 2/28/2013 7:06:08 PM - System Checkpoint
    RP432: 3/2/2013 2:04:28 PM - System Checkpoint
    RP433: 3/3/2013 2:42:02 PM - System Checkpoint
    RP434: 3/4/2013 11:10:11 PM - System Checkpoint
    RP435: 3/5/2013 6:54:11 AM - Removed Ad-Aware Antivirus.
    RP436: 3/6/2013 7:54:30 AM - Restore Operation
    RP437: 3/8/2013 8:37:18 PM - System Checkpoint
    RP438: 3/12/2013 6:36:11 AM - Removed Java 7 Update 15
    RP439: 3/12/2013 6:36:26 AM - Installed Java 7 Update 17
    RP440: 3/12/2013 11:00:17 PM - Software Distribution Service 3.0
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Add or Remove Adobe Creative Suite 3 Master Collection
    Adobe Acrobat 8 Professional
    Adobe Acrobat 8.1.5 - CPSID_49013
    Adobe Acrobat 8.1.5 Professional
    Adobe After Effects CS3
    Adobe After Effects CS3 Presets
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe BridgeTalk Plugin CS3
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Creative Suite 3 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Extension Manager CS3
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 9 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe InDesign CS3
    Adobe InDesign CS3 Icon Handler
    Adobe Linguistics CS3
    Adobe MotionPicture Color Files
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader X (10.1.4)
    Adobe Setup
    Adobe SING CS3
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe Video Profiles
    Adobe WAS CS3
    Adobe WinSoft Linguistics Plugin
    Adobe XMP DVA Panels CS3
    Adobe XMP Panels CS3
    AHV content for Acrobat and Flash
    All Day Battery Life Configuration
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Software Update
    AuthenTec Fingerprint System
    AVG 2012
    BioAPI Framework
    Broadcom Management Programs
    CameraHelperMsi
    Choice Guard
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Driver Download Manager
    Dell Touchpad
    Digital Clock
    Dropbox
    erLT
    Family Tree Maker 2011
    FLV Player 2.0 (build 25)
    Google Chrome
    Google Drive
    Google Earth Plug-in
    Google Quick Search Box
    Google Talk (remove only)
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 5.1.0.880
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB2756822)
    Hotfix for Windows XP (KB2779562)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB945436)
    Hotfix for Windows XP (KB949764)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB953955)
    Hotfix for Windows XP (KB954434)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB958347)
    Hotfix for Windows XP (KB959252)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    InterActual Player
    Java 7 Update 17
    Java Auto Updater
    Java(TM) 6 Update 31
    JavaFX 2.1.1
    join.me
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Twitter
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2742597)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Visio 2007 Service Pack 3 (SP3)
    Microsoft Office Visio MUI (English) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft WinUsb 1.0
    Microsoft WSE 3.0 Runtime
    MotoHelper 2.1.32 Driver 5.4.0
    MotoHelper MergeModules
    Motorola Mobile Drivers Installation 5.4.0
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6.0 Parser (KB933579)
    OGA Notifier 2.0.0048.0
    Pandora
    PDF-XChange 3
    PDF Settings
    PowerDVD
    Quicken 2010
    QuickTime
    Roxio Activation Module
    Roxio Creator Audio
    Roxio Creator BDAV Plugin
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Drag-to-Disc
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB2809289)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Encoder (KB2447961)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2621440)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2641653)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2647518)
    Security Update for Windows XP (KB2653956)
    Security Update for Windows XP (KB2655992)
    Security Update for Windows XP (KB2659262)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB2676562)
    Security Update for Windows XP (KB2685939)
    Security Update for Windows XP (KB2686509)
    Security Update for Windows XP (KB2691442)
    Security Update for Windows XP (KB2695962)
    Security Update for Windows XP (KB2698365)
    Security Update for Windows XP (KB2705219)
    Security Update for Windows XP (KB2707511)
    Security Update for Windows XP (KB2709162)
    Security Update for Windows XP (KB2712808)
    Security Update for Windows XP (KB2718523)
    Security Update for Windows XP (KB2719985)
    Security Update for Windows XP (KB2723135)
    Security Update for Windows XP (KB2724197)
    Security Update for Windows XP (KB2727528)
    Security Update for Windows XP (KB2731847)
    Security Update for Windows XP (KB2753842-v2)
    Security Update for Windows XP (KB2753842)
    Security Update for Windows XP (KB2757638)
    Security Update for Windows XP (KB2758857)
    Security Update for Windows XP (KB2761226)
    Security Update for Windows XP (KB2770660)
    Security Update for Windows XP (KB2778344)
    Security Update for Windows XP (KB2779030)
    Security Update for Windows XP (KB2780091)
    Security Update for Windows XP (KB2799494)
    Security Update for Windows XP (KB2802968)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SHARP MX/DX Series PC-Fax Driver
    SHARP MX/DX Series PCL/PS Printer Driver
    Skype&#8482; 6.1
    Sonic CinePlayer Decoder Pack
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2661254-v2)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB2736233)
    Update for Windows XP (KB2749655)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    UPEK TouchChip Fingerprint Reader
    WebFldrs XP
    Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (06/12/2008 8.1.0.51)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Encoder 9 Series
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Search 4.0
    WinRAR archiver
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Messenger
    Yahoo! Software Update
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/8/2013 8:01:39 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PBADRV
    3/8/2013 8:01:30 PM, error: Service Control Manager [7000] - The a-squared Free Service service failed to start due to the following error: The system cannot find the path specified.
    3/12/2013 11:02:16 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
    3/12/2013 11:02:16 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/12/2013 11:02:16 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    .
    ==== End Of File ===========================
     
  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    ok I se what needs fixing

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  6. red43560

    red43560 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    22
    Ran Combo Fix with these results:

    ComboFix 13-03-16.02 - Chris 03/16/2013 10:39:19.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3539.2908 [GMT -4:00]
    Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Chris\g2mdlhlpx.exe
    C:\install.exe
    C:\prefs.js
    C:\Thumbs.db
    c:\windows\system32\gxvxccount
    c:\windows\system32\test
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    c:\windows\wininit.ini
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-16 to 2013-03-16 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-16 14:08 . 2013-03-16 14:08 -------- d-----w- C:\found.000
    2013-03-14 10:35 . 2013-03-14 10:38 155 ----a-w- c:\windows\DeleteOnReboot.bat
    2013-03-12 10:36 . 2013-03-12 10:36 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-03-06 12:52 . 2013-03-06 12:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
    2013-03-06 12:52 . 2013-03-06 12:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
    2013-03-06 02:23 . 2013-03-06 02:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2013-03-06 02:21 . 2013-03-06 02:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2013-03-05 11:44 . 2013-03-05 11:44 -------- d-----w- c:\documents and settings\Chris\Application Data\LavasoftStatistics
    2013-03-05 11:38 . 2013-03-05 11:38 44424 ----a-w- c:\windows\system32\sbbd.exe
    2013-03-05 11:38 . 2013-03-05 11:38 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
    2013-02-16 21:10 . 2013-02-16 21:10 -------- d-----r- c:\program files\Skype
    2013-02-16 21:10 . 2013-02-16 21:10 -------- d-----w- c:\program files\Common Files\Skype
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-14 01:07 . 2012-06-19 11:01 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-03-14 01:07 . 2011-07-09 14:57 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-03-12 10:36 . 2012-07-24 11:27 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-03-12 10:36 . 2012-03-08 19:35 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-03-12 10:36 . 2010-06-09 14:25 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-02-05 20:05 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll
    2013-02-05 20:05 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-02-05 20:05 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-02-05 05:53 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
    2013-01-26 03:55 . 2008-04-25 16:16 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-07 01:32 . 2008-04-25 16:16 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:45 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:32 . 2008-04-25 16:16 1876224 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49 . 2008-04-25 16:16 1292288 ----a-w- c:\windows\system32\quartz.dll
    2013-01-02 06:49 . 2008-04-25 16:16 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Chris\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Chris\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Chris\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Chris\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-13 39408]
    "GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-12-18 16328976]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
    "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 134656]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 166912]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 134656]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-13 68592]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "SN0XRCV"="c:\windows\system32\spool\drivers\w32x86\3\SN0XRCV.exe" [2006-10-23 102400]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\documents and settings\Chris\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Chris\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Documents and Settings\\Chris\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundMaskRequest"= 1 (0x1)
    "AllowInboundRouterRequest"= 1 (0x1)
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 31952]
    R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [3/5/2013 7:38 AM 13560]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 250080]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 301920]
    R1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Chris\LOCALS~1\Temp\superas\SASDIFSV.SYS --> c:\docume~1\Chris\LOCALS~1\Temp\superas\SASDIFSV.SYS [?]
    R1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Chris\LOCALS~1\Temp\superas\SASKUTIL.sys --> c:\docume~1\Chris\LOCALS~1\Temp\superas\SASKUTIL.sys [?]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [6/27/2008 2:47 PM 1664248]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 193288]
    R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [7/1/2008 7:57 PM 110592]
    R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [12/6/2011 5:00 PM 214896]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [3/3/2011 9:31 PM 450848]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/4/2009 4:30 PM 112512]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 142176]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [5/4/2009 4:30 PM 109568]
    S2 a2free;a-squared Free Service;"c:\docume~1\CHRIS\LOCALS~1\TEMP\A2FREE\a2service.exe" --> c:\docume~1\CHRIS\LOCALS~1\TEMP\A2FREE\a2service.exe [?]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [11/2/2012 4:51 AM 5174392]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 1:55 PM 161536]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
    S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [4/10/2012 5:55 PM 25856]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
    S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
    S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2/5/2011 6:22 PM 13312]
    S3 SASENUM;SASENUM;\??\c:\docume~1\Chris\LOCALS~1\Temp\superas\SASENUM.SYS --> c:\docume~1\Chris\LOCALS~1\Temp\superas\SASENUM.SYS [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 01:07]
    .
    2013-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:54]
    .
    2013-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:54]
    .
    2013-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3919648721-3038869406-929393948-1006Core.job
    - c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-13 09:30]
    .
    2013-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3919648721-3038869406-929393948-1006UA.job
    - c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-13 09:30]
    .
    2012-12-06 c:\windows\Tasks\MotoHelper MUM.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
    .
    2013-03-09 c:\windows\Tasks\MotoHelper Routing.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
    .
    2012-12-06 c:\windows\Tasks\MotoHelper Update.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://securesearch.lavasoft.com/?source=f439e2c0&tbp=homepage&toolbarid=adawaretb&v=2_5&u=472D5C3109B5DBDCE2CBED5135D96D9F
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local;192.168.*.*
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    Trusted Zone: pledgemaker.com\pmol-busobj02
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    DPF: Web-Based Email Tools - hxxp://email02.secureserver.net/Download.CAB
    DPF: {02ED726B-6517-4245-8E46-233E4B91CEE3} - hxxps://pmol-busobj02.pledgemaker.com/wijsp/distribution/install.cab
    DPF: {EE6DD3BD-B5E5-4A05-9FF2-9DB265522F0E} - hxxps://pmol-busobj02.pledgemaker.com/wijsp/distribution/ZaboIEen.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
    ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)
    HKCU-Run-Sticky-Notes - c:\program files\Sticky-Notes\stickynotes.exe
    HKCU-Run-Spotify - c:\documents and settings\Chris\Application Data\Spotify\Spotify.exe
    HKLM-Run-ChangeTPMAuth - c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe
    HKLM-Run-SearchProtection - c:\documents and settings\All Users\Application Data\Search Protection\_run.bat
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-03-16 10:50
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2013-03-16 10:52:59
    ComboFix-quarantined-files.txt 2013-03-16 14:52
    .
    Pre-Run: 101,285,175,296 bytes free
    Post-Run: 119,570,001,920 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    [spybotsd]
    timeout.old=30
    .
    - - End Of File - - DCF8FDE7A811363EE368E94103C41A45
     
  7. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)
    Disable any antivirus/antimalware/firewall realtime protection or script blocking in the same way you did previously before running combofix & remember to re-enable it when it has finished
    Close any open browsers
    Then drag the CFScript.txt into the ComboFix.exe or renamed combofix icon as shown in the screenshot below.



    [​IMG]



    This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply


    Note: these instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system and will not fix your problem. If you have a similar problem start your own topic in the malware fixing forum

    This will create a zip file inside C:\QooBox\quarantine named something like [38][email protected]

    at the end it will pop up an alert & open your browser and ask you to send the zip file

    please follow those instructions. We need to see the zip file before we can carry on with the fix

    If there is no pop up alert or open browser then

    please go to http://www.thespykiller.co.uk/index.php?board=1.0 and upload these files so I can examine them and if needed distribute them to antivirus companies.
    Just press new topic, fill in the needed details and just give a link to your post here & then press the browse button and then navigate to & select the files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press send to upload the files ( do not post HJT logs there as they will not get dealt with)

    Files to submit:
    the zip file inside C:\QooBox\quarantine created by combofix named something like [38][email protected]

    or to
    http://www.bleepingcomputer.com/submit-malware.php?channel=38
     

    Attached Files:

  8. red43560

    red43560 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    22
    Analysis was uploaded and here is the txt doc:

    ComboFix 13-03-16.02 - Chris 03/16/2013 18:01:39.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3539.3000 [GMT -4:00]
    Running from: c:\documents and settings\Chris\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Chris\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    file zipped: c:\windows\DeleteOnReboot.bat
    file zipped: c:\windows\system32\WindowsAccessBridge.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Chris\Application Data\LavasoftStatistics
    c:\documents and settings\Chris\Application Data\LavasoftStatistics\adaware.xml
    c:\windows\DeleteOnReboot.bat
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-02-16 to 2013-03-16 )))))))))))))))))))))))))))))))
    .
    .
    2013-03-16 14:08 . 2013-03-16 14:08 -------- d-----w- C:\found.000
    2013-03-12 10:36 . 2013-03-12 10:36 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-03-06 12:52 . 2013-03-06 12:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Yahoo!
    2013-03-06 12:52 . 2013-03-06 12:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
    2013-03-06 02:23 . 2013-03-06 02:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2013-03-06 02:21 . 2013-03-06 02:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2013-03-05 11:38 . 2013-03-05 11:38 44424 ----a-w- c:\windows\system32\sbbd.exe
    2013-03-05 11:38 . 2013-03-05 11:38 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
    2013-02-16 21:10 . 2013-02-16 21:10 -------- d-----r- c:\program files\Skype
    2013-02-16 21:10 . 2013-02-16 21:10 -------- d-----w- c:\program files\Common Files\Skype
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-14 01:07 . 2012-06-19 11:01 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-03-14 01:07 . 2011-07-09 14:57 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-03-12 10:36 . 2012-07-24 11:27 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-03-12 10:36 . 2012-03-08 19:35 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-03-12 10:36 . 2010-06-09 14:25 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-02-05 20:05 . 2008-04-25 16:16 916480 ----a-w- c:\windows\system32\wininet.dll
    2013-02-05 20:05 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-02-05 20:05 . 2008-04-25 16:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2013-02-05 05:53 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
    2013-01-26 03:55 . 2008-04-25 16:16 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-07 01:32 . 2008-04-25 16:16 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:45 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:32 . 2008-04-25 16:16 1876224 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49 . 2008-04-25 16:16 1292288 ----a-w- c:\windows\system32\quartz.dll
    2013-01-02 06:49 . 2008-04-25 16:16 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Chris\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Chris\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Chris\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Chris\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-13 39408]
    "GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-12-18 16328976]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-02-22 200704]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]
    "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 134656]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 166912]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 134656]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
    "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-13 68592]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "SN0XRCV"="c:\windows\system32\spool\drivers\w32x86\3\SN0XRCV.exe" [2006-10-23 102400]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    c:\documents and settings\Chris\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Chris\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Documents and Settings\\Chris\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundMaskRequest"= 1 (0x1)
    "AllowInboundRouterRequest"= 1 (0x1)
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 4:50 AM 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 31952]
    R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [3/5/2013 7:38 AM 13560]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 250080]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 301920]
    R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [6/27/2008 2:47 PM 1664248]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [11/2/2012 4:51 AM 5174392]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 193288]
    R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [7/1/2008 7:57 PM 110592]
    R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [12/6/2011 5:00 PM 214896]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [3/3/2011 9:31 PM 450848]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [5/4/2009 4:30 PM 112512]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 1:32 PM 142176]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 1:32 PM 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 1:32 PM 17232]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [5/4/2009 4:30 PM 109568]
    S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\Chris\LOCALS~1\Temp\superas\SASDIFSV.SYS --> c:\docume~1\Chris\LOCALS~1\Temp\superas\SASDIFSV.SYS [?]
    S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\Chris\LOCALS~1\Temp\superas\SASKUTIL.sys --> c:\docume~1\Chris\LOCALS~1\Temp\superas\SASKUTIL.sys [?]
    S2 a2free;a-squared Free Service;"c:\docume~1\CHRIS\LOCALS~1\TEMP\A2FREE\a2service.exe" --> c:\docume~1\CHRIS\LOCALS~1\TEMP\A2FREE\a2service.exe [?]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 1:55 PM 161536]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
    S3 CFcatchme;CFcatchme;\??\c:\docume~1\Chris\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\Chris\LOCALS~1\Temp\CFcatchme.sys [?]
    S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [4/10/2012 5:55 PM 25856]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
    S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
    S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2/5/2011 6:22 PM 13312]
    S3 SASENUM;SASENUM;\??\c:\docume~1\Chris\LOCALS~1\Temp\superas\SASENUM.SYS --> c:\docume~1\Chris\LOCALS~1\Temp\superas\SASENUM.SYS [?]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-03-16 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 01:07]
    .
    2013-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:54]
    .
    2013-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 14:54]
    .
    2013-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3919648721-3038869406-929393948-1006Core.job
    - c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-13 09:30]
    .
    2013-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3919648721-3038869406-929393948-1006UA.job
    - c:\documents and settings\Chris\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-12-13 09:30]
    .
    2012-12-06 c:\windows\Tasks\MotoHelper MUM.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
    .
    2013-03-09 c:\windows\Tasks\MotoHelper Routing.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
    .
    2012-12-06 c:\windows\Tasks\MotoHelper Update.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-12-06 21:00]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local;192.168.*.*
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
    Trusted Zone: pledgemaker.com\pmol-busobj02
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    DPF: Web-Based Email Tools - hxxp://email02.secureserver.net/Download.CAB
    DPF: {02ED726B-6517-4245-8E46-233E4B91CEE3} - hxxps://pmol-busobj02.pledgemaker.com/wijsp/distribution/install.cab
    DPF: {EE6DD3BD-B5E5-4A05-9FF2-9DB265522F0E} - hxxps://pmol-busobj02.pledgemaker.com/wijsp/distribution/ZaboIEen.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-03-16 18:08
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(552)
    c:\windows\system32\WININET.dll
    c:\windows\system32\igfxdo.dll
    c:\documents and settings\Chris\Application Data\Dropbox\bin\DropboxExt.17.dll
    c:\program files\Google\Drive\googledrivesync32.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    c:\program files\Windows Desktop Search\deskbar.dll
    c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
    c:\program files\Windows Desktop Search\dbres.dll
    c:\program files\Windows Desktop Search\wordwheel.dll
    c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
    c:\program files\Windows Desktop Search\msnlExtRes.dll
    c:\program files\Google\Quick Search Box\bin\1.2.1151.245\qsb.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Roxio\Drag-to-Disc\Shellex.dll
    c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
    c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\AVG\AVG2012\avgrsx.exe
    c:\program files\AVG\AVG2012\avgcsrvx.exe
    c:\drivers\audio\r213367\stacsv.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\DellTPad\ApMsgFwd.exe
    c:\program files\DellTPad\Apntex.exe
    c:\program files\DellTPad\HidFind.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    c:\program files\Java\jre7\bin\jqs.exe
    c:\program files\AVG\AVG2012\avgnsx.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    .
    **************************************************************************
    .
    Completion time: 2013-03-16 18:13:09 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-03-16 22:13
    ComboFix2.txt 2013-03-16 14:53
    .
    Pre-Run: 119,604,768,768 bytes free
    Post-Run: 119,558,672,384 bytes free
    .
    - - End Of File - - 498FB60A94FD0C9C3EF608C8D7AFF485
    Upload was successful
     
  9. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    how is it now
    are you still getting any problems?
     
  10. red43560

    red43560 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    22
    Unfortunately, yes it is still there.
     
  11. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    where are you still seeing it ?
     
  12. red43560

    red43560 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    22
    When I do a search from the bar at the top it pops up...when I am search from google within the window it does not happen. See attached screen shot....
     

    Attached Files:

  13. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    lets see what this shows us

    Download OTScanIt.exe to your Desktop
    • Close any open browsers.
    • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
    • Double-click on OTS.exe to start the program.
    • In the Files Age drop down box click 90
    • Now on the toolbar at the top select "Scan all users" then click the Run Scan button
    • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Save that notepad file
    If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.
     
  14. red43560

    red43560 Thread Starter

    Joined:
    Mar 6, 2013
    Messages:
    22
    Following is the log from the last scan:

    GMER 2.1.19155 - http://www.gmer.net
    Rootkit scan 2013-03-19 05:53:29
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD16 rev.11.0 149.05GB
    Running: 8llwhqtj.exe; Driver: C:\DOCUME~1\Chris\LOCALS~1\Temp\fxroypoc.sys


    ---- System - GMER 2.1 ----

    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x93E77004]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x93E770D4]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x93E76D76]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x93E76E1E]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x93E76EBA]
    SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x93E76F56]

    ---- User code sections - GMER 2.1 ----

    .text C:\WINDOWS\system32\SearchIndexer.exe[488] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL

    ---- Devices - GMER 2.1 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys

    Device \FileSystem\Fastfat \Fat 8B3BED20

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys
    AttachedDevice \FileSystem\Fastfat \Fat avgidsfilterx.sys

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS

    ---- EOF - GMER 2.1 ----
     
  15. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,800
    if you are not going to follow my instructions I can't help you

    What browser are you seeing this search hijacker in. Is it IE or Chrome
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1092128