1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google has let us all down - Ads on search pages

Discussion in 'Virus & Other Malware Removal' started by Nflder, Feb 9, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. Nflder

    Nflder Thread Starter

    Joined:
    Aug 21, 2003
    Messages:
    291
    I am disgusted with Google! Every time I search I get four ads on top that have NOTHING to do with my search. AND when I return from reading a site on the list Google takes me back to the top of my search to force me to see the four ads again, and I have to scroll down to try and find where aI was in my search. AND the bottom of the page ends with three ads!!! What's happened to convenience? I'm looking for another search engine. I used to prefer Google - anyone know how to get rid of the ads?
     
  2. md2lgyk

    md2lgyk

    Joined:
    Jul 3, 2003
    Messages:
    1,061
    You should consider some form of ad blocker for whatever browser you use. I see no ads whatsoever in my Google searches.
     
  3. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,885
    sounds like you have a search hijacker

    follow advice here and post the logs those programs make
     
  4. Nflder

    Nflder Thread Starter

    Joined:
    Aug 21, 2003
    Messages:
    291
    First Log...

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:09:58 PM, on 12/02/2013
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Nero\Update\NASvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MESSEN~1\Msmsgs.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Documents and Settings\All Users\Start Menu\UTILITIES\DTemp\DTemp.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Password Safe\pwsafe.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Downloads\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: CrossriderApp0004493 - {11111111-1111-1111-1111-110011441193} - C:\Program Files\Coupon Companion\Coupon Companion.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: blekko search bar - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: blekko search bar - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
    O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
    O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
    O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Power2GoExpress] NA
    O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: AutorunsDisabled
    O4 - Global Startup: DTemp.exe.lnk = C:\Documents and Settings\All Users\Start Menu\UTILITIES\DTemp\DTemp.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://support.gateway.com/support/profiler/PCPitStop.CAB
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242606292343
    O16 - DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} - http://sms.napster.com/client/plugin/npdownload.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: BayerHealthcareService - Bayer Healthcare LLC - C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
    O23 - Service: ColdFusion MX ODBC Agent - Macromedia Inc. - (no file)
    O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Update Service (gupdate1c9a50cdd9e386) (gupdate1c9a50cdd9e386) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    O24 - Desktop Component 0: (no name) - (no file)

    --
    End of file - 15854 bytes

    ------------------------------------------------------------------------------------------------------

    Second Log:

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.13.2
    Run by Fred at 20:16:40 on 2013-02-12
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.562 [GMT -3.5:30]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ================
    .
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
    C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MESSEN~1\Msmsgs.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Documents and Settings\All Users\Start Menu\UTILITIES\DTemp\DTemp.exe
    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Password Safe\pwsafe.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = iexplore
    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Coupon Companion: {11111111-1111-1111-1111-110011441193} - c:\program files\coupon companion\Coupon Companion.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - c:\program files\blekkotb_031\blekkotb_019X.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AcroIEToolbarHelper Class: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    TB: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - c:\program files\blekkotb_031\blekkotb_019X.dll
    EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Power2GoExpress] NA
    uRun: [MSMSGS] "c:\progra~1\messen~1\Msmsgs.exe" /background
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [LVCOMS] c:\program files\common files\logitech\qcdriver2\LVCOMS.EXE
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [UVS10 Preload] c:\program files\ulead systems\ulead videostudio se dvd\uvPL.exe
    mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
    mRun: [Anti-phishing Domain Advisor] "c:\documents and settings\all users\application data\anti-phishing domain advisor\visicom_antiphishing.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\fred\startm~1\programs\startup\eventr~1.lnk - c:\program files\mindscape\printmaster\PMREMIND.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dtempe~1.lnk - c:\documents and settings\all users\start menu\utilities\dtemp\DTemp.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Open with WordPerfect - c:\program files\wordperfect office x3\programs\WPLauncher.hta
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242606292343
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} - hxxp://sms.napster.com/client/plugin/npdownload.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.2.1
    TCP: Interfaces\{9B569602-AA02-4A3E-B303-8A5A57E49B6B} : DHCPNameServer = 192.168.2.1
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\fred\application data\mozilla\firefox\profiles\bw9edxzn.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo
    FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a845beafe2bd724f5149d7da809f6c23-0d6407bc5980a8acd39294e15681b8bac3b953ba&lang=en&ds=AVG&pr=pr&d=2011-12-22 13:50:33&v=14.0.3.14&pid=avg&sg=&sap=hp
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a845beafe2bd724f5149d7da809f6c23-0d6407bc5980a8acd39294e15681b8bac3b953ba&lang=en&ds=AVG&pr=pr&d=2011-12-22 13:50:33&pid=avg&sg=&v=14.0.3.14&sap=ku&q=
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\fred\application data\mozilla\firefox\profiles\bw9edxzn.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
    FF - plugin: c:\documents and settings\fred\application data\mozilla\firefox\profiles\bw9edxzn.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
    FF - plugin: c:\program files\canon\mycamera download plugin\NPCIG.dll
    FF - plugin: c:\program files\canon\uploader for canon image gateway plugin\npUploaderForCiG.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\realplayer\netscape6\nppl3260.dll
    FF - plugin: c:\program files\realplayer\netscape6\nprjplug.dll
    FF - plugin: c:\program files\realplayer\netscape6\nprpjplug.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
    FF - ExtSQL: 2012-12-21 22:02; [email protected]; c:\documents and settings\fred\application data\mozilla\firefox\profiles\bw9edxzn.default\extensions\[email protected]
    FF - ExtSQL: 2013-02-07 21:26; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.autoDisableScopes - 10
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.chrome.favicons - false
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
    R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [2012-10-22 56496]
    R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [2012-10-22 12464]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-12-23 65848]
    R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\43926\RapportCerberus32_43926.sys [2012-10-30 272216]
    R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-12-23 71480]
    R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-12-23 166840]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
    R2 BayerHealthcareService;BayerHealthcareService;c:\program files\bayer healthcare smartlaunch\bin\BayerHCService.exe [2011-6-1 128512]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-1-10 10384]
    R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2012-7-13 769432]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-12-23 976728]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-8-19 450848]
    R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-5-30 21520]
    R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent; [x]
    S2 gupdate1c9a50cdd9e386;Google Update Service (gupdate1c9a50cdd9e386);c:\program files\google\update\GoogleUpdate.exe [2009-3-14 133104]
    S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
    S3 cpuz132;cpuz132; [x]
    S3 EUBAKUP0;EUBAKUP0; [x]
    S3 EUBKMON0;EUBKMON0; [x]
    S3 EUFDDISK0;EUFDDISK0; [x]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
    S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\drivers\procexp151.sys --> c:\windows\system32\drivers\PROCEXP151.SYS [?]
    S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [2004-7-30 217472]
    S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [2004-7-30 17277]
    S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [2004-7-30 86648]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-11-20 14336]
    .
    =============== File Associations ===============
    .
    FileExt: .reg: Regedit.Document - HKCR\Unknown\Shell=c:\windows\system32\rundll32.exe c:\windows\system32\shell32.dll,OpenAs_RunDLL %1 [default=openas]
    FileExt: .js: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
    ShellExec: corelcht.exe: print=c:\corel50\programs\CORELCHT.EXE
    ShellExec: corelpnt.exe: cancel=c:\corel50\programs\CORELPNT.EXE
    ShellExec: corelpnt.exe: print=c:\corel50\programs\CORELPNT.EXE
    ShellExec: CORELVP.EXE: open=c:\corel50\programs\CORELVP.EXE
    ShellExec: hpqpstp.exe: Open=c:\program files\hp\digital imaging\bin\hpqpstp.exe
    .
    =============== Created Last 30 ================
    .
    2013-02-12 17:47:02 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5f5851db-981e-4d02-b81a-d6e18be66148}\mpengine.dll
    2013-02-10 00:57:02 6991832 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2013-02-10 00:56:52 232336 ------w- c:\windows\system32\MpSigStub.exe
    2013-02-10 00:52:49 -------- d-----w- c:\program files\Microsoft Security Client
    2013-02-09 22:07:59 -------- d-----w- C:\LinkSys
    2013-02-09 00:45:20 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-02-08 00:56:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2013-02-08 00:55:04 -------- d-----w- C:\Java
    2013-02-06 23:11:59 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
    2013-02-06 23:11:59 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2013-02-06 23:11:59 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2013-02-06 23:11:59 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
    2013-02-06 23:11:59 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
    2013-02-06 20:13:21 -------- d-----w- C:\MyJava
    2013-02-06 01:56:46 -------- d-----w- c:\documents and settings\fred\local settings\application data\Sun
    2013-02-05 23:30:04 -------- d-----w- C:\java-src
    2013-02-04 14:29:12 -------- d-----r- c:\program files\Skype
    2013-02-02 00:48:37 -------- d-----w- c:\documents and settings\fred\System
    2013-02-02 00:48:36 -------- d-----w- c:\documents and settings\fred\application data\SmartDraw
    2013-01-30 13:35:58 -------- d-----w- c:\program files\MonitorDriver
    2013-01-22 16:50:11 -------- d-----w- c:\windows\system32\cache
    2013-01-16 22:07:27 -------- d-----w- C:\New Folder
    2013-01-16 15:15:23 -------- d-----w- c:\documents and settings\fred\application data\AVG2013
    2013-01-16 15:10:57 -------- d-----w- c:\documents and settings\fred\application data\TuneUp Software
    2013-01-16 15:02:52 -------- d-----w- c:\documents and settings\fred\local settings\application data\MFAData
    2013-01-16 15:02:52 -------- d-----w- c:\documents and settings\fred\local settings\application data\Avg2013
    .
    ==================== Find3M ====================
    .
    2013-02-07 22:09:25 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-07 22:09:25 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-30 19:03:02 861048 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-01-30 19:02:56 782192 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-04 23:13:08 78160 ----a-w- c:\program files\AutoFix.exe
    2012-12-24 03:13:34 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-25 23:22:41 509440 ----a-w- c:\program files\SysInfo.exe
    2009-09-06 20:21:25 2168423639 ----a-w- c:\program files\garmin_rmu_cnnant2010_20.exe
    2009-07-24 16:29:25 2060596375 ----a-w- c:\program files\garmin_rmu_cnnant2010c.exe
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600
    .
    CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
    device: opened successfully
    user: error reading MBR
    .
    Disk trace:
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SI, 0x7c00; MOV DI, 0x7a00; MOV SS, AX; MOV SP, DI; MOV DS, AX; MOV ES, AX; MOV CX, 0x200; CLD ; REP MOVSB ; JMP FAR 0x0:0x7a1b; }
    user != kernel MBR !!!
    .
    ============= FINISH: 20:23:37.04 ===============

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    Please let me know if you need it,,,

    Thanks for this
     
  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,885
    you have various dodgy toolbars & BHOs that do divert & fake search results

    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,885
    That is not helpful advice. As you can now see from the logs, the poster has at least 2 known search hijackers.
    I strongly recommend that if you haven't got anything sensible & useful to say, then don't say it.
    You saying that you don't see any ads in your google searches is not relevant. An ad blocker will not work with a hijacker.
     
  7. Nflder

    Nflder Thread Starter

    Joined:
    Aug 21, 2003
    Messages:
    291
    Derek... Here's the scan. If I have "various dodgy toolbars & BHOs" I'd love to get rid of them all...Tks, Fred

    # AdwCleaner v2.112 - Logfile created 02/15/2013 at 14:28:48
    # Updated 10/02/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Fred - YOUR-7B1065DF54
    # Boot Mode : Normal
    # Running from : C:\Downloads\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\DOCUME~1\Fred\LOCALS~1\Temp\Uninstall.exe
    File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    Folder Found : C:\DOCUME~1\Fred\LOCALS~1\Temp\avg@toolbar
    Folder Found : C:\Documents and Settings\All Users\Application Data\~0
    Folder Found : C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
    Folder Found : C:\Documents and Settings\All Users\Application Data\blekko toolbars
    Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
    Folder Found : C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\bw9edxzn.default\extensions\[email protected]
    Folder Found : C:\Documents and Settings\Fred\Application Data\pdfforge
    Folder Found : C:\Documents and Settings\Fred\Local Settings\Application Data\Coupon Companion
    Folder Found : C:\Program Files\Coupon Companion
    Folder Found : C:\Program Files\Viewpoint

    ***** [Registry] *****

    Key Found : HKCU\Software\AVG Security Toolbar
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Cr_Installer
    Key Found : HKCU\Software\Crossrider
    Key Found : HKCU\Software\InstalledBrowserExtensions
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441193}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKCU\Software\PriceGong
    Key Found : HKCU\Software\Zugo
    Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441193}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442293}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox
    Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444493}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\Freeze.com
    Key Found : HKLM\Software\MetaStream
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441193}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Found : HKLM\Software\Viewpoint
    Key Found : HKU\S-1-5-21-1045719210-4228423461-3318370714-1006\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0.2 (en-US)

    File : C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\bw9edxzn.default\prefs.js

    Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Found : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7D[...]
    Found : user_pref("extensions.crossriderapp4493.4493.InstallationThankYouPage", true);
    Found : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1356139916);
    Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.searchUserConifrmation", false[...]
    Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setHomepage", false);
    Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setNewTab", false);
    Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setSearch", false);
    Found : user_pref("extensions.crossriderapp4493.4493.active", true);
    Found : user_pref("extensions.crossriderapp4493.4493.addressbar", "");
    Found : user_pref("extensions.crossriderapp4493.4493.addressbarenhanced", "");
    Found : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n//\n");
    Found : user_pref("extensions.crossriderapp4493.4493.backgroundver", 35);
    Found : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);
    Found : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");
    Found : user_pref("extensions.crossriderapp4493.4493.changeprevious", false);
    Found : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1356139916");
    Found : user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1356139916");
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_arbitrary_code.expiration", "Fri Feb 15 201[...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_arbitrary_code.value", "%22%28function%28%2[...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.expiration", "Fri Feb 15 2013 09:[...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_ab_cap1.expiration", "Fri Feb 01 2030 00[...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_ab_cap1.value", "%22lbcmmpmjjaockhkcoflj[...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:[...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.value", "1360860938");
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expiration", "Sat Feb 16 2013 [...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value", "%22CA%22");
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1360934064");
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 0[...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.value", "%221360862101%22");
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22");
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 0[...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.value", "%221356061408%22");
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2214019%22");
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1356144274306");
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221175%22");
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%22122075%22");
    Found : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1356144257447");
    Found : user_pref("extensions.crossriderapp4493.4493.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:[...]
    Found : user_pref("extensions.crossriderapp4493.4493.cookie.lastrequest.value", "%7B%22path%22%3A%22/cgi-bin[...]
    Found : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");
    Found : user_pref("extensions.crossriderapp4493.4493.domain", "");
    Found : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);
    Found : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");
    Found : user_pref("extensions.crossriderapp4493.4493.group", 0);
    Found : user_pref("extensions.crossriderapp4493.4493.homepage", "");
    Found : user_pref("extensions.crossriderapp4493.4493.iframe", false);
    Found : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
    Found : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
    Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
    Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "81");
    Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
    Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");
    Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
    Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");
    Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Fri Feb 15[...]
    Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true");
    Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
    Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");
    Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.expiration", "Fri[...]
    Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.value", "%7B%22re[...]
    Found : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
    Found : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
    Found : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
    Found : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");
    Found : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");
    Found : user_pref("extensions.crossriderapp4493.4493.newtab", "");
    Found : user_pref("extensions.crossriderapp4493.4493.opensearch", "");
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 4);
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 15);
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var a=appAPI.db.getList([...]
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 32);
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 4);
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2);
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1);
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage");
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 1);
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation");
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 1);
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.code", "(function(a){if(typeof a===\"[...]
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.name", "CrossriderInfo");
    Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.ver", 2);
    Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"[...]
    Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,[...]
    Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
    Found : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
    Found : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 57);
    Found : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");
    Found : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);
    Found : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);
    Found : user_pref("extensions.crossriderapp4493.4493.settingsurl", "");
    Found : user_pref("extensions.crossriderapp4493.4493.thankyou", "");
    Found : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);
    Found : user_pref("extensions.crossriderapp4493.4493.ver", 81);
    Found : user_pref("extensions.crossriderapp4493.adsOldValue", 10);
    Found : user_pref("extensions.crossriderapp4493.apps", "4493");
    Found : user_pref("extensions.crossriderapp4493.bic", "13bc04265d1bb913461a3233b3a725a9");
    Found : user_pref("extensions.crossriderapp4493.cid", 4493);
    Found : user_pref("extensions.crossriderapp4493.firstrun", false);
    Found : user_pref("extensions.crossriderapp4493.hadappinstalled", true);
    Found : user_pref("extensions.crossriderapp4493.installationdate", 1356140275);
    Found : user_pref("extensions.crossriderapp4493.lastcheck", 22682235);
    Found : user_pref("extensions.crossriderapp4493.lastcheckitem", 22682235);
    Found : user_pref("extensions.crossriderapp4493.modetype", "production");
    Found : user_pref("extensions.crossriderapp4493.reportInstall", true);
    Found : user_pref("[email protected]", true);
    Found : user_pref("extensions.enabledAddons", "DeviceDetection%40logitech.com:1.24.0.9,testpilot%40labs.mozi[...]
    Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&m[...]

    -\\ Google Chrome v24.0.1312.57

    File : C:\Documents and Settings\Fred\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    Found [l.8] : homepage = "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a845beafe2bd724f5149d7da809f6c23-0d6407bc5980a8acd39294e15681b8bac3b953ba&lang=en&ds=AVG&pr=pr&d=2011-12-22 13:50:33&v=14.0.3.14&pid=avg&sg=&sap=hp",
    Found [l.12] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a845beafe2bd724f5149d7da809f6c23-0d6407bc5980a8acd39294e15681b8bac3b953ba&lang=en&ds=AVG&pr=pr&d=2011-12-22 13:50:33&v=14.0.3.14&pid=avg&sg=&sap=hp" ]
    Found [l.36] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
    Found [l.39] : keyword = "isearch.avg.com",
    Found [l.42] : search_url = "hxxp://isearch.avg.com/search?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a845beafe2bd724f5149d7da809f6c23-0d6407bc5980a8acd39294e15681b8bac3b953ba&lang=en&ds=AVG&pr=pr&d=2011-12-22 13:50:33&v=11.1.0.12&sap=dsp&q={searchTerms}",
    Found [l.1569] : homepage = "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a845beafe2bd724f5149d7da809f6c23-0d6407bc5980a8acd39294e15681b8bac3b953ba&lang=en&ds=AVG&pr=pr&d=2011-12-22 13:50:33&v=14.0.3.14&pid=avg&sg=&sap=hp",
    Found [l.1945] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a845beafe2bd724f5149d7da809f6c23-0d6407bc5980a8acd39294e15681b8bac3b953ba&lang=en&ds=AVG&pr=pr&d=2011-12-22 13:50:33&v=14.0.3.14&pid=avg&sg=&sap=hp" ]

    -\\ Opera v12.12.1707.0

    File : C:\Documents and Settings\Fred\Application Data\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [23807 octets] - [15/02/2013 14:28:48]

    ########## EOF - C:\AdwCleaner[R1].txt - [23868 octets] ##########
     
  8. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,885
    Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
    The logfile will also be saved in C:\AdwCleaner[S1].txt

    once it has rebooted then do this

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  9. Nflder

    Nflder Thread Starter

    Joined:
    Aug 21, 2003
    Messages:
    291
    As requested... First the awcleaner report after using delete then the CoombpFix report. I did have trouble stopping Microsoft Security Essentials... I determined through Task Mgr that it runs as "msseces.exe" and stopped it in Task Mgr and checked it twice and each time with the MS Security Essentials window up running and ending the process the MS Sec Essentials window disappeared! HOWEVER when I ran ComboFix it advised me that it "detected real time scanner antivirus Microsoft Security Essentials - please disable before clicking OK" Since I had turned off all protection I could not go back online so I "X'd" out of the CombeFix window but it would not let me out and continued on to completion... It took quite a while and I was really concerned especially after your warning not to even touch the mouse!!! MS Security Essentials must have another executable running besides the one I found! I rebooted and things look OK. I still have my fingers & toes crossed. Oh! the ads are gone from Google searches... So I apologize to Google and thank you Derek... again! I do however look forward to your reply. Fred

    AwCleaner Report------------------------------------------------------------------------------------------------
    # AdwCleaner v2.112 - Logfile created 02/16/2013 at 20:08:46
    # Updated 10/02/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : Fred - YOUR-7B1065DF54
    # Boot Mode : Normal
    # Running from : C:\Program Files\`AdwCleaner_HyjackThis_meseinstall\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\DOCUME~1\Fred\LOCALS~1\Temp\Uninstall.exe
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
    Folder Deleted : C:\DOCUME~1\Fred\LOCALS~1\Temp\avg@toolbar
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\~0
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Anti-phishing Domain Advisor
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
    Folder Deleted : C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\bw9edxzn.default\extensions\[email protected]
    Folder Deleted : C:\Documents and Settings\Fred\Application Data\pdfforge
    Folder Deleted : C:\Documents and Settings\Fred\Local Settings\Application Data\Coupon Companion
    Folder Deleted : C:\Program Files\Coupon Companion
    Folder Deleted : C:\Program Files\Viewpoint

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AVG Security Toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\Crossrider
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441193}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\PriceGong
    Key Deleted : HKCU\Software\Zugo
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011441193}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022442293}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444493}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\MetaStream
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441193}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
    Key Deleted : HKLM\Software\Viewpoint
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v18.0.2 (en-US)

    File : C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\bw9edxzn.default\prefs.js

    C:\Documents and Settings\Fred\Application Data\Mozilla\Firefox\Profiles\bw9edxzn.default\user.js ... Deleted !

    Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7D[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationThankYouPage", true);
    Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1356139916);
    Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.searchUserConifrmation", false[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setHomepage", false);
    Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setNewTab", false);
    Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setSearch", false);
    Deleted : user_pref("extensions.crossriderapp4493.4493.active", true);
    Deleted : user_pref("extensions.crossriderapp4493.4493.addressbar", "");
    Deleted : user_pref("extensions.crossriderapp4493.4493.addressbarenhanced", "");
    Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n//\n");
    Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundver", 35);
    Deleted : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);
    Deleted : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");
    Deleted : user_pref("extensions.crossriderapp4493.4493.changeprevious", false);
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1356139916");
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1356139916");
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_arbitrary_code.expiration", "Sat Feb 16 201[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_arbitrary_code.value", "%22%28function%28%2[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.expiration", "Sat Feb 16 2013 20:[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_blocklist.value", "%22nonexistantdomain.com[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_ab_cap1.expiration", "Fri Feb 01 2030 00[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_ab_cap1.value", "%22lbcmmpmjjaockhkcoflj[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.value", "1360860938");
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.expiration", "Sat Feb 23 2013 [...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_country_code.value", "%22CA%22");
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1361057153");
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 0[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.value", "%221360938920%22");
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22");
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 0[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.value", "%221356061408%22");
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2214019%22");
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1356144274306");
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221175%22");
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%22122075%22");
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1356144257447");
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.lastrequest.expiration", "Fri Feb 01 2030 00:00:[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.lastrequest.value", "%7B%22path%22%3A%22/cgi-bin[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");
    Deleted : user_pref("extensions.crossriderapp4493.4493.domain", "");
    Deleted : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);
    Deleted : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");
    Deleted : user_pref("extensions.crossriderapp4493.4493.group", 0);
    Deleted : user_pref("extensions.crossriderapp4493.4493.homepage", "");
    Deleted : user_pref("extensions.crossriderapp4493.4493.iframe", false);
    Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "81");
    Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");
    Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");
    Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.expiration", "Sun Feb 17[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_nextCheck.value", "true");
    Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");
    Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.expiration", "Fri[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.value", "%7B%22re[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");
    Deleted : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");
    Deleted : user_pref("extensions.crossriderapp4493.4493.newtab", "");
    Deleted : user_pref("extensions.crossriderapp4493.4493.opensearch", "");
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 4);
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 15);
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var a=appAPI.db.getList([...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 32);
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 4);
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2);
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com |[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1);
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage");
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 1);
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation");
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 1);
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.code", "(function(a){if(typeof a===\"[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.name", "CrossriderInfo");
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.ver", 2);
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
    Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
    Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 57);
    Deleted : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");
    Deleted : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);
    Deleted : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);
    Deleted : user_pref("extensions.crossriderapp4493.4493.settingsurl", "");
    Deleted : user_pref("extensions.crossriderapp4493.4493.thankyou", "");
    Deleted : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);
    Deleted : user_pref("extensions.crossriderapp4493.4493.ver", 81);
    Deleted : user_pref("extensions.crossriderapp4493.adsOldValue", 10);
    Deleted : user_pref("extensions.crossriderapp4493.apps", "4493");
    Deleted : user_pref("extensions.crossriderapp4493.bic", "13bc04265d1bb913461a3233b3a725a9");
    Deleted : user_pref("extensions.crossriderapp4493.cid", 4493);
    Deleted : user_pref("extensions.crossriderapp4493.firstrun", false);
    Deleted : user_pref("extensions.crossriderapp4493.hadappinstalled", true);
    Deleted : user_pref("extensions.crossriderapp4493.installationdate", 1356140275);
    Deleted : user_pref("extensions.crossriderapp4493.lastcheck", 22684208);
    Deleted : user_pref("extensions.crossriderapp4493.lastcheckitem", 22684294);
    Deleted : user_pref("extensions.crossriderapp4493.modetype", "production");
    Deleted : user_pref("extensions.crossriderapp4493.reportInstall", true);
    Deleted : user_pref("[email protected]", true);
    Deleted : user_pref("extensions.enabledAddons", "DeviceDetection%40logitech.com:1.24.0.9,testpilot%40labs.mozi[...]
    Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&m[...]

    -\\ Google Chrome v24.0.1312.57

    File : C:\Documents and Settings\Fred\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    Deleted [l.8] : homepage = "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a845beafe2[...]
    Deleted [l.12] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6[...]
    Deleted [l.36] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
    Deleted [l.39] : keyword = "isearch.avg.com",
    Deleted [l.42] : search_url = "hxxp://isearch.avg.com/search?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a8[...]
    Deleted [l.1569] : homepage = "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7DD3F6}&mid=a845beafe2bd7[...]
    Deleted [l.1945] : urls_to_restore_on_startup = [ "hxxp://isearch.avg.com/?cid={3CEE400F-D25B-4E56-947D-A7BF6F7D[...]

    -\\ Opera v12.12.1707.0

    File : C:\Documents and Settings\Fred\Application Data\Opera\Opera\operaprefs.ini

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [23938 octets] - [15/02/2013 14:28:48]
    AdwCleaner[R2].txt - [24038 octets] - [16/02/2013 20:08:07]
    AdwCleaner[S1].txt - [23673 octets] - [16/02/2013 20:08:46]

    ########## EOF - C:\AdwCleaner[S1].txt - [23734 octets] ##########

    ComboFix Report----------------------------------------------------------------------------------------------------------------------------------------------
    ComboFix 13-02-15.01 - Fred 16/02/2013 20:49:39.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1257 [GMT -3.5:30]
    Running from: c:\documents and settings\Fred\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    * Created a new restore point
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
    c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
    c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
    c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
    c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
    c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns
    c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
    c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
    c:\documents and settings\All Users\Start Menu\Programs\Startup\DTemp.exe.lnk
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Fred\System
    c:\documents and settings\Fred\System\win_qs8.jqx
    c:\documents and settings\Fred\WINDOWS
    C:\install.exe
    c:\program files\garmin_rmu_cnnant2010_20.exe
    c:\program files\garmin_rmu_cnnant2010c.exe
    c:\windows\OLD2E.tmp
    c:\windows\OLD31.tmp
    c:\windows\system32\Cache
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
    c:\windows\system32\Cache\32c84fe32bb74d60.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\6d03dad1035885d3.fb
    c:\windows\system32\Cache\a00e42571a14dcb0.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\c1fa887b03019701.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\f7bb5f147ac6280f.fb
    c:\windows\system32\Cache\f998975c9cc711ee.fb
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\DC120fc7_32.dll
    c:\windows\system32\SET3C.tmp
    c:\windows\system32\SET48.tmp
    c:\windows\system32\SET4A.tmp
    c:\windows\system32\SET4C.tmp
    c:\windows\system32\SET4C6.tmp
    c:\windows\system32\SET55.tmp
    c:\windows\system32\SET5C.tmp
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-17 to 2013-02-17 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-17 00:07 . 2013-02-17 00:07 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE2BEE0C-2136-4F58-A6B6-FB2B61215A2A}\MpKsle3108c91.sys
    2013-02-16 22:11 . 2013-01-08 00:27 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE2BEE0C-2136-4F58-A6B6-FB2B61215A2A}\mpengine.dll
    2013-02-15 18:36 . 2013-02-15 18:37 -------- d-----w- c:\program files\`AdwCleaner_HyjackThis_meseinstall
    2013-02-15 01:48 . 2013-01-08 00:27 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-02-10 00:56 . 2013-01-30 10:53 232336 ------w- c:\windows\system32\MpSigStub.exe
    2013-02-10 00:53 . 2013-02-10 00:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
    2013-02-10 00:52 . 2013-02-15 03:24 -------- d-----w- c:\program files\Microsoft Security Client
    2013-02-09 22:07 . 2013-02-09 22:09 -------- d-----w- C:\LinkSys
    2013-02-09 00:46 . 2013-02-09 00:46 -------- d-----w- c:\program files\Common Files\Java
    2013-02-09 00:45 . 2013-02-09 00:45 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-02-09 00:44 . 2013-02-09 00:44 -------- d-----w- c:\program files\Java
    2013-02-08 00:56 . 2013-02-08 00:56 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2013-02-08 00:55 . 2013-02-08 00:56 -------- d-----w- C:\Java
    2013-02-06 20:13 . 2013-02-08 23:39 -------- d-----w- C:\MyJava
    2013-02-06 11:29 . 2013-02-06 11:29 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
    2013-02-06 01:56 . 2013-02-06 01:56 -------- d-----w- c:\documents and settings\Fred\Local Settings\Application Data\Sun
    2013-02-06 00:28 . 2013-02-06 00:28 -------- d-----w- c:\documents and settings\Fred\Application Data\Oracle
    2013-02-05 23:30 . 2013-02-08 01:44 -------- d-----w- C:\java-src
    2013-02-04 14:29 . 2013-02-04 14:29 -------- d-----w- c:\program files\Common Files\Skype
    2013-02-04 14:29 . 2013-02-04 14:29 -------- d-----r- c:\program files\Skype
    2013-02-02 00:48 . 2013-02-02 00:52 -------- d-----w- c:\documents and settings\Fred\Application Data\SmartDraw
    2013-01-30 13:35 . 2013-01-30 13:36 -------- d-----w- c:\program files\MonitorDriver
    2013-01-30 13:35 . 2013-01-30 13:35 -------- d-----w- c:\documents and settings\Fred\Application Data\InstallShield
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-07 22:09 . 2012-03-30 23:31 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-07 22:09 . 2011-06-05 16:02 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-30 19:03 . 2012-06-16 13:30 861048 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-01-30 19:02 . 2010-04-21 16:22 782192 ----a-w- c:\windows\system32\deployJava1.dll
    2013-01-26 03:55 . 2008-11-20 22:10 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-20 19:29 . 2012-08-31 01:33 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2013-01-07 01:19 . 2006-06-17 09:23 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:37 . 2004-08-04 05:59 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 23:13 . 2013-01-04 23:13 78160 ----a-w- c:\program files\AutoFix.exe
    2013-01-04 01:20 . 2006-06-17 09:23 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49 . 2006-06-17 09:23 1292288 ----a-w- c:\windows\system32\quartz.dll
    2012-12-26 20:16 . 2006-06-17 09:23 916480 ----a-w- c:\windows\system32\wininet.dll
    2012-12-26 20:16 . 2008-11-20 22:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-12-26 20:16 . 2008-11-20 22:07 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2012-12-24 06:40 . 2008-11-20 22:07 385024 ----a-w- c:\windows\system32\html.iec
    2012-12-16 12:23 . 2008-11-20 22:06 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 21:49 . 2012-12-28 01:50 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-25 23:22 . 2011-11-25 23:22 509440 ----a-w- c:\program files\SysInfo.exe
    2013-02-06 23:12 . 2013-02-06 23:11 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" [X]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-06 4763008]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 569413]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 413696]
    "LVCOMS"="c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 90112]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
    "UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe" [2006-08-09 36864]
    "Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
    "Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
    "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
    "CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\Fred\Start Menu\Programs\Startup\
    Event Reminder.lnk - c:\program files\Mindscape\PrintMaster\PMREMIND.EXE [2011-6-22 325632]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLinkedConnections"= 1 (0x1)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2009-07-20 15:58 72208 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ \0
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Fred^Start Menu^Programs^Startup^Password Safe.lnk]
    backup=c:\windows\pss\Password Safe.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
    2009-10-23 22:04 827904 ----a-w- c:\program files\dvd43\DVD43_Tray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
    2012-05-22 10:43 980920 ----a-w- c:\progra~1\Eraser\Eraser.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater]
    2012-06-04 13:01 1466760 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
    2002-09-11 16:28 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
    2002-09-11 16:27 45056 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickFinder Scheduler]
    2005-12-01 04:15 77892 ----a-w- c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
    2006-09-27 21:56 573440 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPod Service"=3 (0x3)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Messenger\\Msmsgs.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\javaw.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Nero\\Nero 12\\Nero BackItUp\\BackItUp.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    R0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\drivers\NBVol.sys [22/10/2012 4:27 PM 56496]
    R0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\drivers\NBVolUp.sys [22/10/2012 4:27 PM 12464]
    R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [06/02/2013 7:59 AM 65848]
    R1 MpKsle3108c91;MpKsle3108c91;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CE2BEE0C-2136-4F58-A6B6-FB2B61215A2A}\MpKsle3108c91.sys [16/02/2013 8:37 PM 29904]
    R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [30/10/2012 11:46 AM 272216]
    R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [06/02/2013 7:59 AM 71480]
    R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [06/02/2013 7:59 AM 166840]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [17/02/2010 2:55 PM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 3:11 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [29/06/2010 2:18 PM 116608]
    R2 BayerHealthcareService;BayerHealthcareService;c:\program files\Bayer HealthCare SmartLaunch\bin\BayerHCService.exe [01/06/2011 3:10 PM 128512]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [10/01/2009 11:57 PM 10384]
    R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [13/07/2012 3:27 PM 769432]
    R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [06/02/2013 7:59 AM 976728]
    R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [19/08/2011 5:56 AM 450848]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [13/01/2010 1:32 PM 47360]
    R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [30/05/2012 11:34 AM 21520]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 ColdFusion MX ODBC Agent;ColdFusion MX ODBC Agent; [x]
    S2 gupdate1c9a50cdd9e386;Google Update Service (gupdate1c9a50cdd9e386);c:\program files\Google\Update\GoogleUpdate.exe [14/03/2009 9:49 PM 133104]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [08/01/2013 12:55 PM 161536]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 11:38 AM 11336]
    S3 EUBAKUP0;EUBAKUP0; [x]
    S3 EUBKMON0;EUBKMON0; [x]
    S3 EUFDDISK0;EUFDDISK0; [x]
    S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 11:39 PM 267568]
    S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
    S3 US122;US122 Driver;c:\windows\system32\drivers\US122.sys [30/07/2004 1:19 PM 217472]
    S3 US122DL;US122 Firmware Downloader;c:\windows\system32\drivers\US122DL.sys [30/07/2004 1:32 PM 17277]
    S3 Us122WdmService;US122 Wdm Audio;c:\windows\system32\drivers\US122Wdm.sys [30/07/2004 1:19 PM 86648]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 7:36 PM 11520]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSLE3108C91
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-02-03 00:15 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-30 c:\windows\Tasks\2nd Backup.job
    - c:\windows\system32\ntbackup.exe [2008-11-20 00:12]
    .
    2013-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 22:09]
    .
    2012-12-03 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 20:27]
    .
    2013-02-16 c:\windows\Tasks\ConfigExec.job
    - c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
    .
    2013-02-16 c:\windows\Tasks\DataUpload.job
    - c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-14 03:09]
    .
    2013-02-15 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-15 22:41]
    .
    2013-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 01:19]
    .
    2013-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-15 01:19]
    .
    2013-02-16 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
    - c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 14:41]
    .
    2013-02-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1045719210-4228423461-3318370714-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 15:03]
    .
    2012-12-31 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1045719210-4228423461-3318370714-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 15:03]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
    DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
    DPF: {9F6D8A59-DD92-499D-944A-38FDB2CE46FF} - hxxp://sms.napster.com/client/plugin/npdownload.cab
    FF - ProfilePath - c:\documents and settings\Fred\Application Data\Mozilla\Firefox\Profiles\bw9edxzn.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - ExtSQL: 2013-02-07 21:26; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
    .
    .
    ------- File Associations -------
    .
    .reg=Regedit.Document
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    ShellIconOverlayIdentifiers-{02696AD5-FF96-454b-9E00-81DA8B79B678} - (no file)
    AddRemove-Coupon Companion - c:\program files\Coupon Companion\Uninstall.exe
    AddRemove-Glucofacts Deluxe Updater 2.0 - c:\windows\system32\javaws.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-02-16 21:14
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600
    .
    CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
    device: opened successfully
    user: error reading MBR
    kernel: MBR read successfully
    user != kernel MBR !!!
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(980)
    c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\common files\logishrd\bluetooth\LBTServ.dll
    .
    Completion time: 2013-02-16 21:20:10
    ComboFix-quarantined-files.txt 2013-02-17 00:50
    .
    Pre-Run: 73,563,533,312 bytes free
    Post-Run: 71,091,253,248 bytes free
    .
    - - End Of File - - DE184DAAC4093374560D43D0B5A64E05
     
  10. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,885
    how is it now?
    are you still having any problems?
     
  11. Nflder

    Nflder Thread Starter

    Joined:
    Aug 21, 2003
    Messages:
    291
    Everything is AOK... My reason for posting this was ads on Google & thanks to you Derek they are all gone! And the computer is behaving itself! By the quantity of what both programs removed I should 1. Be much more careful when I browse, although that's very problematic and 2. Perform the checks done here every few months - especially if you&#8217;re online a lot. I'll be doing some web re-design for hand held devices coming up and it will be interesting to see how much trouble I run into doing that. I do have some conflicts between programs and I'll be watching to see if that still occurs. However a trip to New Zealand coming up with a cruse back to Vancouver will take me off line for a short while but I'll be back - and now using Google most of the time (however Bing looks interesting).
    Again... thank you very much
    Fred
     
  12. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,885
    *Follow these steps to uninstall Combofix and the other tools it downloaded to remove the malware*
    * Click START then RUN
    * Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    [​IMG]

    This will also purge the restore folder and clear any malware that has been put in there. Now Empty Recycle bin on desktop Then reboot.

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.

    and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration

    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
     
  13. Nflder

    Nflder Thread Starter

    Joined:
    Aug 21, 2003
    Messages:
    291
    Derek, I'm working on your suggestions and have removed everything as you recommended. Everything is working fine.

    I have run into a difficulty: after downloading the exe file from http://secunia.com/vulnerability_scanning/personal. It downloads OK but when I install it and it starts I only get a flash of a white window when I call it up. I can click on the tray icon or the "Start All Programs SecuniaPSI" and I only get a quick flash of a rectangular window and it's gone. It has scanned as the Tray icon indicates I have several programs that require updates. I have uninstalled, restarted, and downloaded the program again but it's the same result. I was going to send this directly to Secunia but decided to put it here so others would see it as well. Let me know if you want me to send it to them and post the results here.
    I just used Task Manager - Process and the tray icon is listed psi_tray.exe. When I start the program psi.exe does show for a second then disappears.
     
  14. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,885
    I have had a few other people say the same thing about secunia PSI 3 and nothing makes it work for them

    I think for that you should seek advice/help from Secunia & see what they suggest
     
  15. Nflder

    Nflder Thread Starter

    Joined:
    Aug 21, 2003
    Messages:
    291
    The problem apparantly is specific to Win XP SP3. I posted on secunia and received the following from Kamran, and I must remember to send a thank you because it worked. Now I can start to learn how to use it! Just keep in mind the statement in brackets after step 3 as you may need to reverse this for some other process - so file this remedy where you can locate it in the future!!!! Guess I'll mark this one solved unless anyone else would like to comment... I'll wait a few days. Here is the solution...

    To resolve the XP SP3 Issue:
    1) Go to Start > Control Panel > Administrative Tools > Services.
    Please ensure that both the 'Secunia PSI Agent' and 'Secunia Update Agent' are set to 'Started' under status and 'Automatic' under 'Startup type'

    2) Go to where you installed the PSI (Probably C:\Program Files\Secunia\PSI), right-click PSI.exe, click Properties, go to the Compatibility tab, and set a check at 'Turn off advanced text
    services for this program'

    3) Go to Control Panel > Regional and language options > Languages Tab > Details > Advanced. From here, set a check at 'Turn off advanced text services'
    (Please note that this is a global setting unlike what is described in step 2).

    --
    Kind regards,

    Kamran Hussain
    Secunia PSI Support

    Secunia PSI
    http://secunia.com/vulnerability_scanning/personal
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1088820