Anthony931

Ok.... I think I finally have everything straight, of course only by you expertise!!!! I just have a couple of questions if that would be ok? I went to the site/forum you referred to on "Preventive Maintenance" and installed a whole slew of the programs you recommended, but I am not sure if I got everything covered... Can you look over it? Currently I am running: AVG Free 2013 Advanced System Care (should I still keep?) Malwarebytes (purchasing Pro version tomorrow) Windows Firewall (is that sufficiant?) ERUNT w/mod to run backup daily WOT Open DNS Secunia (not sure if I like?? It keeps saying Mozilla need update when I did update, and it is most current) Browsers Mozilla/Google Chrome I did all repairs/deletes as recommended. Lastly what are your thoughts on password managers? I read an article that referred to "LastPass and KeePass", I know passwords are another weak area for me.... I just want to say how EXTREMELY THANKFUL I am for all of your great help!!! I left feedback and will be heading to make donation tomorrow! You really saved me and my computer

# AdwCleaner v2.113 - Logfile created 03/03/2013 at 20:52:08 # Updated 23/02/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (64 bits) # User : poison ivy - ANTHONY # Boot Mode : Normal # Running from : C:\Users\poison ivy\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** Stopped & Deleted : Application Updater ***** [Files / Folders] ***** Deleted on reboot : C:\Program Files (x86)\Application Updater Deleted on reboot : C:\Program Files (x86)\AVG Secure Search Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search Deleted on reboot : C:\Program Files (x86)\Common Files\spigot Deleted on reboot : C:\Program Files (x86)\Conduit Deleted on reboot : C:\Program Files (x86)\Free Offers from Freeze.com Deleted on reboot : C:\Program Files (x86)\Linkury Deleted on reboot : C:\ProgramData\~0 Deleted on reboot : C:\ProgramData\AVG Secure Search Deleted on reboot : C:\ProgramData\boost_interprocess Deleted on reboot : C:\ProgramData\InstallMate Deleted on reboot : C:\ProgramData\Linkury Deleted on reboot : C:\ProgramData\Premium Deleted on reboot : C:\ProgramData\Tarma Installer Deleted on reboot : C:\Users\poison ivy\AppData\Local\AVG Secure Search Deleted on reboot : C:\Users\poison ivy\AppData\Local\Conduit Deleted on reboot : C:\Users\poison ivy\AppData\LocalLow\AVG Secure Search Deleted on reboot : C:\Users\poison ivy\AppData\LocalLow\AVG Security Toolbar Deleted on reboot : C:\Users\poison ivy\AppData\LocalLow\Conduit Deleted on reboot : C:\Users\poison ivy\AppData\LocalLow\PriceGong Deleted on reboot : C:\Users\poison ivy\AppData\LocalLow\Search Settings Deleted on reboot : C:\Users\poison ivy\AppData\LocalLow\wxDfast Deleted on reboot : C:\Users\poison ivy\AppData\Roaming\iWin Deleted on reboot : C:\Users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\Smartbar File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Deleted : C:\Users\poison ivy\AppData\Local\funmoods-speeddial.crx File Deleted : C:\Users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\searchplugins\Conduit.xml File Deleted : C:\Users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\searchplugins\search.xml File Deleted : C:\Users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\searchplugins\Search_Results.xml File Deleted : C:\Users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\searchplugins\Web Search.xml ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Freeze.com Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SProtector Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Search Settings Key Deleted : HKCU\Software\SProtector Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKLM\Software\Application Updater Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\Software\Search Settings Key Deleted : HKLM\Software\SProtector Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SProtector Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16464 Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=US&userid=978a4256-38d8-4fb2-98d9-f8260c7a5343&searchtype=ds&isid=9860&q={searchTerms} --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=US&userid=978a4256-38d8-4fb2-98d9-f8260c7a5343&searchtype=ds&isid=9860&q={searchTerms} --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0ByEyB0AtC0F0Czy0BzzyCtN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=874237943 --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.gboxapp.com/ --> hxxp://www.google.com -\\ Mozilla Firefox v14.0.1 (en-US) File : C:\Users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\prefs.js C:\Users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\user.js ... Deleted ! [OK] File is clean. -\\ Google Chrome v25.0.1364.97 File : C:\Users\poison ivy\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.2913] : homepage = "hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=US&userid=978a4256-38d8-[...] Deleted [l.2917] : urls_to_restore_on_startup = [ "hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=U[...] ************************* AdwCleaner[R1].txt - [13466 octets] - [03/03/2013 17:57:07] AdwCleaner[R2].txt - [13527 octets] - [03/03/2013 20:51:48] AdwCleaner[s1].txt - [12777 octets] - [03/03/2013 20:52:08] ########## EOF - C:\AdwCleaner[s1].txt - [12838 octets] ########## Results of screen317's Security Check version 0.99.60 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG Anti-Virus Free Edition 2013 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 JavaFX 2.1.1 Java 6 Update 30 Java 7 Update 15 Java 6 Update 7 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.6.602.171 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox 14.0.1 Firefox out of Date! Google Chrome 24.0.1312.57 Google Chrome 25.0.1364.97 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0 % ````````````````````End of Log``````````````````````

# AdwCleaner v2.113 - Logfile created 03/03/2013 at 17:57:07 # Updated 23/02/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (64 bits) # User : poison ivy - ANTHONY # Boot Mode : Normal # Running from : C:\Users\poison ivy\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** Found : Application Updater ***** [Files / Folders] ***** File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Found : C:\Users\poison ivy\AppData\Local\funmoods-speeddial.crx File Found : C:\Users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\searchplugins\Conduit.xml File Found : C:\Users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\searchplugins\search.xml File Found : C:\Users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\searchplugins\Search_Results.xml File Found : C:\Users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\searchplugins\Web Search.xml Folder Found : C:\Program Files (x86)\Application Updater Folder Found : C:\Program Files (x86)\AVG Secure Search Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search Folder Found : C:\Program Files (x86)\Common Files\spigot Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com Folder Found : C:\Program Files (x86)\Linkury Folder Found : C:\ProgramData\~0 Folder Found : C:\ProgramData\AVG Secure Search Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\ProgramData\InstallMate Folder Found : C:\ProgramData\Linkury Folder Found : C:\ProgramData\Premium Folder Found : C:\ProgramData\Tarma Installer Folder Found : C:\Users\poison ivy\AppData\Local\AVG Secure Search Folder Found : C:\Users\poison ivy\AppData\Local\Conduit Folder Found : C:\Users\poison ivy\AppData\LocalLow\AVG Secure Search Folder Found : C:\Users\poison ivy\AppData\LocalLow\AVG Security Toolbar Folder Found : C:\Users\poison ivy\AppData\LocalLow\Conduit Folder Found : C:\Users\poison ivy\AppData\LocalLow\PriceGong Folder Found : C:\Users\poison ivy\AppData\LocalLow\Search Settings Folder Found : C:\Users\poison ivy\AppData\LocalLow\wxDfast Folder Found : C:\Users\poison ivy\AppData\Roaming\iWin Folder Found : C:\Users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\Smartbar ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\Search Settings Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AVG Secure Search Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Freeze.com Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SProtector Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKCU\Software\Search Settings Key Found : HKCU\Software\SProtector Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Found : HKLM\Software\Application Updater Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\Software\AVG Security Toolbar Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found : HKLM\Software\Search Settings Key Found : HKLM\Software\SProtector Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SProtector Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} Key Found : HKU\S-1-5-21-1979295427-1695586493-4125868058-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKU\S-1-5-21-1979295427-1695586493-4125868058-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found : HKU\S-1-5-21-1979295427-1695586493-4125868058-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22} Key Found : HKU\S-1-5-21-1979295427-1695586493-4125868058-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://isearch.avg.com/?cid={3C41BA6B-708B-46B6-A8CE-ACB3730C53D8}&mid=d3acce167b3747d19c15d16a1cfab21a-0683ef56e8bb54583666e5b252ce1f066d32b74c〈=en&ds=AVG&pr=fr&d=2012-05-30 07:50:12&v=11.1.0.12&sap=hp [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=US&userid=978a4256-38d8-4fb2-98d9-f8260c7a5343&searchtype=ds&isid=9860&q={searchTerms} [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=US&userid=978a4256-38d8-4fb2-98d9-f8260c7a5343&searchtype=ds&isid=9860&q={searchTerms} [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0ByEyB0AtC0F0Czy0BzzyCtN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=874237943 [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.gboxapp.com/ -\\ Mozilla Firefox v14.0.1 (en-US) File : C:\Users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\prefs.js [OK] File is clean. -\\ Google Chrome v25.0.1364.97 File : C:\Users\poison ivy\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.2917] : homepage = "hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=US&userid=978a4256-38d8-4fb2-98d9-f8260c7a5343&searchtype=hp&isid=9860", Found [l.2921] : urls_to_restore_on_startup = [ "hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=US&userid=978a4256-38d8-4fb2-98d9-f8260c7a5343&searchtype=hp&isid=9860" ] ************************* AdwCleaner[R1].txt - [13363 octets] - [03/03/2013 17:57:07] ########## EOF - C:\AdwCleaner[R1].txt - [13424 octets] ########## The only thing I have a question on is the AVG secure search and AVG security toolbar...I was under the impression that these were helpful and they were added from my virus scanner,can you please explain?. Thanks

ComboFix 13-03-02.01 - poison ivy 03/03/2013 13:20:44.1.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2217 [GMT -6:00] Running from: c:\users\poison ivy\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\chrome.manifest c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\funmoods.css c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\funmoods.xul c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\images\pref.jpg c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\arwDwn.gif c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ae.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\bg.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ch.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cn.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\cz.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\de.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\eg.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\en.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\es.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\fr.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\gr.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\he.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\il.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\it.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ja.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\jp.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\nl.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\no.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pl.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\pt.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ro.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ru.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sa.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\se.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\sv.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\tr.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\ua.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\flgs\us.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\help_16.gif c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\home.gif c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\logo.png c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\privecy_16_hot.gif c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\imgs\tellafriend.gif c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\loader.xul c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\mtstart.js c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\preferences.xul c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\content\tmplt.js c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\install.rdf c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.rsa c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\META-INF\le_c6a58f26_4d2d_4341_b387_c4f2289b6170.sf c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\ffxtlbr@funmoods.com\META-INF\manifest.mf c:\users\Public\invokesi.exe . . ((((((((((((((((((((((((( Files Created from 2013-02-03 to 2013-03-03 ))))))))))))))))))))))))))))))) . . 2013-03-03 19:33 . 2013-03-03 20:45 -------- d-----w- c:\users\poison ivy\AppData\Local\temp 2013-02-28 07:03 . 2013-02-28 07:03 -------- d-----w- c:\program files\iPod(15) 2013-02-28 07:02 . 2013-02-28 07:04 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69(17) 2013-02-28 07:02 . 2013-02-28 07:04 -------- d-----w- c:\program files (x86)\iTunes(12) 2013-02-28 06:52 . 2013-03-02 23:05 -------- d-----w- c:\users\poison ivy\{fcf14047-f672-49cf-ab67-2e11731f6130} 2013-02-28 06:47 . 2013-03-02 23:05 -------- d-----w- c:\program files (x86)\QuickTime 2013-02-27 15:09 . 2013-02-27 15:09 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} 2013-02-27 15:08 . 2013-03-02 23:05 -------- d-----w- c:\program files (x86)\Application Updater 2013-02-27 15:08 . 2013-03-02 23:05 -------- d-----w- c:\program files (x86)\IObit Apps Toolbar 2013-02-27 15:08 . 2013-02-27 15:08 -------- d-----w- c:\program files (x86)\Common Files\Spigot 2013-02-27 14:19 . 2013-02-27 14:19 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2013-02-14 12:22 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2013-02-14 12:22 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\vgx\VGX.dll 2013-02-14 12:02 . 2013-01-09 01:22 10925568 ----a-w- c:\windows\system32\ieframe.dll 2013-02-13 22:57 . 2013-01-04 11:31 1423720 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 22:57 . 2013-01-04 01:59 2773504 ----a-w- c:\windows\system32\win32k.sys 2013-02-13 22:57 . 2012-11-08 04:26 1570816 ----a-w- c:\windows\system32\quartz.dll 2013-02-13 22:57 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\SysWow64\quartz.dll 2013-02-13 22:56 . 2013-01-05 05:37 4695400 ----a-w- c:\windows\system32\ntoskrnl.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-27 14:19 . 2012-07-20 05:47 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-02-27 14:19 . 2010-04-25 17:19 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-27 05:29 . 2012-04-11 15:01 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-27 05:29 . 2012-01-29 08:24 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-18 15:47 . 2012-09-04 14:12 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-02-14 12:15 . 2006-11-02 12:35 70004024 ----a-w- c:\windows\system32\mrt.exe 2013-01-16 00:49 . 2012-11-07 16:51 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe 2012-12-21 09:01 . 2012-12-21 09:00 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F7F513BB-968E-4B3B-B953-D750BF348E41}\offreg.dll 2012-12-16 13:31 . 2012-12-21 12:01 48128 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 13:12 . 2012-12-21 12:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-16 11:08 . 2012-12-21 12:01 368128 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 10:50 . 2012-12-21 12:01 293376 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-14 22:49 . 2010-11-07 00:08 24176 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll" [2013-02-24 1352512] . [HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] 2013-02-24 01:17 1352512 ----a-w- c:\program files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{03EB0E9C-7A91-4381-A220-9B52B641CDB1}"= "c:\program files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll" [2013-02-24 1352512] . [HKEY_CLASSES_ROOT\clsid\{03eb0e9c-7a91-4381-a220-9b52b641cdb1}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "Advanced SystemCare 6"="c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-16 491840] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104] "HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-18 1151152] "TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-30 1328424] "CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-30 185640] "dcmsvc"="c:\program files (x86)\dcmsvc\dcmsvc.exe" [2009-04-07 30440] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704] "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-12-25 295072] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-02-24 1297728] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . R2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x] S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-16 465216] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [2008-09-27 89088] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 18:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 05:29] . 2013-03-03 c:\windows\Tasks\Final Media Player Update Checker.job - c:\program files (x86)\FinalMediaPlayer\FMPCheckForUpdates.exe [2012-08-25 19:24] . 2013-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1979295427-1695586493-4125868058-1000Core.job - c:\users\poison ivy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 00:01] . 2013-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1979295427-1695586493-4125868058-1000UA.job - c:\users\poison ivy\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-23 00:01] . 2009-03-30 c:\windows\Tasks\HPCeeScheduleForpoison ivy.job - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34] . . --------- X64 Entries ----------- . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ie uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://search.gboxapp.com/ mDefault_Page_URL = hxxp://www.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=US&userid=978a4256-38d8-4fb2-98d9-f8260c7a5343&searchtype=ds&isid=9860&q={searchTerms} IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 24.159.64.23 24.217.201.67 24.177.176.38 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll FF - ProfilePath - c:\users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p= FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ff FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0ByEyB0AtC0F0Czy0BzzyCtN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=874237943 FF - user.js: extensions.funmoods.dfltSrch - true FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0ByEyB0AtC0F0Czy0BzzyCtN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=874237943 FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0ByEyB0AtC0F0Czy0BzzyCtN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=874237943&q= FF - user.js: extensions.funmoods.id - 00242B47A1FC9B86 FF - user.js: extensions.funmoods.instlDay - 15542 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.222:8:35 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - axl FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - axl FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.turbo.enabled - true FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.chrome.favicons - false FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: content.notify.ontimer - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.switch.threshold - 750000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . - - - - ORPHANS REMOVED - - - - . BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file) Toolbar-10 - (no file) Wow6432Node-HKCU-RunServices-JavaFXStudio1.0.0.1 - c:\users\poison ivy\appdata\locallow\sun\java\deployment\systemcache\6.0\46\f84c6ae-7b21986b-n\visualmsvcr71.exe Wow6432Node-HKLM-Run-UCam_Menu - c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe Wow6432Node-HKLM-Run-UpdateLBPShortCut - c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe Wow6432Node-HKLM-Run-UpdatePSTShortCut - c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe Wow6432Node-HKLM-Run-UpdateP2GoShortCut - c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe Wow6432Node-HKLM-Run-UpdatePDIRShortCut - c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-WudfPf SafeBoot-WudfRd Toolbar-10 - (no file) WebBrowser-{9565115D-C7D6-46D3-BD63-B67B481A4368} - (no file) WebBrowser-{F9BBF004-6E40-4019-8214-C43A37E1D058} - (no file) HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}] "ImagePath"="\??\c:\program files (x86)\HP\QuickPlay\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_171.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Application Updater\ApplicationUpdater.exe c:\program files (x86)\AVG\AVG2013\avgidsagent.exe c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe c:\program files (x86)\SMINST\BLService.exe c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe . ************************************************************************** . Completion time: 2013-03-03 14:50:45 - machine was rebooted ComboFix-quarantined-files.txt 2013-03-03 20:50 . Pre-Run: 146,194,198,528 bytes free Post-Run: 149,398,163,456 bytes free . - - End Of File - - 056004EE391F84C458DBC247E6AF2416

RogueKiller V8.5.2 _x64_ [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : poison ivy [Admin rights] Mode : Scan -- Date : 03/03/2013 11:19:22 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [sHELL][Rans.Gendarm] HKCU\[...]\Windows : Load (C:\Users\poison ivy\Local Settings\Temp\mssoxak.bat) [x] -> FOUND [sHELL][Rans.Gendarm] HKUS\S-1-5-21-1979295427-1695586493-4125868058-1000[...]\Windows : Load (C:\Users\poison ivy\Local Settings\Temp\mssoxak.bat) [x] -> FOUND [TASK][sUSP PATH] GBoxUpdaterTask{C0EBD2E0-95AC-4A85-9556-5F7BFF98FBDB}.job : C:\ProgramData\GBox\GBox.exe /schedule /profilepath "C:\ProgramData\GBox\profile.ini" [x] -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Rans.Gendarm ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEVT-60ZCT1 ATA Device +++++ --- User --- [MBR] b424df27bf04a85c6a2b283f75a9bf42 [bSP] 0046ad4d393ab0194bcc5e4e3109c6c0 : Toshiba MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 292028 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598075392 | Size: 13213 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_03032013_02d1119.txt >> RKreport[1]_S_03032013_02d1119.txt

Please help me with my computer..... Malwarebytes detected PUM.UserWLoad & Trojan.Ransom! My AVG anti-virus and Advanced System Care did not catch before it infected my computer. I have run all program scans including Malwarebytes and I can not get rid of it. Computer is running slow displaying registry errors and randomly shutting down. Any help would be greatly appreciated! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2 Run by poison ivy at 2:49:43 on 2013-03-03 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.2373 [GMT -6:00] . AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2013\avgrsa.exe C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\atiesrxx.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\Hpservice.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\WLANExt.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe C:\Windows\system32\agr64svc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe C:\Program Files (x86)\AVG\AVG2013\avgemca.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files (x86)\SMINST\BLService.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Windows\ehome\ehtray.exe C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\dcmsvc\dcmsvc.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\osk.exe C:\Windows\hh.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ie uSearch Bar = hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=US&userid=978a4256-38d8-4fb2-98d9-f8260c7a5343&searchtype=ds&isid=9860&q={searchTerms} uSearch Page = hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=US&userid=978a4256-38d8-4fb2-98d9-f8260c7a5343&searchtype=ds&isid=9860&q={searchTerms} uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mStart Page = hxxp://search.gboxapp.com/ mDefault_Page_URL = hxxp://www.yahoo.com/ uSearchAssistant = hxxp://feed.helperbar.com/?publisher=W3iAU&dpid=W3iAU&co=US&userid=978a4256-38d8-4fb2-98d9-f8260c7a5343&searchtype=ds&isid=9860&q={searchTerms} uURLSearchHooks: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll uWindows: Load = C:\Users\POISON~1\LOCALS~1\Temp\mssoxak.bat BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned> BHO: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned> BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file> TB: IObit Apps Toolbar: {03EB0E9C-7A91-4381-A220-9B52B641CDB1} - C:\Program Files (x86)\IObit Apps Toolbar\IE\7.0\iobitappsToolbarIE.dll uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [Google Update] "C:\Users\poison ivy\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Advanced SystemCare 6] "C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart uRunServices: [JavaFXStudio1.0.0.1] c:\users\poison ivy\appdata\locallow\sun\java\deployment\systemcache\6.0\46\f84c6ae-7b21986b-n\visualmsvcr71.exe mRun: [uCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam" mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" mRun: [updatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" mRun: [dcmsvc] "C:\Program Files (x86)\dcmsvc\dcmsvc.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [searchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 24.159.64.23 24.217.201.67 24.177.176.38 TCP: Interfaces\{7FAE03DA-EBA4-4CAD-967A-917A019D5615} : DHCPNameServer = 24.159.64.23 24.217.201.67 24.177.176.38 Handler: linkscanner - <Clsid value has no data> Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" x64-mStart Page = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0ByEyB0AtC0F0Czy0BzzyCtN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=874237943 x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb x64-BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned> x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide x64-Run: [sysTrayApp] C:\Program Files (x86)\IDT\WDM\sttray64.exe x64-Run: [smartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe x64-mPolicies-Explorer: NoActiveDesktop = dword:1 x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 x64-mPolicies-System: EnableUIADesktopToggle = dword:0 x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab x64-Handler: linkscanner - <Clsid value has no data> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=198484&p= FF - prefs.js: browser.startup.homepage - hxxp://search.yahoo.com?type=198484&fr=spigot-yhp-ff FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\poison ivy\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\poison ivy\AppData\Roaming\Mozilla\Firefox\Profiles\jnbl5dzv.default\extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0ByEyB0AtC0F0Czy0BzzyCtN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=874237943 FF - user.js: extensions.funmoods.dfltSrch - true FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0ByEyB0AtC0F0Czy0BzzyCtN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=874237943 FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0ByEyB0AtC0F0Czy0BzzyCtN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtAtDtC&cr=874237943&q= FF - user.js: extensions.funmoods.id - 00242B47A1FC9B86 FF - user.js: extensions.funmoods.instlDay - 15542 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.222:8:35 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - axl FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - axl FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 FF - user.js: network.protocol-handler.warn-external.dnupdate - false FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: browser.turbo.enabled - true FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.chrome.favicons - false FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: content.notify.ontimer - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.switch.threshold - 750000 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032] R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 39768] R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-11-7 465216] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [2012-1-22 89088] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-4 238080] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984] R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-2-23 805752] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664] R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2008-3-18 23040] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-21 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-11-6 682344] R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608] R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2008-10-23 365952] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-1-31 3289208] R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-9-24 296320] R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-9-24 116096] R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-2-18 968880] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-12-21 46136] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2012-2-23 92176] R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-10-23 228408] R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2008-1-24 60928] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-11-6 24176] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-1-30 26168] S1 bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Windows\System32\drivers\BdfNdisf6.sys [2009-7-17 87048] S2 ADExchange;ArcSoft Exchange Service;C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe --> C:\Program Files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-12-25 128912] S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw3v64.sys [2008-1-20 3154432] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2006-11-2 273408] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-13 89920] . =============== File Associations =============== . FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %* FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2013-02-27 14:19:13 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-27 14:19:11 262560 ----a-w- C:\Windows\SysWow64\javaws.exe 2013-02-27 14:19:11 174496 ----a-w- C:\Windows\SysWow64\javaw.exe 2013-02-27 14:19:10 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-02-27 14:19:10 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-02-27 14:19:10 174496 ----a-w- C:\Windows\SysWow64\java.exe 2013-02-27 05:29:43 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-27 05:29:43 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-18 15:47:50 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2013-02-14 12:15:54 70004024 ----a-w- C:\Windows\System32\mrt.exe 2013-01-16 00:49:08 26432 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe 2013-01-09 01:48:55 17812992 ----a-w- C:\Windows\System32\mshtml.dll 2013-01-09 01:22:26 10925568 ----a-w- C:\Windows\System32\ieframe.dll 2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-01-09 01:12:29 1346048 ----a-w- C:\Windows\System32\urlmon.dll 2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-01-09 01:10:26 237056 ----a-w- C:\Windows\System32\url.dll 2013-01-09 01:09:10 85504 ----a-w- C:\Windows\System32\jsproxy.dll 2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-01-09 01:07:50 816640 ----a-w- C:\Windows\System32\jscript.dll 2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-01-09 01:06:39 729088 ----a-w- C:\Windows\System32\msfeeds.dll 2013-01-09 01:05:45 2147840 ----a-w- C:\Windows\System32\iertutil.dll 2013-01-09 01:04:58 96768 ----a-w- C:\Windows\System32\mshtmled.dll 2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-01-09 01:00:48 248320 ----a-w- C:\Windows\System32\ieui.dll 2013-01-08 22:23:25 12321280 ----a-w- C:\Windows\SysWow64\mshtml.dll 2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-01-08 22:09:18 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll 2013-01-08 22:03:57 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll 2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-01-08 22:01:48 231936 ----a-w- C:\Windows\SysWow64\url.dll 2013-01-08 22:00:14 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll 2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-01-08 21:58:43 717824 ----a-w- C:\Windows\SysWow64\jscript.dll 2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-01-08 21:57:49 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll 2013-01-08 21:56:51 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll 2013-01-08 21:56:37 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll 2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-08 21:53:13 176640 ----a-w- C:\Windows\SysWow64\ieui.dll 2013-01-05 05:37:50 4695400 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-01-04 11:31:10 1423720 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-01-04 01:59:24 2773504 ----a-w- C:\Windows\System32\win32k.sys 2012-12-25 06:32:53 201424 ----a-w- C:\Windows\SysWow64\rmoc3260.dll 2012-12-25 06:32:29 6656 ----a-w- C:\Windows\SysWow64\pndx5016.dll 2012-12-25 06:32:29 5632 ----a-w- C:\Windows\SysWow64\pndx5032.dll 2012-12-25 06:32:27 272896 ----a-w- C:\Windows\SysWow64\pncrt.dll 2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 2:50:25.22 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 1/14/2009 10:32:30 AM System Uptime: 3/3/2013 2:32:03 AM (0 hours ago) . Motherboard: Compal | | 30FC Processor: AMD Turion X2 Dual-Core Mobile RM-72 | Socket M2/S1G1 | 2100/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 285 GiB total, 133.922 GiB free. D: is FIXED (NTFS) - 13 GiB total, 1.987 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Acrobat.com Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) Adobe Shockwave Player 11.6 Advanced SystemCare 6 Agere Systems HDA Modem AMD APP SDK Runtime AMD Catalyst Install Manager AMD Fuel AMD USB Audio Driver Filter AMD VISION Engine Control Center Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Driver Installation Program AVG 2013 AVG Security Toolbar Bonjour Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Compatibility Pack for the 2007 Office system CyberLink DVD Suite dcmsvc 1.0 ESU for Microsoft Vista FATE ffdshow v1.1.4369 [2012-03-03] File Type Assistant Final Media Player 2011 GadgetBox Game Console - WildGames Google Chrome Hewlett-Packard ACLM.NET v1.1.0.0 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Customer Experience Enhancements HP Doc Viewer HP Help and Support HP MediaSmart Music/Photo/Video HP MediaSmart SmartMenu HP MediaSmart TV HP MediaSmart Webcam HP MULTIPLE MODEM INSTALLER for VISTA HP Product Detection HP Quick Launch Buttons HP Total Care Advisor HP Update HP User Guides 0129 HP Wireless Assistant HPAsset component for HP Active Support Library HPTCSSetup iCloud IDT Audio IObit Apps Toolbar v7.0 iTunes Java 7 Update 15 Java Auto Updater Java 6 Update 30 Java 6 Update 7 Java 7 Update 5 (64-bit) JavaFX 2.1.1 JMicron JMB38X Flash Media Controller LabelPrint LightScribe System Software 1.14.17.1 Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) muvee Reveal My HP Games Netflix in Windows Media Center PhotoNow! Power2Go PowerDirector ProtectSmart Hard Drive Protection QLBCASL QuickTime RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista RealUpgrade 1.1 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Skype Click to Call Skype™ 6.0 Slingbox - Watch Your TV Anywhere SlingPlayer sprotector 1.62 Surround MP4 Tool 3.7.4 swMSM Uninstall vue MP4 PLAYER Unity Web Player Unreal Tournament G.O.T.Y. Edition Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update Installer for WildTangent Games App VideoBuzz Visual C++ 8.0 Runtime Setup Package (x64) Visual Studio 2008 x64 Redistributables Visual Studio 2010 x64 Redistributables VLC media player 2.0.0 Warner Bros. Digital Copy Manager WildTangent Games App (HP Games) Wondershare Dr.Fone (iPhone 4)(Build 1.0.0.33) . ==== End Of File ===========================