SafeSearch hijack

Author	All Replies
dolphins Clean Up Our Oceans Premium join:2001-08-22 Westville, NJ kudos:3 Reviews: ·Comcast 1 edit	SafeSearch hijack Hi there all you security gurus, Another family member of mine dropped off yet another infected laptop. I'm told they have been trying to remove this on their own so I don't know what they have done. They had several anti-virus programs installed that I immediately removed. I have already removed SafeSearch, Yontoo, Bonjour and a few others via Add/Remove. The infection still remains. Results of screen317's Security Check version 0.99.57 Windows Vista Service Pack 2 x86 (UAC is enabled) Internet Explorer 9 [u]``````````````Antivirus/Firewall Check:``````````````[/u] Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) [color=red]Error obtaining update status for antivirus![/color] [u]`````````Anti-malware/Other Utilities Check:`````````[/u] Spybot - Search & Destroy SUPERAntiSpyware Malwarebytes Anti-Malware version 1.70.0.1100 CCleaner Java(TM) 6 Update 38 Java(TM) 6 Update 5 [color=red]Java version out of Date![/color] Adobe Flash Player 11.5.502.146 Adobe Reader 8 [color=red]Adobe Reader out of Date![/color] Mozilla Firefox (18.0.1) Google Chrome 24.0.1312.52 Google Chrome 24.0.1312.56 [u]````````Process Check: objlist.exe by Laurent````````[/u] Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe [color=red]Spybot Teatimer.exe is disabled![/color] [u]`````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C: 2 % [color=red]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/color] [u]````````````````````End of Log``````````````````````[/u] Search results from Spybot - Search & Destroy 1/29/2013 12:14:24 PM Scan took 00:22:06. 8 items found. MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done) HKEY_USERS\S-1-5-21-2684659167-3542935051-188779129-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done) HKEY_USERS\S-1-5-21-2684659167-3542935051-188779129-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done) HKEY_USERS\S-1-5-21-2684659167-3542935051-188779129-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done) Cache: [SBI $49804B54] Browser: Cache (386) (Browser: Cache, nothing done) History: [SBI $49804B54] Browser: History (1) (Browser: History, nothing done) Cookie: [SBI $49804B54] Browser: Cookie (9) (Browser: Cookie, nothing done) --- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) --- 2012-11-13 blindman.exe (2.0.12.151) 2012-11-13 explorer.exe (2.0.12.173) 2012-11-13 SDBootCD.exe (2.0.12.109) 2012-11-13 SDCleaner.exe (2.0.12.110) 2012-11-13 SDDelFile.exe (2.0.12.94) 2012-11-13 SDFiles.exe (2.0.12.135) 2012-11-13 SDFileScanHelper.exe (2.0.12.1) 2012-11-13 SDFSSvc.exe (2.0.12.205) 2012-11-13 SDImmunize.exe (2.0.12.130) 2012-11-13 SDLogReport.exe (2.0.12.107) 2012-11-13 SDPESetup.exe (2.0.12.3) 2012-11-13 SDPEStart.exe (2.0.12.86) 2012-11-13 SDPhoneScan.exe (2.0.12.27) 2012-11-13 SDPRE.exe (2.0.12.13) 2012-11-13 SDPrepPos.exe (2.0.12.10) 2012-11-13 SDQuarantine.exe (2.0.12.103) 2012-11-13 SDRootAlyzer.exe (2.0.12.116) 2012-11-13 SDSBIEdit.exe (2.0.12.39) 2012-11-13 SDScan.exe (2.0.12.173) 2012-11-13 SDScript.exe (2.0.12.53) 2012-11-13 SDSettings.exe (2.0.12.130) 2012-11-13 SDShred.exe (2.0.12.105) 2012-11-13 SDSysRepair.exe (2.0.12.101) 2012-11-13 SDTools.exe (2.0.12.150) 2012-11-13 SDTray.exe (2.0.12.127) 2012-11-13 SDUpdate.exe (2.0.12.89) 2012-11-13 SDUpdSvc.exe (2.0.12.76) 2012-11-13 SDWelcome.exe (2.0.12.126) 2012-11-13 SDWSCSvc.exe (2.0.12.2) 2013-01-29 unins000.exe (51.1052.0.0) 1999-12-02 xcacls.exe 2012-08-23 borlndmm.dll (10.0.2288.42451) 2012-09-05 DelZip190.dll (1.9.0.107) 2012-09-10 libeay32.dll (1.0.0.4) 2012-09-10 libssl32.dll (1.0.0.4) 2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98) 2012-11-13 SDECon32.dll (2.0.12.113) 2012-11-13 SDEvents.dll (2.0.12.2) 2012-11-13 SDFileScanLibrary.dll (2.0.12.9) 2012-11-13 SDHelper.dll (2.0.12.88) 2012-11-13 SDImmunizeLibrary.dll (2.0.12.2) 2012-11-13 SDLists.dll (2.0.12.4) 2012-11-13 SDResources.dll (2.0.12.7) 2012-11-13 SDScanLibrary.dll (2.0.12.131) 2012-11-13 SDTasks.dll (2.0.12.15) 2012-11-13 SDWinLogon.dll (2.0.12.0) 2012-08-23 sqlite3.dll 2012-09-10 ssleay32.dll (1.0.0.4) 2012-11-13 Tools.dll (2.0.12.36) 2012-11-13 UninsSrv.dll (2.0.12.52) 2012-11-14 Includes\Adware.sbi () 2012-11-14 Includes\AdwareC.sbi () 2010-08-13 Includes\Cookies.sbi () 2012-11-14 Includes\Dialer.sbi () 2012-11-14 Includes\DialerC.sbi () 2012-11-14 Includes\HeavyDuty.sbi () 2012-11-14 Includes\Hijackers.sbi () 2012-11-14 Includes\HijackersC.sbi () 2012-11-14 Includes\iPhone.sbi () 2012-11-14 Includes\Keyloggers.sbi () 2012-11-14 Includes\KeyloggersC.sbi () 2012-11-14 Includes\Malware.sbi () 2012-11-14 Includes\MalwareC.sbi () 2012-11-14 Includes\PUPS.sbi () 2012-11-14 Includes\PUPSC.sbi () 2012-11-14 Includes\Security.sbi () 2012-11-14 Includes\SecurityC.sbi () 2008-06-03 Includes\Spybots.sbi () 2008-06-03 Includes\SpybotsC.sbi () 2012-11-14 Includes\Spyware.sbi () 2012-11-14 Includes\SpywareC.sbi () 2011-06-07 Includes\Tracks.sbi () 2005-02-17 Includes\Tracks.uti () 2012-11-14 Includes\Trojans.sbi () 2012-11-14 Includes\TrojansC-02.sbi () 2012-11-14 Includes\TrojansC-03.sbi () 2012-11-14 Includes\TrojansC-04.sbi () 2012-11-14 Includes\TrojansC-05.sbi () 2012-11-14 Includes\TrojansC.sbi () Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.29.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Compaq :: COMPAQ-PC [administrator] 1/29/2013 4:04:25 AM mbam-log-2013-01-29 (04-04-25).txt Scan type: Full scan (C:\\|) Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 341973 Time elapsed: 48 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESET Results: C:\Users\All Users\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined OTL logfile created on: 1/29/2013 2:16:22 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Compaq\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1.93 Gb Total Physical Memory \| 1.16 Gb Available Physical Memory \| 59.92% Memory free 4.10 Gb Paging File \| 3.32 Gb Available in Paging File \| 81.04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 139.71 Gb Total Space \| 90.51 Gb Free Space \| 64.79% Space Free \| Partition Type: NTFS Drive D: \| 9.34 Gb Total Space \| 1.44 Gb Free Space \| 15.45% Space Free \| Partition Type: NTFS Unable to calculate disk information. Computer Name: COMPAQ-PC \| User Name: Compaq \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/01/29 02:10:35 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Users\Compaq\Desktop\OTL.exe PRC - [2012/11/13 14:08:12 \| 003,487,240 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe PRC - [2012/11/13 14:07:24 \| 000,168,384 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012/11/13 14:07:20 \| 001,369,624 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012/11/13 14:07:16 \| 001,103,392 \| ---- \| M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012/09/12 17:25:22 \| 000,020,472 \| ---- \| M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2012/09/12 17:19:44 \| 000,947,176 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2009/04/11 01:27:36 \| 002,926,592 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/26 03:15:26 \| 000,361,808 \| ---- \| M] () -- C:\WINDOWS\SMINST\BLService.exe PRC - [2008/04/15 15:42:16 \| 000,070,912 \| ---- \| M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe PRC - [2007/01/04 16:38:08 \| 000,024,652 \| ---- \| M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013/01/10 20:43:21 \| 012,433,920 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll MOD - [2013/01/10 20:43:04 \| 001,593,856 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013/01/10 20:36:17 \| 007,977,984 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013/01/10 20:36:04 \| 011,492,352 \| ---- \| M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2008/06/12 00:18:38 \| 000,120,216 \| ---- \| M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll MOD - [2008/06/12 00:18:36 \| 000,259,480 \| ---- \| M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll MOD - [2008/06/12 00:18:34 \| 000,345,384 \| ---- \| M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - File not found [Auto \| Running] -- C:\Program Files\Spybot -- (SDWSCService) SRV - File not found [Auto \| Running] -- C:\Program Files\Spybot -- (SDUpdateService) SRV - File not found [Auto \| Running] -- C:\Program Files\Spybot -- (SDScannerService) SRV - [2013/01/21 10:32:45 \| 000,251,400 \| ---- \| M] (Adobe Systems Incorporated) [On_Demand \| Stopped] -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/01/16 15:10:51 \| 000,115,608 \| ---- \| M] (Mozilla Foundation) [On_Demand \| Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/09/12 17:25:24 \| 000,287,824 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012/09/12 17:25:22 \| 000,020,472 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2008/04/26 03:15:26 \| 000,361,808 \| ---- \| M] () [Auto \| Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008/01/20 21:33:00 \| 000,272,952 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/01/04 16:38:08 \| 000,024,652 \| ---- \| M] (Viewpoint Corporation) [Auto \| Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel \| On_Demand \| Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel \| On_Demand \| Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel \| On_Demand \| Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012/08/30 22:03:50 \| 000,099,272 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011/05/13 05:21:06 \| 000,136,808 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011/05/13 05:21:06 \| 000,121,064 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011/05/13 05:21:06 \| 000,114,280 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011/05/13 05:21:06 \| 000,012,776 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2009/01/20 08:49:26 \| 000,142,848 \| ---- \| M] (Realtek Corporation ) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008/10/03 05:39:28 \| 000,222,208 \| ---- \| M] (Conexant Systems Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2008/06/04 12:54:22 \| 000,113,664 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2008/04/27 13:07:44 \| 000,909,824 \| ---- \| M] (Atheros Communications, Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr) DRV - [2007/10/17 18:36:54 \| 000,008,704 \| ---- \| M] (Conexant Systems, Inc.) [Kernel \| Auto \| Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/06/18 19:12:04 \| 000,016,768 \| ---- \| M] (Hewlett-Packard Development Company, L.P.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2006/11/02 02:30:56 \| 000,429,056 \| ---- \| M] (NVIDIA Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\System32\drivers\nvm60x32.sys -- (NVENETFD) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.safesearch.net/?utm_medium=i···E1D044F3 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.safesearch.net/?utm_medium=i···E1D044F3 IE - HKLM\..\SearchScopes,DefaultScope = {4B51C980-C6B0-11E1-9136-AED16088709B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···M=IE8SRC IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = »search.aol.com/aolcom/search?que···=TB50ie7 IE - HKLM\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = »www.safesearch.net/search?q={sea···E1D044F3 IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7 IE - HKLM\..\SearchScopes\{DA71D6D0-86E6-4E56-8D0C-091B3BDE27BA}: "URL" = »www.ask.com/web?q={searchTerms}&···&o=uscql IE - HKLM\..\SearchScopes\{DD5CBF50-166B-4E45-98BF-1EA1B2240667}: "URL" = »search.yahoo.com/search?p={searc···=hp-psnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.safesearch.net/?utm_medium=i···E1D044F3 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.safesearch.net/?utm_medium=i···E1D044F3 IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···M=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = »search.babylon.com/?q={searchTer···4d07909d IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = »search.aol.com/aolcom/search?que···=TB50ie7 IE - HKCU\..\SearchScopes\{4B51C980-C6B0-11E1-9136-AED16088709B}: "URL" = »www.safesearch.net/search?q={sea···E1D044F3 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = »www.google.com/search?q={searchT···ceid=ie7 IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = »www2.inbox.com/search/dispatcher···3&lng=en IE - HKCU\..\SearchScopes\{DA71D6D0-86E6-4E56-8D0C-091B3BDE27BA}: "URL" = »www.ask.com/web?q={searchTerms}&···&o=uscql IE - HKCU\..\SearchScopes\{DD5CBF50-166B-4E45-98BF-1EA1B2240667}: "URL" = »search.yahoo.com/search?p={searc···=hp-psnb IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "SafeSearch" FF - prefs.js..browser.search.order.1: "SafeSearch" FF - prefs.js..browser.search.selectedEngine: "SafeSearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.safesearch.net/?utm_medium=ff&utm_campaign=21&utm_source=sm&utm_content=1&utm_term=EB1CFD55E1D044F3" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll () FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Compaq\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/07/26 01:26:25 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/29 00:40:46 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/21 10:21:22 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Compaq\AppData\Roaming\Mozilla\Extensions [2013/01/29 00:40:46 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/01/16 15:11:06 \| 000,262,552 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013/01/16 15:10:30 \| 000,002,465 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013/01/16 15:10:30 \| 000,002,058 \| ---- \| M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [color=#E56717]========== Chrome ==========[/color] CHR - homepage: »www.safesearch.net/?utm_medium=c···E1D044F3 CHR - default_search_provider: SafeSearch (Enabled) CHR - default_search_provider: search_url = »www.safesearch.net/search?q={sea···E1D044F3 CHR - default_search_provider: suggest_url = CHR - homepage: »www.safesearch.net/?utm_medium=c···E1D044F3 CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U38 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: SafeSearch (Enabled) = C:\Program Files\SafeSearch\npsafesearch.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Compaq\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll CHR - plugin: Java Deployment Toolkit 6.0.380.5 (Enabled) = C:\Windows\system32\npdeployJava1.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: SocialSearchBar_App = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbcibndhffhhbokgpbpecjmejjcgcej\10.14.40.128_0\ CHR - Extension: Google Docs = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.4_0\ CHR - Extension: Google Drive = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: avast! WebRep = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: Gmail = C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006/09/18 16:41:30 \| 000,000,761 \| ---- \| M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found. O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_38) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_38) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_38) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{687FA3F2-7F89-49EE-976A-D904CB9B4197}: DhcpNameServer = 192.168.3.1 O20 - AppInit_DLLs: (c:\progra~2\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img2.jpg O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img2.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/07/26 01:01:12 \| 000,000,074 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/01/29 02:10:34 \| 000,602,112 \| ---- \| C] (OldTimer Tools) -- C:\Users\Compaq\Desktop\OTL.exe [2013/01/29 02:08:21 \| 000,448,512 \| ---- \| C] (OldTimer Tools) -- C:\Users\Compaq\Desktop\TFC.exe [2013/01/29 01:12:59 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Spybot - Search & Destroy [2013/01/29 01:12:42 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013/01/29 01:12:30 \| 000,015,224 \| ---- \| C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe [2013/01/29 01:12:13 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Spybot - Search & Destroy 2 [2013/01/29 00:41:04 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Mozilla Maintenance Service [2013/01/29 00:40:44 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Mozilla Firefox [2013/01/28 21:34:43 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013/01/28 21:34:40 \| 000,000,000 \| ---D \| C] -- C:\Program Files\CCleaner [2013/01/28 21:32:26 \| 000,000,000 \| ---D \| C] -- C:\Users\Compaq\AppData\Roaming\Malwarebytes [2013/01/28 21:32:10 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/01/28 21:32:02 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2013/01/28 21:31:58 \| 000,021,104 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/01/28 21:31:58 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/01/23 17:32:34 \| 000,018,360 \| ---- \| C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe [2013/01/21 18:18:00 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013/01/21 18:14:00 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\AVAST Software [2013/01/21 18:14:00 \| 000,000,000 \| ---D \| C] -- C:\Program Files\AVAST Software [2013/01/21 18:09:42 \| 000,000,000 \| -H-D \| C] -- C:\ProgramData\Common Files [2013/01/21 18:09:42 \| 000,000,000 \| ---D \| C] -- C:\Users\Compaq\AppData\Local\MFAData [2013/01/21 18:09:42 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\MFAData [2013/01/21 18:09:42 \| 000,000,000 \| ---D \| C] -- C:\Users\Compaq\AppData\Local\Avg2013 [2013/01/21 18:06:52 \| 000,000,000 \| ---D \| C] -- C:\Users\Compaq\Documents\Add-in Express [2013/01/21 18:06:39 \| 000,000,000 \| ---D \| C] -- C:\Users\Compaq\AppData\Roaming\AVSoftware [2013/01/21 10:32:55 \| 000,000,000 \| ---D \| C] -- C:\Users\Compaq\AppData\Local\Macromedia [2013/01/21 10:21:01 \| 000,000,000 \| ---D \| C] -- C:\Users\Compaq\AppData\Roaming\Mozilla [2013/01/21 10:21:01 \| 000,000,000 \| ---D \| C] -- C:\Users\Compaq\AppData\Local\Mozilla [2013/01/21 10:20:53 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Mozilla [2013/01/20 11:01:35 \| 000,000,000 \| ---D \| C] -- C:\Windows\System32\searchplugins [2013/01/20 11:01:35 \| 000,000,000 \| ---D \| C] -- C:\Windows\System32\Extensions [2013/01/20 11:01:33 \| 000,000,000 \| ---D \| C] -- C:\Users\Compaq\AppData\Roaming\PicBadges Packages [2013/01/20 11:00:06 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Tarma Installer [2013/01/14 15:42:54 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Google [2013/01/13 23:30:06 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Microsoft Security Client [2013/01/13 23:29:38 \| 000,221,568 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys [2013/01/10 19:14:26 \| 002,382,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/01/10 19:14:25 \| 000,607,744 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/01/10 19:14:25 \| 000,176,640 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/01/10 19:14:25 \| 000,142,848 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013/01/10 19:14:25 \| 000,065,024 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/01/10 19:14:24 \| 001,800,704 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/01/10 19:14:24 \| 000,231,936 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013/01/10 19:14:22 \| 001,427,968 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013/01/10 19:06:00 \| 000,009,728 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\Wdfres.dll [2013/01/10 19:05:53 \| 000,172,032 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll [2013/01/10 19:05:53 \| 000,047,720 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys [2013/01/10 19:05:53 \| 000,016,896 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\winusb.dll [2013/01/10 19:05:52 \| 000,613,888 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll [2013/01/10 19:05:52 \| 000,038,912 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll [2013/01/10 19:03:13 \| 000,293,376 \| ---- \| C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2013/01/10 19:03:13 \| 000,034,304 \| ---- \| C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2013/01/10 12:28:47 \| 002,048,000 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013/01/10 12:28:45 \| 000,376,320 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2013/01/10 12:28:45 \| 000,023,040 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe [2013/01/10 12:28:11 \| 000,204,288 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013/01/10 12:27:41 \| 000,002,048 \| ---- \| C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2013/01/08 20:39:39 \| 000,477,168 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2013/01/08 20:39:39 \| 000,473,072 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2013/01/08 20:39:39 \| 000,157,680 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2013/01/08 20:39:39 \| 000,149,488 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2013/01/08 20:39:39 \| 000,149,488 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2013/01/04 01:13:36 \| 000,000,000 \| ---D \| C] -- C:\Users\Compaq\AppData\Local\NPE [2013/01/01 15:57:57 \| 000,000,000 \| ---D \| C] -- C:\Users\Compaq\AppData\Local\iWesoft [2013/01/01 15:55:59 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Free Instagram Downloader [2013/01/01 15:54:09 \| 000,000,000 \| ---D \| C] -- C:\Program Files\DefaultTab [2013/01/01 15:53:30 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Unfriend Checker [2012/12/30 20:08:23 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Symantec [2012/12/30 20:03:17 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Norton Internet Security [2012/12/30 20:03:14 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Norton [2012/12/30 19:58:37 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\NortonInstaller [2012/12/30 19:58:37 \| 000,000,000 \| ---D \| C] -- C:\Program Files\NortonInstaller [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/01/29 02:15:07 \| 000,000,284 \| ---- \| M] () -- C:\Users\Public\Documents\hpqp.ini [2013/01/29 02:14:51 \| 000,003,216 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/29 02:14:50 \| 000,003,216 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/29 02:14:36 \| 000,000,882 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/29 02:14:36 \| 000,000,620 \| ---- \| M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2013/01/29 02:14:19 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2013/01/29 02:14:15 \| 2073,276,416 \| -HS- \| M] () -- C:\hiberfil.sys [2013/01/29 02:10:35 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Users\Compaq\Desktop\OTL.exe [2013/01/29 02:08:37 \| 000,448,512 \| ---- \| M] (OldTimer Tools) -- C:\Users\Compaq\Desktop\TFC.exe [2013/01/29 02:04:50 \| 000,000,616 \| ---- \| M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013/01/29 02:04:50 \| 000,000,446 \| ---- \| M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2013/01/29 01:56:15 \| 000,000,830 \| ---- \| M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/29 01:42:04 \| 000,000,886 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/29 01:12:43 \| 000,001,918 \| ---- \| M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013/01/29 00:52:52 \| 000,312,016 \| ---- \| M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/01/29 00:41:06 \| 000,000,830 \| ---- \| M] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013/01/29 00:41:06 \| 000,000,806 \| ---- \| M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/01/29 00:31:38 \| 000,000,932 \| ---- \| M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2684659167-3542935051-188779129-1000UA.job [2013/01/28 21:34:43 \| 000,000,764 \| ---- \| M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/01/28 21:32:10 \| 000,000,866 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/28 21:24:53 \| 000,000,258 \| RHS- \| M] () -- C:\Users\Compaq\ntuser.pol [2013/01/28 12:42:07 \| 000,000,910 \| ---- \| M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2684659167-3542935051-188779129-1000Core.job [2013/01/26 12:53:25 \| 000,604,502 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2013/01/26 12:53:25 \| 000,104,170 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2013/01/26 12:50:29 \| 000,002,577 \| ---- \| M] () -- C:\Windows\System32\config.nt [2013/01/23 16:48:16 \| 000,001,971 \| ---- \| M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/01/21 21:48:31 \| 000,001,995 \| ---- \| M] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/01/21 10:32:44 \| 000,697,864 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013/01/21 10:32:44 \| 000,074,248 \| ---- \| M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013/01/20 20:41:01 \| 000,004,608 \| ---- \| M] () -- C:\Users\Compaq\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/01/13 23:31:35 \| 000,002,154 \| ---- \| M] () -- C:\Windows\epplauncher.mif [2013/01/10 21:33:49 \| 000,131,072 \| ---- \| M] () -- C:\Windows\System32\Ikeext.etl [2013/01/08 20:39:11 \| 000,157,680 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2013/01/08 20:39:11 \| 000,149,488 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2013/01/08 20:39:11 \| 000,149,488 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2013/01/08 20:39:10 \| 000,477,168 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2013/01/08 20:39:10 \| 000,473,072 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2013/01/01 15:52:28 \| 000,000,680 \| ---- \| M] () -- C:\Users\Compaq\AppData\Local\d3d9caps.dat [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/01/29 01:13:04 \| 000,000,446 \| ---- \| C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job [2013/01/29 01:13:02 \| 000,000,616 \| ---- \| C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job [2013/01/29 01:13:00 \| 000,000,620 \| ---- \| C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job [2013/01/29 01:12:43 \| 000,001,930 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013/01/29 01:12:43 \| 000,001,918 \| ---- \| C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013/01/29 00:41:06 \| 000,000,830 \| ---- \| C] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2013/01/29 00:41:06 \| 000,000,818 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013/01/29 00:41:06 \| 000,000,806 \| ---- \| C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013/01/28 21:34:43 \| 000,000,764 \| ---- \| C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/01/28 21:32:10 \| 000,000,866 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/21 18:17:59 \| 000,001,995 \| ---- \| C] () -- C:\Users\Compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2013/01/21 18:17:59 \| 000,001,971 \| ---- \| C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/01/21 18:06:57 \| 000,000,258 \| RHS- \| C] () -- C:\Users\Compaq\ntuser.pol [2013/01/13 23:31:35 \| 000,002,154 \| ---- \| C] () -- C:\Windows\epplauncher.mif [2013/01/13 23:30:48 \| 000,001,826 \| ---- \| C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013/01/10 21:32:29 \| 000,131,072 \| ---- \| C] () -- C:\Windows\System32\Ikeext.etl [2013/01/10 19:06:09 \| 000,000,003 \| ---- \| C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013/01/10 19:06:09 \| 000,000,003 \| ---- \| C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013/01/01 15:52:28 \| 000,000,680 \| ---- \| C] () -- C:\Users\Compaq\AppData\Local\d3d9caps.dat [2012/10/21 21:36:11 \| 000,004,608 \| ---- \| C] () -- C:\Users\Compaq\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/10/10 01:29:45 \| 000,107,612 \| ---- \| C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012/10/10 01:29:44 \| 000,117,248 \| ---- \| C] () -- C:\Windows\System32\EhStorAuthn.dll [2012/10/09 17:53:20 \| 000,018,904 \| ---- \| C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011/02/11 21:10:52 \| 000,439,308 \| ---- \| C] () -- C:\Windows\System32\igcompkrng500.bin [2011/02/11 21:10:50 \| 000,982,240 \| ---- \| C] () -- C:\Windows\System32\igkrng500.bin [2011/02/11 21:10:50 \| 000,092,356 \| ---- \| C] () -- C:\Windows\System32\igfcg500m.bin [2011/02/11 20:40:40 \| 000,004,096 \| ---- \| C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2011/02/11 20:38:44 \| 000,000,151 \| ---- \| C] () -- C:\Windows\System32\GfxUI.exe.config [color=#E56717]========== ZeroAccess Check ==========[/color] [2006/11/02 07:51:16 \| 000,000,227 \| RHS- \| M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 \| 011,586,048 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 \| 000,614,912 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 \| 000,347,648 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2013/01/21 18:06:39 \| 000,000,000 \| ---D \| M] -- C:\Users\Compaq\AppData\Roaming\AVSoftware [2012/10/24 20:20:04 \| 000,000,000 \| ---D \| M] -- C:\Users\Compaq\AppData\Roaming\OnlineVault [2013/01/20 11:01:33 \| 000,000,000 \| ---D \| M] -- C:\Users\Compaq\AppData\Roaming\PicBadges Packages [2013/01/28 20:51:22 \| 000,000,000 \| ---D \| M] -- C:\Users\Compaq\AppData\Roaming\Systweak [color=#E56717]========== Purity Check ==========[/color] OTL Extras logfile created on: 1/29/2013 2:16:22 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Compaq\Desktop Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 1.93 Gb Total Physical Memory \| 1.16 Gb Available Physical Memory \| 59.92% Memory free 4.10 Gb Paging File \| 3.32 Gb Available in Paging File \| 81.04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 139.71 Gb Total Space \| 90.51 Gb Free Space \| 64.79% Space Free \| Partition Type: NTFS Drive D: \| 9.34 Gb Total Space \| 1.44 Gb Free Space \| 15.45% Space Free \| Partition Type: NTFS Unable to calculate disk information. Computer Name: COMPAQ-PC \| User Name: Compaq \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe::Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe::Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe::Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe::Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{3C8C8D18-6DF0-4C2D-9BCE-92F812D8F724}" = protocol=17 \| dir=in \| app=c:\program files\microsoft office\office12\onenote.exe \| "{880AA6DE-1C3E-499E-BE84-F1158C0E778B}" = dir=in \| app=c:\program files\cyberlink\powerdirector\pdr.exe \| "{8F12F9D3-7DCC-4A3E-A382-4908065B56FE}" = protocol=6 \| dir=in \| app=c:\program files\microsoft office\office12\onenote.exe \| "{926F2246-DC26-4C54-B7A0-2536A5EFCC6F}" = dir=in \| app=c:\program files\hp\quickplay\qpservice.exe \| "{C8F554C7-B099-4399-813F-8A2B38A79F77}" = dir=in \| app=c:\program files\hp\quickplay\qp.exe \| [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1 "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check "{26A24AE4-039D-4CA4-87B4-2F83216038FF}" = Java(TM) 6 Update 38 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 F1 "{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1 "{380357CA-29F4-4B3C-B401-32C057E6B59B}" = HP Smart Web Printing "{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{4D7DF9B2-BCA3-4AF7-9C5F-4ADEB7495F7E}" = HP User Guides 0121 "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1 "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library "{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1 "{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{C27C82E4-9C53-4D76-9ED3-A01A3D5EE679}" = HP Customer Experience Enhancements "{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1 "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor "{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo "{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup "{FE60B87C-63A2-4A45-AC06-FFEFD5DB7846}_is1" = Online Vault "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "CCleaner" = CCleaner "CNXT_AUDIO_HDA" = Conexant HD Audio "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP "Google Chrome" = Google Chrome "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HP Smart Web Printing" = HP Smart Web Printing "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6 "SynTPDeinstKey" = Synaptics Pointing Device Driver "ViewpointMediaPlayer" = Viewpoint Media Player [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "PicBadges Packages" = PicBadges Packages [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 1/27/2013 5:40:56 AM \| Computer Name = Compaq-PC \| Source = WinMgmt \| ID = 10 Description = Error - 1/27/2013 7:27:33 AM \| Computer Name = Compaq-PC \| Source = WinMgmt \| ID = 10 Description = Error - 1/27/2013 7:29:11 AM \| Computer Name = Compaq-PC \| Source = Application Hang \| ID = 1002 Description = The program iexplore.exe version 9.0.8112.16457 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: c38 Start Time: 01cdfc8147dfac82 Termination Time: 171 Error - 1/27/2013 1:51:42 PM \| Computer Name = Compaq-PC \| Source = WinMgmt \| ID = 10 Description = Error - 1/27/2013 10:04:35 PM \| Computer Name = Compaq-PC \| Source = WinMgmt \| ID = 10 Description = Error - 1/28/2013 8:43:51 PM \| Computer Name = Compaq-PC \| Source = WinMgmt \| ID = 10 Description = Error - 1/28/2013 10:20:07 PM \| Computer Name = Compaq-PC \| Source = WinMgmt \| ID = 10 Description = Error - 1/28/2013 10:23:05 PM \| Computer Name = Compaq-PC \| Source = Google Update \| ID = 20 Description = Error - 1/29/2013 1:31:38 AM \| Computer Name = Compaq-PC \| Source = Google Update \| ID = 20 Description = Error - 1/29/2013 1:53:59 AM \| Computer Name = Compaq-PC \| Source = WinMgmt \| ID = 10 Description = [ System Events ] Error - 11/21/2012 2:28:26 PM \| Computer Name = Compaq-PC \| Source = Service Control Manager \| ID = 7000 Description = Error - 11/21/2012 11:18:53 PM \| Computer Name = Compaq-PC \| Source = EventLog \| ID = 6008 Description = The previous system shutdown at 10:17:32 PM on 11/21/2012 was unexpected. Error - 11/21/2012 11:20:35 PM \| Computer Name = Compaq-PC \| Source = Service Control Manager \| ID = 7000 Description = Error - 11/22/2012 3:19:54 AM \| Computer Name = Compaq-PC \| Source = Service Control Manager \| ID = 7011 Description = Error - 11/22/2012 2:39:10 PM \| Computer Name = Compaq-PC \| Source = Service Control Manager \| ID = 7000 Description = Error - 11/22/2012 7:07:08 PM \| Computer Name = Compaq-PC \| Source = Service Control Manager \| ID = 7000 Description = Error - 11/23/2012 2:09:01 PM \| Computer Name = Compaq-PC \| Source = Service Control Manager \| ID = 7000 Description = Error - 11/24/2012 12:37:45 AM \| Computer Name = Compaq-PC \| Source = DCOM \| ID = 10010 Description = Error - 11/24/2012 4:51:52 PM \| Computer Name = Compaq-PC \| Source = Service Control Manager \| ID = 7000 Description = Error - 11/25/2012 1:18:58 AM \| Computer Name = Compaq-PC \| Source = Service Control Manager \| ID = 7000 Description = -- Stop The Mindless Killings Stop Over Fishing
	to forum · permalink · 2013-01-29 12:37:09 ·
dolphins Clean Up Our Oceans Premium join:2001-08-22 Westville, NJ kudos:3 Reviews: ·Comcast	I have removed all instances AVsoftware (SafeSearch) in the registry. I also did a thorough search and destroy of the registry using Spybot S&D's findings as a guideline as to what to look for and all is well. Spybot S&D was able to finish cleaning up the leftovers. Avast MBAM SuperAntiSpyware ESET MS Security Essentials All give it a clean bill of health. -- Stop The Mindless Killings Stop Over Fishing
	to forum · permalink · 2013-01-29 21:09:54 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Ruckersville, VA kudos:5	Hi Dolphins. Please download AdwCleaner by Xplode onto your desktop. `http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner` - Close all open programs and internet browsers. - Double click on AdwCleaner.exe to run the tool. - Click on Delete. - Follow the prompts to reboot the computer. A text file will open after the restart. - Please post the content of that logfile with your next answer. - You can find the logfile at C:\AdwCleaner[S1].txt as well. Your Java is outdated and vulnerable. Updating Java: Download the latest version of Java Runtime Environment (JRE) 7. - In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right. - In the Window that opens, click the "Accept License Agreement" button - Download the file for Windows x86 Offline (jre-7u11-windows-i586.exe) and save to your Desktop. - Close any programs you may have running - especially your web browser. - Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java. --- Java(TM) 6 Update 38 --- Java(TM) 6 Update 5 --- Any other older version you may have installed - Then from your Desktop double-click on the new version you downloaded and install it. - I recommend that Go into the Java Control Panel (Start > Control Panel > Java), and in the Security tab UNCHECK the box for "Enable Java content in the browser". Even better might be to not reinstall it if you don't really need it. Your Adobe Acrobat Reader is outdated and vulnerable. I would also uninstall that and download the new version from »get.adobe.com/reader/. Be sure you UNCHECK the box for the optional download of McAfee Security Scan Plus unless you really want it. Please post the log for AdwCleaner and note any errors encountered. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	to forum · permalink · 2013-01-30 00:17:00 ·
dolphins Clean Up Our Oceans Premium join:2001-08-22 Westville, NJ kudos:3 Reviews: ·Comcast	Hmmm... that's a nice little tool. # AdwCleaner v2.109 - Logfile created 01/30/2013 at 00:23:39 # Updated 26/01/2013 by Xplode # Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits) # User : Compaq - COMPAQ-PC # Boot Mode : Normal # Running from : C:\Users\Compaq\Downloads\adwcleaner.exe # Option [Delete] *** [Services] * Stopped & Deleted : Viewpoint Manager Service * [Files / Folders] * File Deleted : C:\END File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk Folder Deleted : C:\Program Files\Ask.com Folder Deleted : C:\Program Files\DefaultTab Folder Deleted : C:\Program Files\MyFunCards_5m Folder Deleted : C:\Program Files\Viewpoint Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\ProgramData\Viewpoint Folder Deleted : C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Extensions\afbcibndhffhhbokgpbpecjmejjcgcej Folder Deleted : C:\Users\Compaq\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Compaq\AppData\LocalLow\BabylonToolbar Folder Deleted : C:\Users\Compaq\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Compaq\AppData\LocalLow\MyFunCards_5m * [Registry] * Key Deleted : HKCU\Software\5268a88b135bd46 Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\Google\Chrome\Extensions\afbcibndhffhhbokgpbpecjmejjcgcej Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{DA71D6D0-86E6-4E56-8D0C-091B3BDE27BA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\afbcibndhffhhbokgpbpecjmejjcgcej Key Deleted : HKLM\Software\MetaStream Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DA71D6D0-86E6-4E56-8D0C-091B3BDE27BA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Deleted : HKLM\Software\Tarma Installer Key Deleted : HKLM\Software\Viewpoint Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}] * [Internet Browsers] * -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v18.0.1 (en-US) File : C:\Users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\cjh9tsv9.default\prefs.js [OK] File is clean. -\\ Google Chrome v [Unable to get version] File : C:\Users\Compaq\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. *********************** AdwCleaner[S1].txt - [6326 octets] - [30/01/2013 00:23:39] ########## EOF - C:\AdwCleaner[S1].txt - [6386 octets] ########## -- Stop The Mindless Killings Stop Over Fishing
	to forum · permalink · 2013-01-30 00:46:59 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Ruckersville, VA kudos:5	Let's scan your system with an online scanner other than the one you have installed are your real-time scanner. Please scan your system with ESET Online Scanner `http://www.eset.com/us/online-scanner` - Click the "Run ESET Online Scanner" button. -- For browsers other then Internet Explorer such as Firefox, Chrome, or Opera (Microsoft Internet Explorer users can skip this step) another page will open to download the ESET Smart Installer -- Click on esetsmartinstaller_enu.exe -- Save it to your desktop, and double-click to run it. - Check "YES, I accept the Terms of Use." - Click the Start button. - Accept any security warnings from your browser. - Under scan settings, check "Scan Archives" and "Remove found threats" - Click Advanced settings and select the following: -- Scan potentially unwanted applications -- Scan for potentially unsafe applications -- Enable Anti-Stealth technology - ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. - When the scan completes, click List Threats - Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. - Click the Back button. - Click the Finish button. Please post the log from ESET Online Scanner. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	to forum · permalink · 2013-01-30 07:10:41 ·
dolphins Clean Up Our Oceans Premium join:2001-08-22 Westville, NJ kudos:3 Reviews: ·Comcast	ESET scan results: C:\Users\Compaq\AppData\Roaming\PicBadges Packages\uninstaller.exe a variant of Win32/InstallCore.AZ application cleaned by deleting - quarantined -- Stop The Mindless Killings Stop Over Fishing
	to forum · permalink · 2013-01-30 13:15:09 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Ruckersville, VA kudos:5	I think we are through unless there is a remaining issue. To remove all of the tools we used and the files and folders they created, please download OTC.exe by OldTimer: `http://oldtimer.geekstogo.com/OTC.exe` - Save it to your Desktop. - Double click OTC.exe. - Click the CleanUp! button. - If you are prompted to Reboot during the cleanup, select Yes. - The tool will delete itself once it finishes. Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. To help keep malware off your system: - Keep Windows updated at Windows Update or Microsoft Update. - Keep your other applications updated, there are vulnerabilities that rely on exploits through other programs like Java, Microsoft Office, Adobe Reader, Flash, and others. - Run a program like Secunia Online Software Inspector or FileHippo Update Checker to see what programs need to be updated. - Be careful with flash drives, as they can spread infections. See this post on USB/flash drive safety. - Stay away from P2P software; even with a clean P2P program, their networks are often riddled with malware. - Don't click on attachments or links in e-mail, and read your e-mail in text-only mode for the highest safety. - Don't click on links received in instant message programs. - In place of Internet Explorer, browse with Firefox with the NoScript and AdBlock Plus add-ons. - A HOSTS file will prevent Internet Explorer from communicating with sites known to be associated with adware or spyware. A good regularly updated HOST file is MVPS HOSTS File, available at »www.mvps.org/winhelp2002/hosts.htm - A free non-resident utility to prevent the installation of ActiveX-based malware is JavaCool's SpywareBlaster. For real-time protection, there is SpywareGuard. Both are available at »www.javacoolsoftware.com/products.html - I recommend reading Tony Klein's article So How did I get Infected in the First Place? at »www.spywareinfoforum.com/index.p···ic=60955 Does your problem appear resolved? -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	to forum · permalink · 2013-01-30 21:43:24 ·
dolphins Clean Up Our Oceans Premium join:2001-08-22 Westville, NJ kudos:3	Thank you, much appreciated.
	to forum · permalink · 2013-01-30 22:53:06 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Ruckersville, VA kudos:5	I'm glad we could help.
	to forum · permalink · 2013-02-01 21:47:05 ·

Broadband Tech > Security > Security Cleanup > SafeSearch hijack