I have Ad-Aware, and when I scan my computer, it shows this trojan (win32.trojan.agent). Most of the time when I try to remove it, eventually it gets to the point where I can move the mouse around, but that's it, while it's being deleted by the program. Then usually I have to do a hard restart because I can't get out of it. It doesn't show up in AVG or Malware-bytes, so I have yet to successfully remove it. And "blekko" has started showing up. Mostly just a weird search button, but I hear it gets worse. Here are my logs.
===============================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:45:01 PM, on 5/19/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINXP\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\ibmpmsvc.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINXP\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
C:\WINXP\Explorer.EXE
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINXP\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINXP\system32\hkcmd.exe
C:\WINXP\system32\igfxpers.exe
C:\WINXP\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\WINXP\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINXP\system32\SearchProtocolHost.exe
C:\Documents and Settings\hollyblue\My Documents\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mixidj.delta-search.com/?affI...49001F3C27D965
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll
R3 - URLSearchHook: (no name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll
O2 - BHO: DownloadTerms - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Documents and Settings\hollyblue\Local Settings\Application Data\DownloadTerms\temp.dat
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O3 - Toolbar: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINXP\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINXP\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINXP\system32\igfxpers.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\hollyblue\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\hollyblue\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Amazon Cloud Drive] C:\Documents and Settings\hollyblue\Local Settings\Application Data\Amazon\Cloud Drive\AmazonCloudDrive.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Updater12759.exe] C:\Documents and Settings\hollyblue\Local Settings\Application Data\Updater12759\Updater12759.exe /extensionid=12759 /extensionname='Lucky Savings' /chromeid=anmphbplcihjjkljdofccokpafageioj /stayidle /delay=300
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - Startup: HP SimpleSave Monitor.lnk = C:\Documents and Settings\hollyblue\Application Data\HP SimpleSave Application\StartHelper.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\winxp\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\winxp\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\winxp\system32\iavlsp.dll
O15 - Trusted Zone: www.vizzed.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINXP\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINXP\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: BackupService - ArcSoft, Inc. - C:\Documents and Settings\hollyblue\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINXP\system32\ibmpmsvc.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINXP\system32\IPSSVC.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINXP\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
--
End of file - 13267 bytes
=========================================================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by hollyblue at 12:46:47 on 2013-05-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.707 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: System Shield *Enabled/Updated* {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled*
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\WINXP\system32\ibmpmsvc.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINXP\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
C:\WINXP\Explorer.EXE
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINXP\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINXP\system32\hkcmd.exe
C:\WINXP\system32\igfxpers.exe
C:\WINXP\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\WINXP\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINXP\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\WINXP\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\WINXP\System32\alg.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINXP\system32\SearchProtocolHost.exe
C:\WINXP\system32\SearchFilterHost.exe
C:\WINXP\system32\wbem\wmiprvse.exe
C:\WINXP\System32\svchost.exe -k netsvcs
C:\WINXP\system32\svchost.exe -k WudfServiceGroup
C:\WINXP\system32\svchost.exe -k NetworkService
C:\WINXP\system32\svchost.exe -k LocalService
C:\WINXP\system32\svchost.exe -k LocalService
C:\WINXP\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mixidj.delta-search.com/?affID=121149&tt=gc_&babsrc=HP_ss&mntrId=3849001F3C27D965
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uURLSearchHooks: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - c:\program files\vuze remote toolbar\ie\7.0\vuzeToolbarIE.dll
uURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - c:\program files\vuze remote toolbar\ie\7.0\vuzeToolbarIE.dll
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\documents and settings\hollyblue\local settings\application data\downloadterms\temp.dat
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - <orphaned>
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
TB: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - c:\program files\vuze remote toolbar\ie\7.0\vuzeToolbarIE.dll
uRun: [Google Update] "c:\documents and settings\hollyblue\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Facebook Update] "c:\documents and settings\hollyblue\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Amazon Cloud Drive] c:\documents and settings\hollyblue\local settings\application data\amazon\cloud drive\AmazonCloudDrive.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Updater12759.exe] c:\documents and settings\hollyblue\local settings\application data\updater12759\Updater12759.exe /extensionid=12759 /extensionname='Lucky Savings' /chromeid=anmphbplcihjjkljdofccokpafageioj /stayidle /delay=300
uRun: [ctfmon.exe] c:\winxp\system32\ctfmon.exe
mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [TpShocks] TpShocks.exe
mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [NWEReboot] <no file>
mRunOnce: [iolo SR Reboot] <no file>
StartupFolder: c:\docume~1\hollyb~1\startm~1\programs\startup\hpsimp~1.lnk - c:\documents and settings\hollyblue\application data\hp simplesave application\StartHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia backup\uBBMonitor.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\winxp\system32\iavlsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{FA9DA54A-938E-4956-81B6-8D3FD702C39C} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: ACNotify - ACNotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxp\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ACGina
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hollyblue\application data\mozilla\firefox\profiles\pxa06yr5.default-1351124339864\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\hollyblue\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\hollyblue\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\hollyblue\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\hollyblue\local settings\application data\facebook\messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: c:\documents and settings\hollyblue\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\hollyblue\local settings\application data\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\winxp\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\winxp\system32\npdeployJava1.dll
FF - plugin: c:\winxp\system32\npptools.dll
FF - ExtSQL: 2013-04-08 14:22; jid1-4P0kohSJxU1qGg@jetpack; c:\documents and settings\hollyblue\application data\mozilla\firefox\profiles\pxa06yr5.default-1351124339864\extensions\jid1-4P0kohSJxU1qGg@jetpack.xpi
FF - ExtSQL: 2013-05-13 00:00; cxfnl@nxazbwxrbgsgfqqp.net; c:\documents and settings\hollyblue\application data\mozilla\firefox\profiles\pxa06yr5.default-1351124339864\extensions\cxfnl@nxazbwxrbgsgfqqp.net
FF - ExtSQL: 2013-05-17 23:03; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\documents and settings\hollyblue\application data\mozilla\firefox\profiles\pxa06yr5.default-1351124339864\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2013-05-19 11:00; jid1-yZwVFzbsyfMrqQ@jetpack; c:\documents and settings\hollyblue\application data\mozilla\firefox\profiles\pxa06yr5.default-1351124339864\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: !HIDDEN! 2013-05-13 10:16; cxfnl@nxazbwxrbgsgfqqp.net; c:\program files\mozilla firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.mixidj.tlbrSrchUrl -
FF - user.js: extensions.mixidj.id - 384958cb000000000000001f3c27d965
FF - user.js: extensions.mixidj.appId - {A2773ED4-83BD-488A-A186-73590706C916}
FF - user.js: extensions.mixidj.instlDay - 15838
FF - user.js: extensions.mixidj.vrsn - 1.8.18.8
FF - user.js: extensions.mixidj.vrsni - 1.8.18.8
FF - user.js: extensions.mixidj.vrsnTs - 1.8.18.810:17:48
FF - user.js: extensions.mixidj.prtnrId - mixidj
FF - user.js: extensions.mixidj.prdct - mixidj
FF - user.js: extensions.mixidj.aflt - babsst
FF - user.js: extensions.mixidj.smplGrp - none
FF - user.js: extensions.mixidj.tlbrId - base
FF - user.js: extensions.mixidj.instlRef - sst
FF - user.js: extensions.mixidj.dfltLng - en
FF - user.js: extensions.mixidj.excTlbr - false
FF - user.js: extensions.mixidj.ffxUnstlRst - false
FF - user.js: extensions.mixidj.admin - false
FF - user.js: extensions.mixidj.autoRvrt - false
FF - user.js: extensions.mixidj.rvrt - false
FF - user.js: extensions.mixidj.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\winxp\system32\drivers\avgidshx.sys [2012-4-19 60216]
R0 Avglogx;AVG Logging Driver;c:\winxp\system32\drivers\avglogx.sys [2012-8-9 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\winxp\system32\drivers\avgmfx86.sys [2010-9-7 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\winxp\system32\drivers\avgrkx86.sys [2010-9-7 39224]
R0 DozeHDD;DozeHDD;c:\winxp\system32\drivers\DOZEHDD.SYS [2010-12-24 24304]
R0 gfibto;gfibto;c:\winxp\system32\drivers\gfibto.sys [2013-5-19 13560]
R0 TPDIGIMN;TPDIGIMN;c:\winxp\system32\drivers\ApsHM86.sys [2010-6-16 20592]
R1 AVGIDSDriver;AVGIDSDriver;c:\winxp\system32\drivers\avgidsdriverx.sys [2011-12-23 208184]
R1 AVGIDSShim;AVGIDSShim;c:\winxp\system32\drivers\avgidsshimx.sys [2011-12-23 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\winxp\system32\drivers\avgldx86.sys [2010-12-28 170808]
R1 Avgtdix;AVG TDI Driver;c:\winxp\system32\drivers\avgtdix.sys [2010-12-28 182072]
R1 lenovo.smi;Lenovo System Interface Driver;c:\winxp\system32\drivers\smiif32.sys [2010-12-24 13680]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2013-3-18 1236336]
R2 AMP;AMP;c:\winxp\system32\drivers\amp.sys [2010-1-19 127016]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-4-25 4936752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
R2 cpuz135;cpuz135;c:\winxp\system32\drivers\cpuz135_x32.sys [2010-12-25 21992]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-12-24 132456]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-12-24 1070080]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-29 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-25 701512]
R2 PDFsFilter;PDFsFilter;c:\winxp\system32\drivers\PDFsFilter.sys [2012-7-26 68464]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-12-24 53248]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2012-4-24 131432]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2012-4-24 142696]
R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-1-19 121384]
R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-1-19 117288]
R3 MBAMProtector;MBAMProtector;c:\winxp\system32\drivers\mbam.sys [2010-12-25 22856]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\winxp\system32\drivers\NETwLx32.sys [2010-12-24 6609920]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\winxp\system32\drivers\tp4track.sys [2008-3-4 22568]
S0 Lbd;Lbd;c:\winxp\system32\drivers\lbd.sys --> c:\winxp\system32\drivers\Lbd.sys [?]
S2 AMPSE;AMPSE;c:\winxp\system32\drivers\ampse.sys [2010-1-19 1118248]
S2 BackupService;BackupService;c:\documents and settings\hollyblue\application data\hp simplesave application\uUACTokenSvc.exe [2011-9-21 83512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winxp\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 androidusb;ADB Interface Driver;c:\winxp\system32\drivers\motoandroid.sys [2011-3-27 25856]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\winxp\system32\drivers\motfilt.sys [2011-3-27 6016]
S3 easytether;easytether;c:\winxp\system32\drivers\easytthr.sys --> c:\winxp\system32\drivers\easytthr.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\winxp\system32\drivers\motccgp.sys [2011-3-27 19712]
S3 motccgpfl;MotCcgpFlService;c:\winxp\system32\drivers\motccgpfl.sys [2011-3-27 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\winxp\system32\drivers\Motousbnet.sys [2011-3-27 23424]
S3 motport;Motorola USB Diagnostic Port;c:\winxp\system32\drivers\motport.sys [2011-3-27 23936]
S3 motusbdevice;Motorola USB Dev Driver;c:\winxp\system32\drivers\motusbdevice.sys [2011-3-27 9472]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\winxp\system32\drivers\nx6000.sys [2012-2-23 30576]
S3 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-1-19 158248]
S3 WinRM;Windows Remote Management (WS-Management);c:\winxp\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winxp\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400. exe [2010-3-18 753504]
S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2013-2-23 805752]
S4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-4-24 101736]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE %1
FileExt: .vbs: VBSFile=NOTEPAD.EXE %1
FileExt: .js: JSFile=NOTEPAD.EXE %1
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-05-19 16:26:57 -------- d-----w- c:\documents and settings\hollyblue\local settings\application data\adawarebp
2013-05-19 15:12:01 -------- d-----w- c:\documents and settings\hollyblue\application data\LavasoftStatistics
2013-05-19 15:12:01 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Antivirus
2013-05-19 15:05:03 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-05-19 15:01:07 -------- d-----w- c:\documents and settings\all users\application data\Downloaded Installations
2013-05-19 15:01:04 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2013-05-19 15:01:00 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2013-05-19 15:00:54 -------- d-----w- c:\program files\adawaretb
2013-05-19 15:00:54 -------- d-----w- c:\documents and settings\hollyblue\application data\adawaretb
2013-05-19 15:00:49 -------- d-----w- c:\program files\Toolbar Cleaner
2013-05-19 14:26:19 44424 ----a-w- c:\winxp\system32\sbbd.exe
2013-05-19 14:26:19 13560 ----a-w- c:\winxp\system32\drivers\gfibto.sys
2013-05-13 14:16:57 -------- d-sh--w- c:\winxp\system32\AI_RecycleBin
2013-05-13 14:15:54 -------- d-----w- c:\documents and settings\hollyblue\local settings\application data\Updater12759
2013-05-13 14:15:05 -------- d-----w- c:\documents and settings\hollyblue\local settings\application data\DownloadTerms
2013-05-13 14:15:03 -------- d-----w- c:\program files\VideoLAN
2013-05-13 14:14:53 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2013-05-13 14:14:51 -------- d-----w- c:\documents and settings\hollyblue\application data\Babylon
2013-05-13 14:14:45 -------- d-sh--w- C:\AI_RecycleBin
2013-05-13 14:14:44 -------- d-----w- c:\program files\Lucky Savings
2013-05-13 14:14:33 -------- d-----w- c:\documents and settings\hollyblue\application data\Strongvault
2013-05-12 17:09:50 -------- d-----w- c:\program files\GUM47A0.tmp
2013-05-03 21:50:24 -------- d-----w- c:\documents and settings\all users\application data\AVG April 2013 Campaign
2013-04-28 18:45:34 -------- d-----w- c:\documents and settings\hollyblue\application data\PeaZip
2013-04-28 18:32:08 -------- d-----w- c:\program files\PeaZip
2013-04-28 18:32:08 -------- d-----w- c:\documents and settings\hollyblue\application data\OpenCandy
2013-04-26 15:50:15 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
.
==================== Find3M ====================
.
2013-05-14 21:47:39 71048 ----a-w- c:\winxp\system32\FlashPlayerCPLApp.cpl
2013-05-14 21:47:39 692104 ----a-w- c:\winxp\system32\FlashPlayerApp.exe
2013-04-16 22:17:15 920064 ----a-w- c:\winxp\system32\wininet.dll
2013-04-16 22:17:14 43520 ----a-w- c:\winxp\system32\licmgr10.dll
2013-04-16 22:17:14 1469440 ----a-w- c:\winxp\system32\inetcpl.cpl
2013-04-12 23:28:55 385024 ----a-w- c:\winxp\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\winxp\system32\win32k.sys
2013-04-04 18:50:32 22856 ----a-w- c:\winxp\system32\drivers\mbam.sys
2013-03-29 06:53:48 208184 ----a-w- c:\winxp\system32\drivers\avgidsdriverx.sys
2013-03-21 07:08:24 182072 ----a-w- c:\winxp\system32\drivers\avgtdix.sys
2013-03-18 03:59:00 41616 ----a-w- c:\winxp\system32\iolobtdfg.exe
2013-03-18 03:58:52 23568 ----a-w- c:\winxp\system32\smrgdf.exe
2013-03-18 03:43:56 2097472 ----a-w- c:\winxp\system32\Incinerator32.dll
2013-03-08 08:35:47 293376 ----a-w- c:\winxp\system32\winsrv.dll
2013-03-07 01:35:46 2149888 ----a-w- c:\winxp\system32\ntoskrnl.exe
2013-03-07 00:53:36 2028544 ----a-w- c:\winxp\system32\ntkrnlpa.exe
2013-03-01 14:32:20 22328 ----a-w- c:\winxp\system32\drivers\avgidsshimx.sys
.
============= FINISH: 12:49:59.71 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/24/2010 9:34:32 PM
System Uptime: 5/19/2013 12:25:37 PM (0 hours ago)
.
Motherboard: LENOVO | | 7650DHU
Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz | None | 795/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 49.186 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP312: 2/26/2013 8:16:53 AM - System Checkpoint
RP313: 3/14/2013 3:00:50 AM - Software Distribution Service 3.0
RP314: 3/18/2013 5:40:45 AM - System Checkpoint
RP315: 3/21/2013 3:00:38 AM - Software Distribution Service 3.0
RP316: 3/25/2013 3:27:51 AM - System Checkpoint
RP317: 4/6/2013 8:32:33 AM - System Checkpoint
RP318: 4/11/2013 3:01:42 AM - Software Distribution Service 3.0
RP319: 4/17/2013 5:55:26 AM - System Checkpoint
RP320: 5/2/2013 10:41:54 PM - System Checkpoint
RP321: 5/16/2013 3:02:18 AM - Software Distribution Service 3.0
RP322: 5/17/2013 3:22:42 AM - System Checkpoint
RP323: 5/19/2013 9:55:59 AM - Removed Presentation Director
.
==== Installed Programs ======================
.
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
AIM 7
Amazon Cloud Drive
Amazon Kindle
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia Backup
AVG 2013
AVSDK5
Bonjour
Broadcom Gigabit Integrated Controller
calibre
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MX870 series MP Drivers
Conexant HD Audio
CPUID CPU-Z 1.56
DownloadTerms
Facebook Messenger 2.1.4814.0
Facebook Video Calling 1.2.0.287
Google Chrome
Google Talk Plugin
Google Update Helper
Google Updater
HDAUDIO Soft Data Fax Modem with SmartCP
Help Center
Hercules Webcam Station Evolution SE
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970685)
Hotfix for Windows XP (KB981793)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
iolo technologies' System Mechanic Professional
iTunes
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 33
K-Lite Codec Pack 7.6.0 (Basic)
KeePass Password Safe 1.24
Lenovo Auto Scroll Utility
Lenovo Care
Lenovo Care Supplement
Lenovo Patch Utility
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Lucky Savings
Maintenance Manager
Malwarebytes Anti-Malware version 1.75.0.1300
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Motorola Driver Installation 4.6.0
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Media Player
Nero OEM
NeroVision Express 2
On Screen Display
PeaZip 4.9.2
Productivity Center Supplement for ThinkPad
Satsuki Decoder Pack
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB982132)
Segoe UI
Skype 5.10
Spybot - Search & Destroy
System Mechanic 11 Professional
System Update
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Keyboard Customizer Utility
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad TrackPoint Driver
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wmiiper
TurboTax 2012 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB961503)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
Vuze Remote Toolbar
Vuze Remote Toolbar v7.0
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
5/19/2013 10:49:58 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
5/15/2013 8:02:47 PM, error: Service Control Manager [7000] - The BackupService service failed to start due to the following error: %1 is not a valid Win32 application.
5/15/2013 11:04:02 AM, error: Service Control Manager [7000] - The AMPSE service failed to start due to the following error: The system cannot find the file specified.
5/14/2013 9:08:51 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/14/2013 8:54:54 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/14/2013 8:54:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
5/14/2013 8:44:00 AM, error: Service Control Manager [7000] - The BrowserProtect service failed to start due to the following error: %1 is not a valid Win32 application.
.
==== End Of File ===========================
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-19 15:47:02
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC7BP 111.79GB
Running: jk75q2hl.exe; Driver: C:\DOCUME~1\HOLLYB~1\LOCALS~1\Temp\pxtdqpoc.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xBA4715D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xBA471700]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xBA471010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xBA471300]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xBA4713E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xBA471120]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xBA471210]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xBA4714D0]
---- User code sections - GMER 2.1 ----
.text C:\WINXP\system32\SearchIndexer.exe[1236] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINXP\system32\MSSRCH.DLL
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2524] USER32.dll!DefWindowProcA + 11A 7E42C298 7 Bytes JMP 108243E6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2524] USER32.dll!SetWindowLongA + 19 7E42C2B6 7 Bytes JMP 10824375 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2524] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1046E50D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2524] USER32.dll!GetMenuContextHelpId + 1A 7E465319 7 Bytes JMP 1046E9FB C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 01546D70 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02AD0001
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0189D736 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 0189D713 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] kernel32.dll!ValidateLocale + B1D0 7C8449B0 7 Bytes JMP 01561C62 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 01726045 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 0189D694 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 719F0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] WS2_32.dll!recv 71AB676F 6 Bytes JMP 71A50F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 71A20F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 719C0F5A
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys
Device \Driver\mbr \Device\mbr BA4AACDE
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\PDFsFilter\Parameters\{2741c5c3-0f7f-11e0-9428-806d6172696f}@NumExtendFileExtentsSaved 452516
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 19311
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FA9DA54 A-938E-4956-81B6-8D3FD702C39C}@LeaseObtainedTime 1368980794
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FA9DA54 A-938E-4956-81B6-8D3FD702C39C}@T1 1369023994
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FA9DA54 A-938E-4956-81B6-8D3FD702C39C}@T2 1369056394
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FA9DA54 A-938E-4956-81B6-8D3FD702C39C}@LeaseTerminatesTime 1369067194
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FA9DA54 A-938E-4956-81B6-8D3FD702C39C}@DhcpRetryTime 43197
Reg HKLM\SYSTEM\CurrentControlSet\Services\{FA9DA54A-938E-4956-81B6-8D3FD702C39C}\Parameters\Tcpip@LeaseObtainedTime 1368980794
Reg HKLM\SYSTEM\CurrentControlSet\Services\{FA9DA54A-938E-4956-81B6-8D3FD702C39C}\Parameters\Tcpip@T1 1369023994
Reg HKLM\SYSTEM\CurrentControlSet\Services\{FA9DA54A-938E-4956-81B6-8D3FD702C39C}\Parameters\Tcpip@T2 1369056394
Reg HKLM\SYSTEM\CurrentControlSet\Services\{FA9DA54A-938E-4956-81B6-8D3FD702C39C}\Parameters\Tcpip@LeaseTerminatesTime 1369067194
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E020570F2B34C2F479328CC11E267E6B\Usage@Main 1119027719
---- EOF - GMER 2.1 ----
==============================
Thanks a bunch!
Nikki
===============================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:45:01 PM, on 5/19/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINXP\System32\smss.exe
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\ibmpmsvc.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINXP\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
C:\WINXP\Explorer.EXE
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINXP\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINXP\system32\hkcmd.exe
C:\WINXP\system32\igfxpers.exe
C:\WINXP\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\WINXP\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINXP\system32\SearchProtocolHost.exe
C:\Documents and Settings\hollyblue\My Documents\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mixidj.delta-search.com/?affI...49001F3C27D965
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll
R3 - URLSearchHook: (no name) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll
O2 - BHO: DownloadTerms - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Documents and Settings\hollyblue\Local Settings\Application Data\DownloadTerms\temp.dat
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O3 - Toolbar: Vuze Remote Toolbar - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\7.0\vuzeToolbarIE.dll
O4 - HKLM\..\Run: [TrackPointSrv] C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [LenovoAutoScrollUtility] C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINXP\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINXP\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINXP\system32\igfxpers.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [LENOVO.TPFNF6R] C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\hollyblue\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\hollyblue\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Amazon Cloud Drive] C:\Documents and Settings\hollyblue\Local Settings\Application Data\Amazon\Cloud Drive\AmazonCloudDrive.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Updater12759.exe] C:\Documents and Settings\hollyblue\Local Settings\Application Data\Updater12759\Updater12759.exe /extensionid=12759 /extensionname='Lucky Savings' /chromeid=anmphbplcihjjkljdofccokpafageioj /stayidle /delay=300
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINXP\system32\ctfmon.exe
O4 - Startup: HP SimpleSave Monitor.lnk = C:\Documents and Settings\hollyblue\Application Data\HP SimpleSave Application\StartHelper.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINXP\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\winxp\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\winxp\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\winxp\system32\iavlsp.dll
O15 - Trusted Zone: www.vizzed.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINXP\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINXP\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINXP\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: BackupService - ArcSoft, Inc. - C:\Documents and Settings\hollyblue\Application Data\HP SimpleSave Application\uUACTokenSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Lenovo Doze Mode Service (DozeSvc) - Lenovo. - C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINXP\system32\ibmpmsvc.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINXP\system32\IPSSVC.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Power Manager DBC Service - Unknown owner - C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINXP\System32\TPHDEXLG.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
--
End of file - 13267 bytes
=========================================================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by hollyblue at 12:46:47 on 2013-05-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.707 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: System Shield *Enabled/Updated* {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled*
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\WINXP\system32\ibmpmsvc.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINXP\system32\spoolsv.exe
C:\Documents and Settings\All Users\Application Data\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe
C:\WINXP\Explorer.EXE
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\WINXP\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Lenovo\TrackPoint\tp4serv.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINXP\system32\hkcmd.exe
C:\WINXP\system32\igfxpers.exe
C:\WINXP\system32\igfxsrvc.exe
C:\Program Files\Lenovo\HOTKEY\TPFNF6R.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\WINXP\system32\wbem\wmiprvse.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
C:\Program Files\ThinkPad\Utilities\DOZESVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
c:\WINXP\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINXP\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\WINXP\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\WINXP\System32\alg.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINXP\system32\SearchProtocolHost.exe
C:\WINXP\system32\SearchFilterHost.exe
C:\WINXP\system32\wbem\wmiprvse.exe
C:\WINXP\System32\svchost.exe -k netsvcs
C:\WINXP\system32\svchost.exe -k WudfServiceGroup
C:\WINXP\system32\svchost.exe -k NetworkService
C:\WINXP\system32\svchost.exe -k LocalService
C:\WINXP\system32\svchost.exe -k LocalService
C:\WINXP\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://mixidj.delta-search.com/?affID=121149&tt=gc_&babsrc=HP_ss&mntrId=3849001F3C27D965
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uURLSearchHooks: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - c:\program files\vuze remote toolbar\ie\7.0\vuzeToolbarIE.dll
uURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - c:\program files\vuze remote toolbar\ie\7.0\vuzeToolbarIE.dll
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\documents and settings\hollyblue\local settings\application data\downloadterms\temp.dat
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - <orphaned>
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
TB: Vuze Remote Toolbar: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - c:\program files\vuze remote toolbar\ie\7.0\vuzeToolbarIE.dll
uRun: [Google Update] "c:\documents and settings\hollyblue\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Facebook Update] "c:\documents and settings\hollyblue\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Amazon Cloud Drive] c:\documents and settings\hollyblue\local settings\application data\amazon\cloud drive\AmazonCloudDrive.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Updater12759.exe] c:\documents and settings\hollyblue\local settings\application data\updater12759\Updater12759.exe /extensionid=12759 /extensionname='Lucky Savings' /chromeid=anmphbplcihjjkljdofccokpafageioj /stayidle /delay=300
uRun: [ctfmon.exe] c:\winxp\system32\ctfmon.exe
mRun: [TrackPointSrv] c:\program files\lenovo\trackpoint\tp4serv.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [TpShocks] TpShocks.exe
mRun: [LenovoAutoScrollUtility] c:\program files\lenovo\virtscrl\virtscrl.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [NWEReboot] <no file>
mRunOnce: [iolo SR Reboot] <no file>
StartupFolder: c:\docume~1\hollyb~1\startm~1\programs\startup\hpsimp~1.lnk - c:\documents and settings\hollyblue\application data\hp simplesave application\StartHelper.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia backup\uBBMonitor.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\winxp\system32\iavlsp.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{FA9DA54A-938E-4956-81B6-8D3FD702C39C} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: ACNotify - ACNotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxp\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ACGina
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hollyblue\application data\mozilla\firefox\profiles\pxa06yr5.default-1351124339864\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\hollyblue\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\hollyblue\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\hollyblue\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\hollyblue\local settings\application data\facebook\messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: c:\documents and settings\hollyblue\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\hollyblue\local settings\application data\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\winxp\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\winxp\system32\npdeployJava1.dll
FF - plugin: c:\winxp\system32\npptools.dll
FF - ExtSQL: 2013-04-08 14:22; jid1-4P0kohSJxU1qGg@jetpack; c:\documents and settings\hollyblue\application data\mozilla\firefox\profiles\pxa06yr5.default-1351124339864\extensions\jid1-4P0kohSJxU1qGg@jetpack.xpi
FF - ExtSQL: 2013-05-13 00:00; cxfnl@nxazbwxrbgsgfqqp.net; c:\documents and settings\hollyblue\application data\mozilla\firefox\profiles\pxa06yr5.default-1351124339864\extensions\cxfnl@nxazbwxrbgsgfqqp.net
FF - ExtSQL: 2013-05-17 23:03; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\documents and settings\hollyblue\application data\mozilla\firefox\profiles\pxa06yr5.default-1351124339864\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
FF - ExtSQL: 2013-05-19 11:00; jid1-yZwVFzbsyfMrqQ@jetpack; c:\documents and settings\hollyblue\application data\mozilla\firefox\profiles\pxa06yr5.default-1351124339864\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
FF - ExtSQL: !HIDDEN! 2013-05-13 10:16; cxfnl@nxazbwxrbgsgfqqp.net; c:\program files\mozilla firefox\extensions\cxfnl@nxazbwxrbgsgfqqp.net
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.mixidj.tlbrSrchUrl -
FF - user.js: extensions.mixidj.id - 384958cb000000000000001f3c27d965
FF - user.js: extensions.mixidj.appId - {A2773ED4-83BD-488A-A186-73590706C916}
FF - user.js: extensions.mixidj.instlDay - 15838
FF - user.js: extensions.mixidj.vrsn - 1.8.18.8
FF - user.js: extensions.mixidj.vrsni - 1.8.18.8
FF - user.js: extensions.mixidj.vrsnTs - 1.8.18.810:17:48
FF - user.js: extensions.mixidj.prtnrId - mixidj
FF - user.js: extensions.mixidj.prdct - mixidj
FF - user.js: extensions.mixidj.aflt - babsst
FF - user.js: extensions.mixidj.smplGrp - none
FF - user.js: extensions.mixidj.tlbrId - base
FF - user.js: extensions.mixidj.instlRef - sst
FF - user.js: extensions.mixidj.dfltLng - en
FF - user.js: extensions.mixidj.excTlbr - false
FF - user.js: extensions.mixidj.ffxUnstlRst - false
FF - user.js: extensions.mixidj.admin - false
FF - user.js: extensions.mixidj.autoRvrt - false
FF - user.js: extensions.mixidj.rvrt - false
FF - user.js: extensions.mixidj.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\winxp\system32\drivers\avgidshx.sys [2012-4-19 60216]
R0 Avglogx;AVG Logging Driver;c:\winxp\system32\drivers\avglogx.sys [2012-8-9 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\winxp\system32\drivers\avgmfx86.sys [2010-9-7 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\winxp\system32\drivers\avgrkx86.sys [2010-9-7 39224]
R0 DozeHDD;DozeHDD;c:\winxp\system32\drivers\DOZEHDD.SYS [2010-12-24 24304]
R0 gfibto;gfibto;c:\winxp\system32\drivers\gfibto.sys [2013-5-19 13560]
R0 TPDIGIMN;TPDIGIMN;c:\winxp\system32\drivers\ApsHM86.sys [2010-6-16 20592]
R1 AVGIDSDriver;AVGIDSDriver;c:\winxp\system32\drivers\avgidsdriverx.sys [2011-12-23 208184]
R1 AVGIDSShim;AVGIDSShim;c:\winxp\system32\drivers\avgidsshimx.sys [2011-12-23 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\winxp\system32\drivers\avgldx86.sys [2010-12-28 170808]
R1 Avgtdix;AVG TDI Driver;c:\winxp\system32\drivers\avgtdix.sys [2010-12-28 182072]
R1 lenovo.smi;Lenovo System Interface Driver;c:\winxp\system32\drivers\smiif32.sys [2010-12-24 13680]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2013-3-18 1236336]
R2 AMP;AMP;c:\winxp\system32\drivers\amp.sys [2010-1-19 127016]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-4-25 4936752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
R2 cpuz135;cpuz135;c:\winxp\system32\drivers\cpuz135_x32.sys [2010-12-25 21992]
R2 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2010-12-24 132456]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-12-24 1070080]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-29 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-25 701512]
R2 PDFsFilter;PDFsFilter;c:\winxp\system32\drivers\PDFsFilter.sys [2012-7-26 68464]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-12-24 53248]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2012-9-20 3677000]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2012-4-24 131432]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2012-4-24 142696]
R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2010-1-19 121384]
R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2010-1-19 117288]
R3 MBAMProtector;MBAMProtector;c:\winxp\system32\drivers\mbam.sys [2010-12-25 22856]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\winxp\system32\drivers\NETwLx32.sys [2010-12-24 6609920]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\winxp\system32\drivers\tp4track.sys [2008-3-4 22568]
S0 Lbd;Lbd;c:\winxp\system32\drivers\lbd.sys --> c:\winxp\system32\drivers\Lbd.sys [?]
S2 AMPSE;AMPSE;c:\winxp\system32\drivers\ampse.sys [2010-1-19 1118248]
S2 BackupService;BackupService;c:\documents and settings\hollyblue\application data\hp simplesave application\uUACTokenSvc.exe [2011-9-21 83512]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winxp\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 androidusb;ADB Interface Driver;c:\winxp\system32\drivers\motoandroid.sys [2011-3-27 25856]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\winxp\system32\drivers\motfilt.sys [2011-3-27 6016]
S3 easytether;easytether;c:\winxp\system32\drivers\easytthr.sys --> c:\winxp\system32\drivers\easytthr.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\winxp\system32\drivers\motccgp.sys [2011-3-27 19712]
S3 motccgpfl;MotCcgpFlService;c:\winxp\system32\drivers\motccgpfl.sys [2011-3-27 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\winxp\system32\drivers\Motousbnet.sys [2011-3-27 23424]
S3 motport;Motorola USB Diagnostic Port;c:\winxp\system32\drivers\motport.sys [2011-3-27 23936]
S3 motusbdevice;Motorola USB Dev Driver;c:\winxp\system32\drivers\motusbdevice.sys [2011-3-27 9472]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\winxp\system32\drivers\nx6000.sys [2012-2-23 30576]
S3 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2010-1-19 158248]
S3 WinRM;Windows Remote Management (WS-Management);c:\winxp\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winxp\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400. exe [2010-3-18 753504]
S4 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2013-2-23 805752]
S4 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-4-24 101736]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE %1
FileExt: .vbs: VBSFile=NOTEPAD.EXE %1
FileExt: .js: JSFile=NOTEPAD.EXE %1
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
2013-05-19 16:26:57 -------- d-----w- c:\documents and settings\hollyblue\local settings\application data\adawarebp
2013-05-19 15:12:01 -------- d-----w- c:\documents and settings\hollyblue\application data\LavasoftStatistics
2013-05-19 15:12:01 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Antivirus
2013-05-19 15:05:03 -------- d-----w- c:\program files\Ad-Aware Antivirus
2013-05-19 15:01:07 -------- d-----w- c:\documents and settings\all users\application data\Downloaded Installations
2013-05-19 15:01:04 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2013-05-19 15:01:00 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2013-05-19 15:00:54 -------- d-----w- c:\program files\adawaretb
2013-05-19 15:00:54 -------- d-----w- c:\documents and settings\hollyblue\application data\adawaretb
2013-05-19 15:00:49 -------- d-----w- c:\program files\Toolbar Cleaner
2013-05-19 14:26:19 44424 ----a-w- c:\winxp\system32\sbbd.exe
2013-05-19 14:26:19 13560 ----a-w- c:\winxp\system32\drivers\gfibto.sys
2013-05-13 14:16:57 -------- d-sh--w- c:\winxp\system32\AI_RecycleBin
2013-05-13 14:15:54 -------- d-----w- c:\documents and settings\hollyblue\local settings\application data\Updater12759
2013-05-13 14:15:05 -------- d-----w- c:\documents and settings\hollyblue\local settings\application data\DownloadTerms
2013-05-13 14:15:03 -------- d-----w- c:\program files\VideoLAN
2013-05-13 14:14:53 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2013-05-13 14:14:51 -------- d-----w- c:\documents and settings\hollyblue\application data\Babylon
2013-05-13 14:14:45 -------- d-sh--w- C:\AI_RecycleBin
2013-05-13 14:14:44 -------- d-----w- c:\program files\Lucky Savings
2013-05-13 14:14:33 -------- d-----w- c:\documents and settings\hollyblue\application data\Strongvault
2013-05-12 17:09:50 -------- d-----w- c:\program files\GUM47A0.tmp
2013-05-03 21:50:24 -------- d-----w- c:\documents and settings\all users\application data\AVG April 2013 Campaign
2013-04-28 18:45:34 -------- d-----w- c:\documents and settings\hollyblue\application data\PeaZip
2013-04-28 18:32:08 -------- d-----w- c:\program files\PeaZip
2013-04-28 18:32:08 -------- d-----w- c:\documents and settings\hollyblue\application data\OpenCandy
2013-04-26 15:50:15 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
.
==================== Find3M ====================
.
2013-05-14 21:47:39 71048 ----a-w- c:\winxp\system32\FlashPlayerCPLApp.cpl
2013-05-14 21:47:39 692104 ----a-w- c:\winxp\system32\FlashPlayerApp.exe
2013-04-16 22:17:15 920064 ----a-w- c:\winxp\system32\wininet.dll
2013-04-16 22:17:14 43520 ----a-w- c:\winxp\system32\licmgr10.dll
2013-04-16 22:17:14 1469440 ----a-w- c:\winxp\system32\inetcpl.cpl
2013-04-12 23:28:55 385024 ----a-w- c:\winxp\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\winxp\system32\win32k.sys
2013-04-04 18:50:32 22856 ----a-w- c:\winxp\system32\drivers\mbam.sys
2013-03-29 06:53:48 208184 ----a-w- c:\winxp\system32\drivers\avgidsdriverx.sys
2013-03-21 07:08:24 182072 ----a-w- c:\winxp\system32\drivers\avgtdix.sys
2013-03-18 03:59:00 41616 ----a-w- c:\winxp\system32\iolobtdfg.exe
2013-03-18 03:58:52 23568 ----a-w- c:\winxp\system32\smrgdf.exe
2013-03-18 03:43:56 2097472 ----a-w- c:\winxp\system32\Incinerator32.dll
2013-03-08 08:35:47 293376 ----a-w- c:\winxp\system32\winsrv.dll
2013-03-07 01:35:46 2149888 ----a-w- c:\winxp\system32\ntoskrnl.exe
2013-03-07 00:53:36 2028544 ----a-w- c:\winxp\system32\ntkrnlpa.exe
2013-03-01 14:32:20 22328 ----a-w- c:\winxp\system32\drivers\avgidsshimx.sys
.
============= FINISH: 12:49:59.71 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/24/2010 9:34:32 PM
System Uptime: 5/19/2013 12:25:37 PM (0 hours ago)
.
Motherboard: LENOVO | | 7650DHU
Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz | None | 795/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 49.186 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP312: 2/26/2013 8:16:53 AM - System Checkpoint
RP313: 3/14/2013 3:00:50 AM - Software Distribution Service 3.0
RP314: 3/18/2013 5:40:45 AM - System Checkpoint
RP315: 3/21/2013 3:00:38 AM - Software Distribution Service 3.0
RP316: 3/25/2013 3:27:51 AM - System Checkpoint
RP317: 4/6/2013 8:32:33 AM - System Checkpoint
RP318: 4/11/2013 3:01:42 AM - Software Distribution Service 3.0
RP319: 4/17/2013 5:55:26 AM - System Checkpoint
RP320: 5/2/2013 10:41:54 PM - System Checkpoint
RP321: 5/16/2013 3:02:18 AM - Software Distribution Service 3.0
RP322: 5/17/2013 3:22:42 AM - System Checkpoint
RP323: 5/19/2013 9:55:59 AM - Removed Presentation Director
.
==== Installed Programs ======================
.
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
AIM 7
Amazon Cloud Drive
Amazon Kindle
Apple Mobile Device Support
Apple Software Update
ArcSoft TotalMedia Backup
AVG 2013
AVSDK5
Bonjour
Broadcom Gigabit Integrated Controller
calibre
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MX870 series MP Drivers
Conexant HD Audio
CPUID CPU-Z 1.56
DownloadTerms
Facebook Messenger 2.1.4814.0
Facebook Video Calling 1.2.0.287
Google Chrome
Google Talk Plugin
Google Update Helper
Google Updater
HDAUDIO Soft Data Fax Modem with SmartCP
Help Center
Hercules Webcam Station Evolution SE
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB973442)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970685)
Hotfix for Windows XP (KB981793)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
iolo technologies' System Mechanic Professional
iTunes
Java 7 Update 7
Java Auto Updater
Java(TM) 6 Update 33
K-Lite Codec Pack 7.6.0 (Basic)
KeePass Password Safe 1.24
Lenovo Auto Scroll Utility
Lenovo Care
Lenovo Care Supplement
Lenovo Patch Utility
Lenovo System Interface Driver
Lenovo ThinkVantage Toolbox
Lucky Savings
Maintenance Manager
Malwarebytes Anti-Malware version 1.75.0.1300
Message Center
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Corporation
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Motorola Driver Installation 4.6.0
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Media Player
Nero OEM
NeroVision Express 2
On Screen Display
PeaZip 4.9.2
Productivity Center Supplement for ThinkPad
Satsuki Decoder Pack
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB982132)
Segoe UI
Skype 5.10
Spybot - Search & Destroy
System Mechanic 11 Professional
System Update
ThinkPad EasyEject Utility
ThinkPad FullScreen Magnifier
ThinkPad Keyboard Customizer Utility
ThinkPad Power Management Driver
ThinkPad Power Manager
ThinkPad TrackPoint Driver
ThinkVantage Access Connections
ThinkVantage Active Protection System
ThinkVantage Productivity Center
TurboTax 2012
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wmiiper
TurboTax 2012 wrapper
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB961503)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
Vuze Remote Toolbar
Vuze Remote Toolbar v7.0
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
5/19/2013 10:49:58 AM, error: Service Control Manager [7000] - The Zune Bus Enumerator Driver service failed to start due to the following error: The system cannot find the file specified.
5/15/2013 8:02:47 PM, error: Service Control Manager [7000] - The BackupService service failed to start due to the following error: %1 is not a valid Win32 application.
5/15/2013 11:04:02 AM, error: Service Control Manager [7000] - The AMPSE service failed to start due to the following error: The system cannot find the file specified.
5/14/2013 9:08:51 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/14/2013 8:54:54 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
5/14/2013 8:54:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
5/14/2013 8:44:00 AM, error: Service Control Manager [7000] - The BrowserProtect service failed to start due to the following error: %1 is not a valid Win32 application.
.
==== End Of File ===========================
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-19 15:47:02
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS541612J9SA00 rev.SBDOC7BP 111.79GB
Running: jk75q2hl.exe; Driver: C:\DOCUME~1\HOLLYB~1\LOCALS~1\Temp\pxtdqpoc.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0xBA4715D0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0xBA471700]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0xBA471010]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendProcess [0xBA471300]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwSuspendThread [0xBA4713E0]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0xBA471120]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0xBA471210]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0xBA4714D0]
---- User code sections - GMER 2.1 ----
.text C:\WINXP\system32\SearchIndexer.exe[1236] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINXP\system32\MSSRCH.DLL
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2524] USER32.dll!DefWindowProcA + 11A 7E42C298 7 Bytes JMP 108243E6 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2524] USER32.dll!SetWindowLongA + 19 7E42C2B6 7 Bytes JMP 10824375 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2524] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1046E50D C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2524] USER32.dll!GetMenuContextHelpId + 1A 7E465319 7 Bytes JMP 1046E9FB C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] ntdll.dll!LdrLoadDll 7C915C35 5 Bytes JMP 01546D70 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02AD0001
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0189D736 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 0189D713 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] kernel32.dll!ValidateLocale + B1D0 7C8449B0 7 Bytes JMP 01561C62 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 01726045 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 0189D694 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 719F0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] WS2_32.dll!recv 71AB676F 6 Bytes JMP 71A50F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 71A20F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3252] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 719C0F5A
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys
Device \Driver\mbr \Device\mbr BA4AACDE
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\PDFsFilter\Parameters\{2741c5c3-0f7f-11e0-9428-806d6172696f}@NumExtendFileExtentsSaved 452516
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 19311
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FA9DA54 A-938E-4956-81B6-8D3FD702C39C}@LeaseObtainedTime 1368980794
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FA9DA54 A-938E-4956-81B6-8D3FD702C39C}@T1 1369023994
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FA9DA54 A-938E-4956-81B6-8D3FD702C39C}@T2 1369056394
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FA9DA54 A-938E-4956-81B6-8D3FD702C39C}@LeaseTerminatesTime 1369067194
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{FA9DA54 A-938E-4956-81B6-8D3FD702C39C}@DhcpRetryTime 43197
Reg HKLM\SYSTEM\CurrentControlSet\Services\{FA9DA54A-938E-4956-81B6-8D3FD702C39C}\Parameters\Tcpip@LeaseObtainedTime 1368980794
Reg HKLM\SYSTEM\CurrentControlSet\Services\{FA9DA54A-938E-4956-81B6-8D3FD702C39C}\Parameters\Tcpip@T1 1369023994
Reg HKLM\SYSTEM\CurrentControlSet\Services\{FA9DA54A-938E-4956-81B6-8D3FD702C39C}\Parameters\Tcpip@T2 1369056394
Reg HKLM\SYSTEM\CurrentControlSet\Services\{FA9DA54A-938E-4956-81B6-8D3FD702C39C}\Parameters\Tcpip@LeaseTerminatesTime 1369067194
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E020570F2B34C2F479328CC11E267E6B\Usage@Main 1119027719
---- EOF - GMER 2.1 ----
==============================
Thanks a bunch!
Nikki