Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Google has let us all down - Ads on search pages


(!)

Nflder's Avatar
Nflder   (Fred) Nflder is offline Nflder has a Profile Picture
Computer Specs
Member with 288 posts.
THREAD STARTER
 
Join Date: Aug 2003
Location: St.John's,Newfoundland,Canada
Experience: Intermediate
09-Feb-2013, 12:17 PM #1
Google has let us all down - Ads on search pages
I am disgusted with Google! Every time I search I get four ads on top that have NOTHING to do with my search. AND when I return from reading a site on the list Google takes me back to the top of my search to force me to see the four ads again, and I have to scroll down to try and find where aI was in my search. AND the bottom of the page ends with three ads!!! What's happened to convenience? I'm looking for another search engine. I used to prefer Google - anyone know how to get rid of the ads?
md2lgyk's Avatar
md2lgyk md2lgyk is offline
Member with 979 posts.
 
Join Date: Jul 2003
Location: WV
Experience: Advanced
10-Feb-2013, 07:25 AM #2
You should consider some form of ad blocker for whatever browser you use. I see no ads whatsoever in my Google searches.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
10-Feb-2013, 07:28 AM #3
sounds like you have a search hijacker

follow advice here and post the logs those programs make
Nflder's Avatar
Nflder   (Fred) Nflder is offline Nflder has a Profile Picture
Computer Specs
Member with 288 posts.
THREAD STARTER
 
Join Date: Aug 2003
Location: St.John's,Newfoundland,Canada
Experience: Intermediate
12-Feb-2013, 08:05 PM #4
First Log...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:09:58 PM, on 12/02/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Documents and Settings\All Users\Start Menu\UTILITIES\DTemp\DTemp.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Downloads\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: CrossriderApp0004493 - {11111111-1111-1111-1111-110011441193} - C:\Program Files\Coupon Companion\Coupon Companion.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: blekko search bar - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: blekko search bar - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: DTemp.exe.lnk = C:\Documents and Settings\All Users\Start Menu\UTILITIES\DTemp\DTemp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/...Control_32.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://support.gateway.com/support/p.../PCPitStop.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1242606292343
O16 - DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} - http://sms.napster.com/client/plugin/npdownload.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BayerHealthcareService - Bayer Healthcare LLC - C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Macromedia Inc. - (no file)
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate1c9a50cdd9e386) (gupdate1c9a50cdd9e386) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 15854 bytes

------------------------------------------------------------------------------------------------------

Second Log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.13.2
Run by Fred at 20:16:40 on 2013-02-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.562 [GMT -3.5:30]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Documents and Settings\All Users\Start Menu\UTILITIES\DTemp\DTemp.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Coupon Companion: {11111111-1111-1111-1111-110011441193} - c:\program files\coupon companion\Coupon Companion.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - c:\program files\blekkotb_031\blekkotb_019X.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - c:\program files\blekkotb_031\blekkotb_019X.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Power2GoExpress] NA
uRun: [MSMSGS] "c:\progra~1\messen~1\Msmsgs.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver2\LVCOMS.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio se dvd\uvPL.exe
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\fred\startm~1\programs\startup\eventr~1.lnk - c:\program files\mindscape\printmaster\PMREMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dtempe~1.lnk - c:\documents and settings\all users\start menu\utilities\dtemp\DTemp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242606292343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} - hxxp://sms.napster.com/client/plugin/npdownload.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{9B569602-AA02-4A3E-B303-8A5A57E49B6B} : DHCPNameServer = 192.168.2.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\fred\application data\mozilla\firefox\profiles\bw9edxzn.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a845beafe2bd724f5149d7da809f6c23-0d6407bc5980a8acd39294e15681b8bac3b953ba&lang=en&ds=AVG&pr=pr&d=2011-12-22 13:50:33&v=14.0.3.14&pid=avg&sg=&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a845beafe2bd724f5149d7da809f6c23-0d6407bc5980a8acd39294e15681b8bac3b953ba&lang=en&ds=AVG&pr=pr&d=2011-12-22 13:50:33&pid=avg&sg=&v=14.0.3.14&sap=ku&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrows errecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrows errecordlegacyext.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputil s3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputil s35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim. dll
FF - plugin: c:\documents and settings\fred\application data\mozilla\firefox\profiles\bw9edxzn.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\fred\application data\mozilla\firefox\profiles\bw9edxzn.default\extensions\devicedetection@l ogitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
FF - plugin: c:\program files\canon\uploader for canon image gateway plugin\npUploaderForCiG.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\realplayer\netscape6\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
FF - ExtSQL: 2012-12-21 22:02; crossriderapp4493@crossrider.com; c:\documents and settings\fred\application data\mozilla\firefox\profiles\bw9edxzn.default\extensions\crossriderapp4493 @crossrider.com
FF - ExtSQL: 2013-02-07 21:26; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 10
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: content.notify.ontimer - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.switch.threshold - 750000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-10-22 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-10-22 12464]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-12-23 65848]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\43926\RapportCerberus32_43 926.sys [2012-10-30 272216]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-12-23 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-12-23 166840]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 BayerHealthcareService;BayerHealthcareService;c:\program files\bayer healthcare smartlaunch\bin\BayerHCService.exe [2011-6-1 128512]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-1-10 10384]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2012-7-13 769432]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-12-23 976728]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-30 21520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent; [x]
S2 gupdate1c9a50cdd9e386;Google Update Service (gupdate1c9a50cdd9e386);c:\program files\google\update\GoogleUpdate.exe [2009-3-14 133104]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 cpuz132;cpuz132; [x]
S3 EUBAKUP0;EUBAKUP0; [x]
S3 EUBKMON0;EUBKMON0; [x]
S3 EUFDDISK0;EUFDDISK0; [x]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\drivers\procexp151.sys --> c:\windows\system32\drivers\PROCEXP151.SYS [?]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2004-7-30 217472]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2004-7-30 17277]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2004-7-30 86648]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-11-20 14336]
.
=============== File Associations ===============
.
FileExt: .reg: Regedit.Document - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [default=openas]
FileExt: .js: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: corelcht.exe: print=c:\corel50\programs\CORELCHT.EXE
ShellExec: corelpnt.exe: cancel=c:\corel50\programs\CORELPNT.EXE
ShellExec: corelpnt.exe: print=c:\corel50\programs\CORELPNT.EXE
ShellExec: CORELVP.EXE: open=c:\corel50\programs\CORELVP.EXE
ShellExec: hpqpstp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpstp.exe
.
=============== Created Last 30 ================
.
2013-02-12 17:47:02 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f5851db-981e-4d02-b81a-d6e18be66148}\mpengine.dll
2013-02-10 00:57:02 6991832 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-02-10 00:56:52 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-02-10 00:52:49 -------- d-----w- c:\program files\Microsoft Security Client
2013-02-09 22:07:59 -------- d-----w- C:\LinkSys
2013-02-09 00:45:20 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-08 00:56:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-08 00:55:04 -------- d-----w- C:\Java
2013-02-06 23:11:59 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-02-06 23:11:59 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2013-02-06 23:11:59 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2013-02-06 23:11:59 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2013-02-06 23:11:59 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2013-02-06 20:13:21 -------- d-----w- C:\MyJava
2013-02-06 01:56:46 -------- d-----w- c:\documents and settings\fred\local settings\application data\Sun
2013-02-05 23:30:04 -------- d-----w- C:\java-src
2013-02-04 14:29:12 -------- d-----r- c:\program files\Skype
2013-02-02 00:48:37 -------- d-----w- c:\documents and settings\fred\System
2013-02-02 00:48:36 -------- d-----w- c:\documents and settings\fred\application data\SmartDraw
2013-01-30 13:35:58 -------- d-----w- c:\program files\MonitorDriver
2013-01-22 16:50:11 -------- d-----w- c:\windows\system32\cache
2013-01-16 22:07:27 -------- d-----w- C:\New Folder
2013-01-16 15:15:23 -------- d-----w- c:\documents and settings\fred\application data\AVG2013
2013-01-16 15:10:57 -------- d-----w- c:\documents and settings\fred\application data\TuneUp Software
2013-01-16 15:02:52 -------- d-----w- c:\documents and settings\fred\local settings\application data\MFAData
2013-01-16 15:02:52 -------- d-----w- c:\documents and settings\fred\local settings\application data\Avg2013
.
==================== Find3M ====================
.
2013-02-07 22:09:25 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-07 22:09:25 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-30 19:03:02 861048 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-30 19:02:56 782192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-04 23:13:08 78160 ----a-w- c:\program files\AutoFix.exe
2012-12-24 03:13:34 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 23:22:41 509440 ----a-w- c:\program files\SysInfo.exe
2009-09-06 20:21:25 2168423639 ----a-w- c:\program files\garmin_rmu_cnnant2010_20.exe
2009-07-24 16:29:25 2060596375 ----a-w- c:\program files\garmin_rmu_cnnant2010c.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SI, 0x7c00; MOV DI, 0x7a00; MOV SS, AX; MOV SP, DI; MOV DS, AX; MOV ES, AX; MOV CX, 0x200; CLD ; REP MOVSB ; JMP FAR 0x0:0x7a1b; }
user != kernel MBR !!!
.
============= FINISH: 20:23:37.04 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

Please let me know if you need it,,,

Thanks for this
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
13-Feb-2013, 06:48 AM #5
you have various dodgy toolbars & BHOs that do divert & fake search results

Please download AdwCleaner to your desktop.
  • Double click the adwcleaner.exe to run the tool.
  • Click Search.
  • When the scan finished, a notepad window will be opened.
  • Please post the contents here in your topic.
  • The logfile will also be saved in C:\AdwCleaner[R1].txt.
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
13-Feb-2013, 06:51 AM #6
Quote:
Originally Posted by md2lgyk View Post
You should consider some form of ad blocker for whatever browser you use. I see no ads whatsoever in my Google searches.
That is not helpful advice. As you can now see from the logs, the poster has at least 2 known search hijackers.
I strongly recommend that if you haven't got anything sensible & useful to say, then don't say it.
You saying that you don't see any ads in your google searches is not relevant. An ad blocker will not work with a hijacker.
Nflder's Avatar
Nflder   (Fred) Nflder is offline Nflder has a Profile Picture
Computer Specs
Member with 288 posts.
THREAD STARTER
 
Join Date: Aug 2003
Location: St.John's,Newfoundland,Canada
Experience: Intermediate
15-Feb-2013, 02:12 PM #7
Derek... Here's the scan. If I have "various dodgy toolbars & BHOs" I'd love to get rid of them all...Tks, Fred

# AdwCleaner v2.112 - Logfile created 02/15/2013 at 14:28:48
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Fred - YOUR-7B1065DF54
# Boot Mode : Normal
# Running from : C:\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\DOCUME~1\Fred\LOCALS~1\Temp\Uninstall.exe
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\DOCUME~1\Fred\LOCALS~1\Temp\avg@toolbar
Folder Found : C:\Documents and Settings\All Users\Application Data\~0
Folder Found : C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
Folder Found : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\bw9edxzn.default\extensions\crossriderapp4493 @crossrider.com
Folder Found : C:\Documents and Settings\Fred\Application Data\pdfforge
Folder Found : C:\Documents and Settings\Fred\Local Settings\Application Data\Coupon Companion
Folder Found : C:\Program Files\Coupon Companion
Folder Found : C:\Program Files\Viewpoint

***** [Registry] *****

Key Found : HKCU\Software\AVG Security Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\Crossrider
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441193}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441193}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442293}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444493}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441193}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlay er
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Viewpoint
Key Found : HKU\S-1-5-21-1045719210-4228423461-3318370714-1006\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\bw9edxzn.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7D[...]
Found : user_pref("extensions.crossriderapp4493.4493.InstallationThankYouPage", true);
Found : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1356139916);
Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.searc hUserConifrmation", false[...]
Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setHo mepage", false);
Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setNe wTab", false);
Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setSe arch", false);
Found : user_pref("extensions.crossriderapp4493.4493.active", true);
Found : user_pref("extensions.crossriderapp4493.4493.addressbar", "");
Found : user_pref("extensions.crossriderapp4493.4493.addressbarenhanced", "");
Found : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n//\n");
Found : user_pref("extensions.crossriderapp4493.4493.backgroundver", 35);
Found : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);
Found : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");
Found : user_pref("extensions.crossriderapp4493.4493.changeprevious", false);
Found : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expira tion", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value" , "1356139916");
Found : user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expirat ion", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1356139916");
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_arbitrary_code.exp iration", "Fri Feb 15 201[...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_arbitrary_code.val ue", "%22%28function%28%2[...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.expirati on", "Fri Feb 15 2013 09:[...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_ab_cap1.expirat ion", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_ab_cap1.value", "%22lbcmmpmjjaockhkcoflj[...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.expiration" , "Fri Feb 01 2030 00:00:[...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.value", "1360860938");
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expir ation", "Sat Feb 16 2013 [...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value ", "%22CA%22");
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1360934064");
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.expira tion", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.value" , "%221360862101%22");
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645. expiration", "Fri Feb 01 [...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645. value", "%221%22");
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.e xpiration", "Fri Feb 01 2[...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.v alue", "%7B%22source_id%2[...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.expira tion", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.value" , "%221356061408%22");
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expi ration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.valu e", "%2214019%22");
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expira tion", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value" , "1356144274306");
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expirat ion", "Fri Feb 01 2030 00[...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221175%22");
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration" , "Fri Feb 01 2030 00:00:[...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%22122075%22");
Found : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1356144257447");
Found : user_pref("extensions.crossriderapp4493.4493.cookie.lastrequest.expiration" , "Fri Feb 01 2030 00:00:[...]
Found : user_pref("extensions.crossriderapp4493.4493.cookie.lastrequest.value", "%7B%22path%22%3A%22/cgi-bin[...]
Found : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");
Found : user_pref("extensions.crossriderapp4493.4493.domain", "");
Found : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);
Found : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");
Found : user_pref("extensions.crossriderapp4493.4493.group", 0);
Found : user_pref("extensions.crossriderapp4493.4493.homepage", "");
Found : user_pref("extensions.crossriderapp4493.4493.iframe", false);
Found : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifier s.expiration", "Fri Feb 0[...]
Found : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifier s.value", "%7B%22installe[...]
Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.ex piration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.va lue", "81");
Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersi on.expiration", "Fri Feb [...]
Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersi on.value", "0");
Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expi ration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.valu e", "%7B%7D");
Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck .expiration", "Fri Feb 15[...]
Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck .value", "true");
Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.exp iration", "Fri Feb 01 203[...]
Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.val ue", "%7B%7D");
Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_re sources.expiration", "Fri[...]
Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_re sources.value", "%7B%22re[...]
Found : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.ex piration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.va lue", "%7B%22AnySoftware%[...]
Found : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Found : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");
Found : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");
Found : user_pref("extensions.crossriderapp4493.4493.newtab", "");
Found : user_pref("extensions.crossriderapp4493.4493.opensearch", "");
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 4);
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 15);
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var a=appAPI.db.getList([...]
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 32);
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 4);
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2);
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1);
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage");
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 1);
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation");
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 1);
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.code", "(function(a){if(typeof a===\"[...]
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.name", "CrossriderInfo");
Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.ver", 2);
Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"[...]
Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,[...]
Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Found : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Found : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 57);
Found : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");
Found : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);
Found : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);
Found : user_pref("extensions.crossriderapp4493.4493.settingsurl", "");
Found : user_pref("extensions.crossriderapp4493.4493.thankyou", "");
Found : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);
Found : user_pref("extensions.crossriderapp4493.4493.ver", 81);
Found : user_pref("extensions.crossriderapp4493.adsOldValue", 10);
Found : user_pref("extensions.crossriderapp4493.apps", "4493");
Found : user_pref("extensions.crossriderapp4493.bic", "13bc04265d1bb913461a3233b3a725a9");
Found : user_pref("extensions.crossriderapp4493.cid", 4493);
Found : user_pref("extensions.crossriderapp4493.firstrun", false);
Found : user_pref("extensions.crossriderapp4493.hadappinstalled", true);
Found : user_pref("extensions.crossriderapp4493.installationdate", 1356140275);
Found : user_pref("extensions.crossriderapp4493.lastcheck", 22682235);
Found : user_pref("extensions.crossriderapp4493.lastcheckitem", 22682235);
Found : user_pref("extensions.crossriderapp4493.modetype", "production");
Found : user_pref("extensions.crossriderapp4493.reportInstall", true);
Found : user_pref("extensions.crossriderapp4493@crossrider.com.install-event-fired", true);
Found : user_pref("extensions.enabledAddons", "DeviceDetection%40logitech.com:1.24.0.9,testpilot%40labs.mozi[...]
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&m[...]

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Fred\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.8] : homepage = "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a845beafe2bd724f5149d7da809f6c23-0d6407bc5980a8acd39294e15681b8bac3b953ba&lang=en&ds=AVG&pr=pr&d=2011-12-22 13:50:33&v=14.0.3.14&pid=avg&sg=&sap=hp",
Found [l.12] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a845beafe2bd724f5149d7da809f6c23-0d6407bc5980a8acd39294e15681b8bac3b953ba&lang=en&ds=AVG&pr=pr&d=2011-12-22 13:50:33&v=14.0.3.14&pid=avg&sg=&sap=hp" ]
Found [l.36] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Found [l.39] : keyword = "isearch.avg.com",
Found [l.42] : search_url = "hxxp://isearch.avg.com/search?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a845beafe2bd724f5149d7da809f6c23-0d6407bc5980a8acd39294e15681b8bac3b953ba&lang=en&ds=AVG&pr=pr&d=2011-12-22 13:50:33&v=11.1.0.12&sap=dsp&q={searchTerms}",
Found [l.1569] : homepage = "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a845beafe2bd724f5149d7da809f6c23-0d6407bc5980a8acd39294e15681b8bac3b953ba&lang=en&ds=AVG&pr=pr&d=2011-12-22 13:50:33&v=14.0.3.14&pid=avg&sg=&sap=hp",
Found [l.1945] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a845beafe2bd724f5149d7da809f6c23-0d6407bc5980a8acd39294e15681b8bac3b953ba&lang=en&ds=AVG&pr=pr&d=2011-12-22 13:50:33&v=14.0.3.14&pid=avg&sg=&sap=hp" ]

-\\ Opera v12.12.1707.0

File : C:\Documents and Settings\Fred\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [23807 octets] - [15/02/2013 14:28:48]

########## EOF - C:\AdwCleaner[R1].txt - [23868 octets] ##########
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
15-Feb-2013, 03:08 PM #8
Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
The logfile will also be saved in C:\AdwCleaner[S1].txt

once it has rebooted then do this

Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
Nflder's Avatar
Nflder   (Fred) Nflder is offline Nflder has a Profile Picture
Computer Specs
Member with 288 posts.
THREAD STARTER
 
Join Date: Aug 2003
Location: St.John's,Newfoundland,Canada
Experience: Intermediate
16-Feb-2013, 09:34 PM #9
As requested... First the awcleaner report after using delete then the CoombpFix report. I did have trouble stopping Microsoft Security Essentials... I determined through Task Mgr that it runs as "msseces.exe" and stopped it in Task Mgr and checked it twice and each time with the MS Security Essentials window up running and ending the process the MS Sec Essentials window disappeared! HOWEVER when I ran ComboFix it advised me that it "detected real time scanner antivirus Microsoft Security Essentials - please disable before clicking OK" Since I had turned off all protection I could not go back online so I "X'd" out of the CombeFix window but it would not let me out and continued on to completion... It took quite a while and I was really concerned especially after your warning not to even touch the mouse!!! MS Security Essentials must have another executable running besides the one I found! I rebooted and things look OK. I still have my fingers & toes crossed. Oh! the ads are gone from Google searches... So I apologize to Google and thank you Derek... again! I do however look forward to your reply. Fred

AwCleaner Report------------------------------------------------------------------------------------------------
# AdwCleaner v2.112 - Logfile created 02/16/2013 at 20:08:46
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Fred - YOUR-7B1065DF54
# Boot Mode : Normal
# Running from : C:\Program Files\`AdwCleaner_HyjackThis_meseinstall\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\DOCUME~1\Fred\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\DOCUME~1\Fred\LOCALS~1\Temp\avg@toolbar
Folder Deleted : C:\Documents and Settings\All Users\Application Data\~0
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\bw9edxzn.default\extensions\crossriderapp4493 @crossrider.com
Folder Deleted : C:\Documents and Settings\Fred\Application Data\pdfforge
Folder Deleted : C:\Documents and Settings\Fred\Local Settings\Application Data\Coupon Companion
Folder Deleted : C:\Program Files\Coupon Companion
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442293}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444493}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441193}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlay er
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\bw9edxzn.default\prefs.js

C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\bw9edxzn.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7D[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1356139916);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.searc hUserConifrmation", false[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setHo mepage", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setNe wTab", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setSe arch", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.active", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.addressbar", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundver", 35);
Deleted : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expira tion", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value" , "1356139916");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expirat ion", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1356139916");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_arbitrary_code.exp iration", "Sat Feb 16 201[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_arbitrary_code.val ue", "%22%28function%28%2[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.expirati on", "Sat Feb 16 2013 20:[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_ab_cap1.expirat ion", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_ab_cap1.value", "%22lbcmmpmjjaockhkcoflj[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.expiration" , "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.value", "1360860938");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expir ation", "Sat Feb 23 2013 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value ", "%22CA%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1361057153");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.expira tion", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.value" , "%221360938920%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645. expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645. value", "%221%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.e xpiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.v alue", "%7B%22source_id%2[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.expira tion", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.value" , "%221356061408%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expi ration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.valu e", "%2214019%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expira tion", "Fri Feb 01 2030 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value" , "1356144274306");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expirat ion", "Fri Feb 01 2030 00[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221175%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration" , "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%22122075%22");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1356144257447");
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.lastrequest.expiration" , "Fri Feb 01 2030 00:00:[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.lastrequest.value", "%7B%22path%22%3A%22/cgi-bin[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp4493.4493.domain", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.group", 0);
Deleted : user_pref("extensions.crossriderapp4493.4493.homepage", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.iframe", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifier s.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifier s.value", "%7B%22installe[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.ex piration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.va lue", "81");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersi on.expiration", "Fri Feb [...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersi on.value", "0");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expi ration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.valu e", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck .expiration", "Sun Feb 17[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck .value", "true");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.exp iration", "Fri Feb 01 203[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.val ue", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_re sources.expiration", "Fri[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_re sources.value", "%7B%22re[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.ex piration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.va lue", "%7B%22AnySoftware%[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");
Deleted : user_pref("extensions.crossriderapp4493.4493.newtab", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.opensearch", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 4);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 15);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var a=appAPI.db.getList([...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 32);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 4);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.code", "(function(a){if(typeof a===\"[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 57);
Deleted : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp4493.4493.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.thankyou", "");
Deleted : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp4493.4493.ver", 81);
Deleted : user_pref("extensions.crossriderapp4493.adsOldValue", 10);
Deleted : user_pref("extensions.crossriderapp4493.apps", "4493");
Deleted : user_pref("extensions.crossriderapp4493.bic", "13bc04265d1bb913461a3233b3a725a9");
Deleted : user_pref("extensions.crossriderapp4493.cid", 4493);
Deleted : user_pref("extensions.crossriderapp4493.firstrun", false);
Deleted : user_pref("extensions.crossriderapp4493.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp4493.installationdate", 1356140275);
Deleted : user_pref("extensions.crossriderapp4493.lastcheck", 22684208);
Deleted : user_pref("extensions.crossriderapp4493.lastcheckitem", 22684294);
Deleted : user_pref("extensions.crossriderapp4493.modetype", "production");
Deleted : user_pref("extensions.crossriderapp4493.reportInstall", true);
Deleted : user_pref("extensions.crossriderapp4493@crossrider.com.install-event-fired", true);
Deleted : user_pref("extensions.enabledAddons", "DeviceDetection%40logitech.com:1.24.0.9,testpilot%40labs.mozi[...]
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&m[...]

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Fred\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.8] : homepage = "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a845beafe2[...]
Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6[...]
Deleted [l.36] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Deleted [l.39] : keyword = "isearch.avg.com",
Deleted [l.42] : search_url = "hxxp://isearch.avg.com/search?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a8[...]
Deleted [l.1569] : homepage = "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a845beafe2bd7[...]
Deleted [l.1945] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7D[...]

-\\ Opera v12.12.1707.0

File : C:\Documents and Settings\Fred\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [23938 octets] - [15/02/2013 14:28:48]
AdwCleaner[R2].txt - [24038 octets] - [16/02/2013 20:08:07]
AdwCleaner[S1].txt - [23673 octets] - [16/02/2013 20:08:46]

########## EOF - C:\AdwCleaner[S1].txt - [23734 octets] ##########

ComboFix Report----------------------------------------------------------------------------------------------------------------------------------------------
ComboFix 13-02-15.01 - Fred 16/02/2013 20:49:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1257 [GMT -3.5:30]
Running from: c:\documents and settings\Fred\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
c:\documents and settings\All Users\Start Menu\Programs\Startup\DTemp.exe.lnk
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Fred\System
c:\documents and settings\Fred\System\win_qs8.jqx
c:\documents and settings\Fred\WINDOWS
C:\install.exe
c:\program files\garmin_rmu_cnnant2010_20.exe
c:\program files\garmin_rmu_cnnant2010c.exe
c:\windows\OLD2E.tmp
c:\windows\OLD31.tmp
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a00e42571a14dcb0.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f7bb5f147ac6280f.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\DC120fc7_32.dll
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4C.tmp
c:\windows\system32\SET4C6.tmp
c:\windows\system32\SET55.tmp
c:\windows\system32\SET5C.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-17 to 2013-02-17 )))))))))))))))))))))))))))))))
.
.
2013-02-17 00:07 . 2013-02-17 00:07 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE2BEE0C-2136-4F58-A6B6-FB2B61215A2A}\MpKsle3108c91.sys
2013-02-16 22:11 . 2013-01-08 00:27 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE2BEE0C-2136-4F58-A6B6-FB2B61215A2A}\mpengine.dll
2013-02-15 18:36 . 2013-02-15 18:37 -------- d-----w- c:\program files\`AdwCleaner_HyjackThis_meseinstall
2013-02-15 01:48 . 2013-01-08 00:27 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-10 00:56 . 2013-01-30 10:53 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-02-10 00:53 . 2013-02-10 00:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2013-02-10 00:52 . 2013-02-15 03:24 -------- d-----w- c:\program files\Microsoft Security Client
2013-02-09 22:07 . 2013-02-09 22:09 -------- d-----w- C:\LinkSys
2013-02-09 00:46 . 2013-02-09 00:46 -------- d-----w- c:\program files\Common Files\Java
2013-02-09 00:45 . 2013-02-09 00:45 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-09 00:44 . 2013-02-09 00:44 -------- d-----w- c:\program files\Java
2013-02-08 00:56 . 2013-02-08 00:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-08 00:55 . 2013-02-08 00:56 -------- d-----w- C:\Java
2013-02-06 20:13 . 2013-02-08 23:39 -------- d-----w- C:\MyJava
2013-02-06 11:29 . 2013-02-06 11:29 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-02-06 01:56 . 2013-02-06 01:56 -------- d-----w- c:\documents and settings\Fred\Local Settings\Application Data\Sun
2013-02-06 00:28 . 2013-02-06 00:28 -------- d-----w- c:\documents and settings\Fred\Application Data\Oracle
2013-02-05 23:30 . 2013-02-08 01:44 -------- d-----w- C:\java-src
2013-02-04 14:29 . 2013-02-04 14:29 -------- d-----w- c:\program files\Common Files\Skype
2013-02-04 14:29 . 2013-02-04 14:29 -------- d-----r- c:\program files\Skype
2013-02-02 00:48 . 2013-02-02 00:52 -------- d-----w- c:\documents and settings\Fred\Application Data\SmartDraw
2013-01-30 13:35 . 2013-01-30 13:36 -------- d-----w- c:\program files\MonitorDriver
2013-01-30 13:35 . 2013-01-30 13:35 -------- d-----w- c:\documents and settings\Fred\Application Data\InstallShield
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-07 22:09 . 2012-03-30 23:31 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-07 22:09 . 2011-06-05 16:02 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 19:03 . 2012-06-16 13:30 861048 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-30 19:02 . 2010-04-21 16:22 782192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-26 03:55 . 2008-11-20 22:10 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-20 19:29 . 2012-08-31 01:33 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:19 . 2006-06-17 09:23 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-04 05:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 23:13 . 2013-01-04 23:13 78160 ----a-w- c:\program files\AutoFix.exe
2013-01-04 01:20 . 2006-06-17 09:23 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2006-06-17 09:23 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16 . 2006-06-17 09:23 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2008-11-20 22:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2008-11-20 22:07 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2008-11-20 22:07 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2008-11-20 22:06 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 21:49 . 2012-12-28 01:50 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 23:22 . 2011-11-25 23:22 509440 ----a-w- c:\program files\SysInfo.exe
2013-02-06 23:12 . 2013-02-06 23:11 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-06 4763008]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
"SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 413696]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Fred\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\Mindscape\PrintMaster\PMREMIND.EXE [2011-6-22 325632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 15:58 72208 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoa dGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Fred^Start Menu^Programs^Startup^Password Safe.lnk]
backup=c:\windows\pss\Password Safe.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
2009-10-23 22:04 827904 ----a-w- c:\program files\dvd43\DVD43_Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2012-05-22 10:43 980920 ----a-w- c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
2012-06-04 13:01 1466760 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-09-11 16:28 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-09-11 16:27 45056 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
2005-12-01 04:15 77892 ----a-w- c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2006-09-27 21:56 573440 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Messenger\\Msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Nero\\Nero 12\\Nero BackItUp\\BackItUp.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"5985:TCP"= 5985:TCP:*isabled:Windows Remote Management
.
R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [22/10/2012 4:27 PM 56496]
R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [22/10/2012 4:27 PM 12464]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [06/02/2013 7:59 AM 65848]
R1 MpKsle3108c91;MpKsle3108c91;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE2BEE0C-2136-4F58-A6B6-FB2B61215A2A}\MpKsle3108c91.sys [16/02/2013 8:37 PM 29904]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43 926.sys [30/10/2012 11:46 AM 272216]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [06/02/2013 7:59 AM 71480]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [06/02/2013 7:59 AM 166840]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2010 2:55 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 3:11 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [29/06/2010 2:18 PM 116608]
R2 BayerHealthcareService;BayerHealthcareService;c:\program files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe [01/06/2011 3:10 PM 128512]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [10/01/2009 11:57 PM 10384]
R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [13/07/2012 3:27 PM 769432]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [06/02/2013 7:59 AM 976728]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [19/08/2011 5:56 AM 450848]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [13/01/2010 1:32 PM 47360]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [30/05/2012 11:34 AM 21520]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent; [x]
S2 gupdate1c9a50cdd9e386;Google Update Service (gupdate1c9a50cdd9e386);c:\program files\Google\Update\GoogleUpdate.exe [14/03/2009 9:49 PM 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [08/01/2013 12:55 PM 161536]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 11:38 AM 11336]
S3 EUBAKUP0;EUBAKUP0; [x]
S3 EUBKMON0;EUBKMON0; [x]
S3 EUFDDISK0;EUFDDISK0; [x]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 11:39 PM 267568]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [30/07/2004 1:19 PM 217472]
S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [30/07/2004 1:32 PM 17277]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [30/07/2004 1:19 PM 86648]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 7:36 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLE3108C91
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-03 00:15 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-30 c:\windows\Tasks\2nd Backup.job
- c:\windows\system32\ntbackup.exe [2008-11-20 00:12]
.
2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 22:09]
.
2012-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 20:27]
.
2013-02-16 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
.
2013-02-16 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
.
2013-02-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-15 22:41]
.
2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 01:19]
.
2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 01:19]
.
2013-02-16 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 14:41]
.
2013-02-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1045719210-4228423461-3318370714-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 15:03]
.
2012-12-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1045719210-4228423461-3318370714-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 15:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} - hxxp://sms.napster.com/client/plugin/npdownload.cab
FF - ProfilePath - c:\documents and settings\Fred\Application Data\Mozilla\Firefox\Profiles\bw9edxzn.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - ExtSQL: 2013-02-07 21:26; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
ShellIconOverlayIdentifiers-{02696AD5-FF96-454b-9E00-81DA8B79B678} - (no file)
AddRemove-Coupon Companion - c:\program files\Coupon Companion\Uninstall.exe
AddRemove-Glucofacts Deluxe Updater 2.0 - c:\windows\system32\javaws.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-16 21:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_ 5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(980)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2013-02-16 21:20:10
ComboFix-quarantined-files.txt 2013-02-17 00:50
.
Pre-Run: 73,563,533,312 bytes free
Post-Run: 71,091,253,248 bytes free
.
- - End Of File - - DE184DAAC4093374560D43D0B5A64E05
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
17-Feb-2013, 04:24 AM #10
how is it now?
are you still having any problems?
Nflder's Avatar
Nflder   (Fred) Nflder is offline Nflder has a Profile Picture
Computer Specs
Member with 288 posts.
THREAD STARTER
 
Join Date: Aug 2003
Location: St.John's,Newfoundland,Canada
Experience: Intermediate
17-Feb-2013, 02:06 PM #11
Everything is AOK... My reason for posting this was ads on Google & thanks to you Derek they are all gone! And the computer is behaving itself! By the quantity of what both programs removed I should 1. Be much more careful when I browse, although that's very problematic and 2. Perform the checks done here every few months - especially if you’re online a lot. I'll be doing some web re-design for hand held devices coming up and it will be interesting to see how much trouble I run into doing that. I do have some conflicts between programs and I'll be watching to see if that still occurs. However a trip to New Zealand coming up with a cruse back to Vancouver will take me off line for a short while but I'll be back - and now using Google most of the time (however Bing looks interesting).
Again... thank you very much
Fred
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
18-Feb-2013, 04:54 AM #12
*Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
* Click START then RUN
* Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.


This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
Nflder's Avatar
Nflder   (Fred) Nflder is offline Nflder has a Profile Picture
Computer Specs
Member with 288 posts.
THREAD STARTER
 
Join Date: Aug 2003
Location: St.John's,Newfoundland,Canada
Experience: Intermediate
23-Feb-2013, 08:58 PM #13
Derek, I'm working on your suggestions and have removed everything as you recommended. Everything is working fine.

I have run into a difficulty: after downloading the exe file from http://secunia.com/vulnerability_scanning/personal. It downloads OK but when I install it and it starts I only get a flash of a white window when I call it up. I can click on the tray icon or the "Start All Programs SecuniaPSI" and I only get a quick flash of a rectangular window and it's gone. It has scanned as the Tray icon indicates I have several programs that require updates. I have uninstalled, restarted, and downloaded the program again but it's the same result. I was going to send this directly to Secunia but decided to put it here so others would see it as well. Let me know if you want me to send it to them and post the results here.
I just used Task Manager - Process and the tray icon is listed psi_tray.exe. When I start the program psi.exe does show for a second then disappears.

Last edited by Nflder; 23-Feb-2013 at 09:07 PM..
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,703 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
24-Feb-2013, 05:09 AM #14
I have had a few other people say the same thing about secunia PSI 3 and nothing makes it work for them

I think for that you should seek advice/help from Secunia & see what they suggest
Nflder's Avatar
Nflder   (Fred) Nflder is offline Nflder has a Profile Picture
Computer Specs
Member with 288 posts.
THREAD STARTER
 
Join Date: Aug 2003
Location: St.John's,Newfoundland,Canada
Experience: Intermediate
27-Feb-2013, 08:52 PM #15
The problem apparantly is specific to Win XP SP3. I posted on secunia and received the following from Kamran, and I must remember to send a thank you because it worked. Now I can start to learn how to use it! Just keep in mind the statement in brackets after step 3 as you may need to reverse this for some other process - so file this remedy where you can locate it in the future!!!! Guess I'll mark this one solved unless anyone else would like to comment... I'll wait a few days. Here is the solution...

To resolve the XP SP3 Issue:
1) Go to Start > Control Panel > Administrative Tools > Services.
Please ensure that both the 'Secunia PSI Agent' and 'Secunia Update Agent' are set to 'Started' under status and 'Automatic' under 'Startup type'

2) Go to where you installed the PSI (Probably C:\Program Files\Secunia\PSI), right-click PSI.exe, click Properties, go to the Compatibility tab, and set a check at 'Turn off advanced text
services for this program'

3) Go to Control Panel > Regional and language options > Languages Tab > Details > Advanced. From here, set a check at 'Turn off advanced text services'
(Please note that this is a global setting unlike what is described in step 2).

--
Kind regards,

Kamran Hussain
Secunia PSI Support

Secunia PSI
http://secunia.com/vulnerability_scanning/personal
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑