elaineh

All AVG did was to refer me to their regular "uninstall" page: http://kb.avg.com/articles/en_US/How_to/How-to-uninstall-AVG-Toolbar-homepage-and-Secure-Search-from-your-browser I had tried all of this things before, and I tried them again. They STILL don't work. In my opinion, AVG Safe Search is malware, and I'm not the only one who thinks so-- https://support.mozilla.org/en-US/questions/877518#answer-345057 http://wfredk.com/info/avg-secure-search-is-malware.php I'm going away again til May 8th. Maybe you could give this problem a little more thought? Maybe Malwarebytes should flag AVG Safe Search as malware? Many thanks for all your help. AVG CustomerCare.email2014.04.23.doc

Ok, I've send the info to AVG. I'll let you know.

I did these searches, and found a lot of possibilities, but I'm afraid to use them because I don't know the websites: https://www.google.com/search?q=What+is+AVG+secure+search%3F&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=sb https://www.google.com/search?q=AVG+Secire+searcj&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a&channel=sb#channel=sb&q=avg+security+toolbar+disable&revid=549134102&rls=org.mozilla:en-US:official I also phoned AVG this morning to complain about their malware. They want me to download a link that will find links in my computer, but I'm not sure I want them in my computer any more. Attached is the content of their email to me. Any advice as to which path I should take? BTW, a friend came over yesterday, and he did something to make the AVG secure search disappear. But it came back again in a few hours. AVGCustomerCare.email2014.04.17.doc

Nothing on the mozilla home page seems to work for this problem.

Sorry for the typo-- AVG does NOT appear in the search engine list. it's a whole screen.

I tried this, but AVG does appear in the search engine list. I removed Yahoo, because the "AVG secure search page" says it's "provided by Yahoo search," but that didn't help.

I reset the Firefox browser, rebooted the computer, and there's no change with the AVG search.

Mozilla Firefox 28.0

Still getting the AVG hijack of my search. It's called "AVG SECURE SEARCH", and it says "provided by YAHOO! search". I just did a search, and AVG Secure Search is quarantined in Adware Cleaner. There are currently 226 files that include AVG (only 15-20% of them are in quarantine).

All processes killed ========== OTL ========== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! C:\Program Files\u9idat252zx.bin moved successfully. C:\Program Files\u9ichjw4qt.bin moved successfully. C:\Program Files\u9ifw57en.bin moved successfully. C:\Program Files\x8all279kj.bin moved successfully. C:\Program Files\w9all733vq.bin moved successfully. C:\Program Files\u9iavi2697mh.bin moved successfully. C:\Program Files\u7avi18567.bin moved successfully. C:\Documents and Settings\All Users\Application Data\AVG2012\fet folder moved successfully. C:\Documents and Settings\All Users\Application Data\AVG2012 folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\System Information folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\Rescue\Tweak Manager folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\Rescue\PC Tuneup 2011 folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\Rescue folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\PC Tuneup 2011\User Reports folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\PC Tuneup 2011\Logs folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\PC Tuneup 2011\Disk Doctor\User Reports folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\PC Tuneup 2011\Disk Doctor\Logs folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\PC Tuneup 2011\Disk Doctor folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG\PC Tuneup 2011 folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG2012\cfgall folder moved successfully. C:\Documents and Settings\Elaine\Application Data\AVG2012 folder moved successfully. C:\Documents and Settings\Elaine\Application Data\Uniblue folder moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Elaine\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Elaine\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Elaine ->Temp folder emptied: 31486544 bytes ->Temporary Internet Files folder emptied: 27927082 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 426630729 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 67842 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 825707 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 11440816 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 87333556 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 559.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 04022014_072527 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...

OTL scan: OTL logfile created on: 4/1/2014 8:06:45 AM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Elaine\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.25 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 66.73% Memory free 5.09 Gb Paging File | 4.06 Gb Available in Paging File | 79.83% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 455.94 Gb Total Space | 419.62 Gb Free Space | 92.03% Space Free | Partition Type: NTFS Drive D: | 298.08 Gb Total Space | 142.84 Gb Free Space | 47.92% Space Free | Partition Type: NTFS Drive K: | 29.49 Gb Total Space | 7.36 Gb Free Space | 24.95% Space Free | Partition Type: FAT32 Computer Name: MANHATTAN | User Name: Elaine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/03/05 09:24:48 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe PRC - [2014/03/05 09:24:46 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2014/03/05 09:24:40 | 007,430,968 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe PRC - [2013/12/29 17:04:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elaine\Desktop\OTL.exe PRC - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2013/12/17 12:50:38 | 000,031,744 | ---- | M] (Digital Market Research Apps Pty Ltd) -- C:\Program Files\MR APP\MRAPP.Event.Service.exe PRC - [2013/12/17 12:50:36 | 000,082,944 | ---- | M] (Microsoft) -- C:\Program Files\MR APP\MRAPP.UI.exe PRC - [2013/12/17 12:49:58 | 000,031,232 | ---- | M] (Digital Market Research Apps Pty Ltd) -- C:\Program Files\MR APP\MRAPP.Transfer.Service.exe PRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2013/09/04 22:09:20 | 000,441,408 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe PRC - [2013/09/02 10:29:08 | 005,071,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012/06/26 21:51:50 | 000,230,576 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe PRC - [2009/04/02 17:33:16 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/05 15:48:06 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files\Multimedia Card Reader(6337)\ShwiconX.exe PRC - [2008/12/11 11:12:00 | 000,159,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe PRC - [2008/12/11 11:11:30 | 002,749,736 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe PRC - [2008/07/13 21:21:46 | 000,565,248 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/01/15 14:31:58 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe PRC - [2008/01/03 17:57:52 | 000,184,864 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe PRC - [2005/11/14 11:25:02 | 000,057,344 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe PRC - [2001/10/25 10:55:01 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe PRC - [2001/10/25 10:55:00 | 000,311,296 | R--- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon03.exe PRC - [2001/10/25 10:54:58 | 000,077,824 | ---- | M] (HP) -- C:\WINDOWS\system32\hphipm09.exe PRC - [2000/08/03 16:52:22 | 000,294,912 | ---- | M] (Calibre Inc.) -- C:\Program Files\Calibre Inc\xConnect\IrButler.exe PRC - [2000/07/28 11:47:18 | 001,593,344 | ---- | M] (Calibre Inc.) -- C:\Program Files\Calibre Inc\xConnect\xConnect.exe ========== Modules (No Company Name) ========== MOD - [2014/02/13 04:18:53 | 001,142,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\b1c2fed4762d90f6c2033afeb1a72b9d\System.ServiceModel.Discovery.ni.dll MOD - [2014/02/13 04:17:55 | 000,194,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\7a541b67aaa6873c7b67dcae753b22ba\System.ComponentModel.DataAnnotations.ni.dll MOD - [2014/02/13 04:17:03 | 000,626,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Messaging\4f3b7d49ef16360d5f3a1895f43b09d9\System.Messaging.ni.dll MOD - [2014/02/13 04:17:03 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2e3fdae8546832614633495638bef8d0\System.ServiceProcess.ni.dll MOD - [2014/02/13 04:17:00 | 018,109,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\dd733c6f1f9f50f3517d48da5bea80d2\System.ServiceModel.ni.dll MOD - [2014/02/13 04:15:41 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d116eda30a35c490e59221b0ebac6fcd\System.Xaml.ni.dll MOD - [2014/02/13 04:15:40 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\05be173cbacba4b7604a67a267acdfe4\System.Xml.Linq.ni.dll MOD - [2014/02/13 04:15:39 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\469dd20488c4a9606abe21189a3c1ab9\System.Runtime.DurableInstancing.ni.dll MOD - [2014/02/13 04:15:39 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\27bdc6196968e44234654e30e1028750\SMDiagnostics.ni.dll MOD - [2014/02/13 04:15:38 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\fa954900a6cf3a095efadfa4c683a32c\System.Runtime.Serialization.ni.dll MOD - [2014/02/13 04:15:36 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\7612d2ecdf9c6beedc264e9390e97b0f\System.Management.ni.dll MOD - [2014/02/13 04:15:18 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\fc7255cccb69c45a808b3d7e6abf55c5\System.Transactions.ni.dll MOD - [2014/02/13 04:12:04 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9aafa1869d136f77bc483f25d0795229\PresentationFramework.ni.dll MOD - [2014/02/13 04:11:51 | 006,813,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\b5f67ff59d386021c43b1ee400c00feb\System.Data.ni.dll MOD - [2014/02/13 04:11:49 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\67939f4c3d18712bacf74bfc8c75ab40\PresentationFramework.Luna.ni.dll MOD - [2014/02/13 04:11:41 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll MOD - [2014/02/13 04:11:40 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a4b5a1a06d2d7f77258943c8c228a5e0\System.Core.ni.dll MOD - [2014/02/13 04:11:38 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll MOD - [2014/02/13 04:11:37 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\b307821c69c09ed0a2ee47122fdcdd4d\PresentationCore.ni.dll MOD - [2014/02/13 04:11:34 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2781e84862746a34f026d0ee179eed2b\System.Windows.Forms.ni.dll MOD - [2014/02/13 04:11:26 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\49605239a73cd565e3a08048a31b442e\WindowsBase.ni.dll MOD - [2014/02/13 04:11:25 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\243ff1822abc8282cb8fee37538170b4\System.Drawing.ni.dll MOD - [2014/02/13 04:11:20 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll MOD - [2014/02/13 04:11:14 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll MOD - [2013/07/15 13:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll MOD - [2012/10/11 22:56:46 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/10/11 22:56:22 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/03/15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2008/04/14 08:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2008/04/14 08:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006/12/01 17:13:46 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\RAW Thumbnail Viewer\RawExtend.dll MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\Share\PIHook.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0) SRV - [2014/03/05 09:24:48 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2014/03/05 09:24:46 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/12/22 18:55:49 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/12/20 09:35:54 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/12/18 21:05:43 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013/12/17 12:50:38 | 000,031,744 | ---- | M] (Digital Market Research Apps Pty Ltd) [Auto | Running] -- C:\Program Files\MR APP\MRAPP.Event.Service.exe -- (EventService) SRV - [2013/12/17 12:49:58 | 000,031,232 | ---- | M] (Digital Market Research Apps Pty Ltd) [Auto | Running] -- C:\Program Files\MR APP\MRAPP.Transfer.Service.exe -- (TransferService) SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2013/09/02 10:29:08 | 005,071,712 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2008/12/11 11:11:30 | 002,749,736 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen) SRV - [2008/10/02 16:40:42 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2008/01/15 14:31:58 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2001/10/25 10:54:58 | 000,077,824 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Elaine\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2014/03/31 23:59:45 | 000,107,736 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV - [2014/03/05 09:26:02 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013/12/26 20:23:54 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp) DRV - [2008/10/12 17:48:03 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2008/08/18 15:45:00 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2008/07/13 21:10:44 | 000,101,120 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus) DRV - [2008/04/14 08:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008/04/14 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2008/04/14 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2008/02/11 10:44:08 | 000,128,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2008/02/11 10:44:08 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts) DRV - [2008/01/15 14:34:04 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev) DRV - [2008/01/14 23:20:12 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008/01/14 23:20:10 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2008/01/14 23:10:30 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007/02/16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2007/02/15 16:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid) DRV - [2007/02/03 10:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007/02/03 10:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2001/10/25 10:54:58 | 000,050,704 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09) DRV - [2001/10/25 10:54:58 | 000,050,179 | R--- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09) DRV - [2001/10/25 10:54:58 | 000,018,864 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09) DRV - [2001/10/25 10:54:58 | 000,015,984 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.elainehudsonphotography.com IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS_enUS296 IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..\SearchScopes\{F913E42D-E0F1-489E-9E56-C4154E35CDD5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>;;www.surveywriter.net;core.insightexpressai.com;static.ak.connect.facebook.com IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:16110;https=127.0.0.1:16110; ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://elainehudsonphotography.com/" FF - prefs.js..extensions.enabledAddons: %7Bb2509cd4-17cd-45ed-8146-a82af038f493%7D:2.02 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Elaine\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Elaine\Application Data\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/26 19:49:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/24 15:25:38 | 000,000,000 | ---D | M] [2008/10/27 21:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Extensions [2013/12/28 01:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions [2010/08/24 11:45:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/06/18 18:57:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/01/29 12:44:17 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2011/12/13 12:03:26 | 000,038,752 | ---- | M] () (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions\{b2509cd4-17cd-45ed-8146-a82af038f493}.xpi [2011/02/04 09:57:18 | 000,002,452 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\definr-dictionary-search.xml [2008/12/27 11:27:52 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\delicious-tag.xml [2011/11/15 11:54:25 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\dictionary.xml [2011/11/15 11:54:41 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\googletranslate.xml [2008/12/27 11:28:35 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\technorati.xml [2011/11/15 11:55:21 | 000,001,539 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\thesaurus---referencecom.xml [2011/02/04 09:57:54 | 000,001,238 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\thsrs.xml [2013/12/20 09:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/12/20 09:35:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/12/20 09:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/12/20 09:35:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/12/20 09:35:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2014/02/27 03:30:43 | 000,450,852 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 15478 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [shwiconXP6377] C:\Program Files\Multimedia Card Reader(6337)\ShwiconX.exe (Alcor Micro Corp.) O4 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005..\Run: [sFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE (Verizon Internet Solutions) O4 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - HKLM..\RunServicesOnce: [xSendReg] C:\Program Files\Calibre Inc\PrintConnect\xSendReg.exe (Calibre Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.2 HD Edition.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.3 PE.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) O4 - Startup: C:\Documents and Settings\Elaine\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O4 - Startup: C:\Documents and Settings\Elaine\Start Menu\Programs\Startup\xConnect.lnk = C:\Program Files\Calibre Inc\xConnect\xConnect.exe (Calibre Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..Trusted Domains: kodakgallery.com ([www] https in Trusted sites) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CF34D27-48AA-4BDD-B5E8-C29E7A83F7A6}: DhcpNameServer = 209.18.47.61 209.18.47.62 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Elaine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elaine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{81038542-3245-11e2-b389-001ec95c2dee}\Shell - "" = AutoRun O33 - MountPoints2\{81038542-3245-11e2-b389-001ec95c2dee}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{81038542-3245-11e2-b389-001ec95c2dee}\Shell\AutoRun\command - "" = H:\setup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2014/03/31 07:21:42 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014/03/31 07:21:15 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2014/03/31 07:21:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware [2014/03/31 07:13:59 | 017,523,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-2.0.0.1000.exe [2014/03/30 15:08:48 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Elaine\Desktop\HijackThis.exe [2014/03/30 10:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java [2014/03/13 12:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\My Documents\Ali.storage [2014/03/13 09:19:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Local Settings\Application Data\Skype [2014/03/13 09:19:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype [2014/03/13 09:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2014/03/11 16:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\My Documents\ModelShootRebecca.Franz [2014/03/09 15:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\My Documents\ModelShoot.RebeccaLawrence.2014.03.06 [2014/03/09 14:02:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\My Documents\ModelShoot.Jadore.2014.03.08 [2013/12/25 14:03:48 | 000,688,992 | R--- | C] (Swearware) -- C:\Program Files\dds.com [2013/12/23 18:06:42 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe [2013/07/30 21:09:32 | 000,072,008 | ---- | C] (Azureus Software, Inc.) -- C:\Program Files\VuzeBittorrentClientInstaller.exe [2013/07/04 17:39:59 | 000,280,136 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup Stub 22.0.exe [2013/05/04 17:58:00 | 002,138,776 | ---- | C] (Solid State Networks) -- C:\Program Files\install_flashplayer11x32au_mssa_aih.exe [2013/04/04 16:50:42 | 003,403,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955704-x86-ENU.exe [2013/03/26 19:50:01 | 000,774,616 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthPluginSetup.exe [2012/12/07 08:13:43 | 003,461,001 | ---- | C] (ArcSoft ) -- C:\Program Files\raw_thumbnail_viewer.exe [2011/07/16 08:51:25 | 001,346,560 | ---- | C] (Matsushita Electric Industrial Co., Ltd. ) -- C:\Program Files\sdfv2003.exe [2010/12/25 18:45:15 | 007,466,152 | ---- | C] (Opera Software ASA) -- C:\Program Files\Opera_1100_en_Setup.exe [2010/09/10 12:12:24 | 000,567,640 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleVoiceAndVideoSetup.exe [2010/09/04 11:57:04 | 007,493,632 | ---- | C] (Login Recovery) -- C:\Program Files\Login-Recovery.exe [2010/04/04 20:29:17 | 000,835,712 | ---- | C] (WinRecovery Software ) -- C:\Program Files\cardrecovery_setup.exe [2009/08/12 18:43:47 | 000,913,832 | ---- | C] (Oracle Corporation) -- C:\Program Files\jxpiinstall.exe [2009/03/31 23:04:49 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe [2008/10/12 17:38:25 | 000,126,976 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\asneu.dll [2008/10/11 07:22:26 | 004,540,161 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\PS_41.exe [2008/10/10 17:00:24 | 003,085,984 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe [2 C:\Documents and Settings\Elaine\My Documents\*.tmp files -> C:\Documents and Settings\Elaine\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014/04/01 08:05:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2236806547-4188195164-2715391781-1005UA.job [2014/04/01 08:03:42 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0CA4540B-AFD1-4736-94F5-0CD014FD7E13}.job [2014/04/01 07:18:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2014/03/31 23:59:45 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2014/03/31 21:18:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2014/03/31 16:05:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2236806547-4188195164-2715391781-1005Core.job [2014/03/31 07:21:22 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2014/03/31 07:13:59 | 017,523,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup-2.0.0.1000.exe [2014/03/30 15:08:48 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Elaine\Desktop\HijackThis.exe [2014/03/30 11:50:43 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\SystemLook.exe [2014/03/30 11:40:13 | 000,486,246 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2014/03/30 11:40:13 | 000,081,464 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2014/03/30 11:39:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2014/03/30 11:38:54 | 000,187,174 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2014/03/30 11:38:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2014/03/30 11:38:05 | 3487,006,720 | -HS- | M] () -- C:\hiberfil.sys [2014/03/28 16:15:11 | 002,411,220 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\markman-report.technologystocks.pdf [2014/03/26 22:14:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2014/03/13 09:19:33 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2014/03/13 09:18:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2014/03/13 03:18:51 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2014/03/13 03:01:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2014/03/05 10:27:57 | 000,456,078 | ---- | M] () -- C:\Documents and Settings\Elaine\My Documents\ohad_b4_after.jpg [2014/03/05 09:26:10 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2014/03/05 09:26:02 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2 C:\Documents and Settings\Elaine\My Documents\*.tmp files -> C:\Documents and Settings\Elaine\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2014/03/30 11:50:43 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\SystemLook.exe [2014/03/28 16:15:08 | 002,411,220 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\markman-report.technologystocks.pdf [2014/03/13 09:19:33 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2014/03/05 10:27:34 | 000,456,078 | ---- | C] () -- C:\Documents and Settings\Elaine\My Documents\ohad_b4_after.jpg [2013/12/27 09:33:58 | 000,000,306 | ---- | C] () -- C:\Documents and Settings\Elaine\Application Data\mbam.context.scan [2013/12/25 14:32:51 | 000,891,200 | ---- | C] () -- C:\Program Files\SecurityCheck.exe [2013/06/25 12:52:16 | 011,492,440 | ---- | C] () -- C:\Program Files\eri_setup_109037324566.exe [2013/05/15 03:21:58 | 000,913,186 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2236806547-4188195164-2715391781-1005-0.dat [2013/05/15 03:21:58 | 000,316,962 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2013/03/11 20:07:53 | 000,130,030 | ---- | C] () -- C:\Documents and Settings\Elaine\ASUS.Franz.2013.registration [2013/03/06 14:47:20 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat [2013/02/18 21:33:11 | 000,202,764 | ---- | C] () -- C:\Program Files\tweets.zip [2013/01/21 12:46:41 | 000,058,132 | ---- | C] () -- C:\Documents and Settings\Elaine\TD Ameritrade [2013/01/17 22:56:50 | 000,168,306 | ---- | C] () -- C:\Documents and Settings\Elaine\KrisFlyerMembershipCard [2012/12/05 14:18:05 | 006,104,576 | ---- | C] () -- C:\Program Files\MicrosoftCodecPack_x86.msi [2012/04/01 11:50:25 | 000,143,350 | ---- | C] () -- C:\Documents and Settings\Elaine\NYU - Stringer NYT 3-29-2012.tif [2012/04/01 11:46:31 | 000,141,814 | ---- | C] () -- C:\Documents and Settings\Elaine\NYU - Stringer NYT 3-29-2012 [2012/03/31 08:50:41 | 004,137,128 | ---- | C] () -- C:\Documents and Settings\Elaine\GlobeSt.com - MAS debate NYU2031 3-28-2012.tif [2012/03/31 08:44:27 | 000,228,574 | ---- | C] () -- C:\Documents and Settings\Elaine\GlobeSt.com - MAS debate NYU2031 3-28-2012 [2012/03/24 20:38:36 | 1842,465,194 | ---- | C] () -- C:\Program Files\photoshopcs6_p1_win_032112.zip [2012/03/12 17:58:27 | 001,606,064 | ---- | C] () -- C:\Program Files\googletalk-setup.exe [2012/03/10 22:09:11 | 007,615,784 | ---- | C] () -- C:\Program Files\PenTablet_510-4.exe [2012/01/19 16:03:15 | 001,793,028 | ---- | C] () -- C:\Documents and Settings\Elaine\OfficeDepotWorklifeRewards.tif [2012/01/19 16:02:50 | 000,166,800 | ---- | C] () -- C:\Documents and Settings\Elaine\OfficeDepotWorklifeRewards [2012/01/13 17:09:41 | 000,859,176 | ---- | C] () -- C:\Documents and Settings\Elaine\CapitalOnePayment.2012.01.13.tif [2012/01/13 17:09:20 | 000,062,898 | ---- | C] () -- C:\Documents and Settings\Elaine\CapitalOnePayment.2012.01.13 [2011/12/29 10:02:21 | 000,570,340 | ---- | C] () -- C:\Documents and Settings\Elaine\ChaseTransfer.2011.12.29.tif [2011/12/29 10:01:02 | 000,010,790 | ---- | C] () -- C:\Documents and Settings\Elaine\ChaseTransfer.2011.12.28 [2011/12/13 10:33:31 | 000,571,846 | ---- | C] () -- C:\Documents and Settings\Elaine\AOL.account.info.tif [2011/12/13 10:32:33 | 000,009,114 | ---- | C] () -- C:\Documents and Settings\Elaine\AOL.account.info [2011/05/31 12:40:50 | 002,940,886 | ---- | C] () -- C:\Documents and Settings\Elaine\K-YCoupon.tif [2011/05/31 12:40:20 | 000,629,098 | ---- | C] () -- C:\Documents and Settings\Elaine\K-Y [2010/12/21 17:29:44 | 000,630,232 | ---- | C] () -- C:\Documents and Settings\Elaine\BankAmerica.MC.payment.2010.12.21.tif [2010/12/21 17:29:05 | 000,036,594 | ---- | C] () -- C:\Documents and Settings\Elaine\BankAmericaMCpayment.2010.12.21 [2010/12/19 17:37:22 | 000,769,332 | ---- | C] () -- C:\Documents and Settings\Elaine\UnionPlusPayment.2010.12.19.tif [2010/12/19 17:37:05 | 000,058,852 | ---- | C] () -- C:\Documents and Settings\Elaine\UnionPlusPayment.2010.12.19 [2010/12/19 02:40:13 | 001,237,728 | ---- | C] () -- C:\Documents and Settings\Elaine\HomeInsuranceQuotes.2010.12.19.tif [2010/12/19 02:39:32 | 000,069,784 | ---- | C] () -- C:\Documents and Settings\Elaine\HomeInsuranceQuotes.2010.12.19 [2010/12/01 13:48:31 | 001,364,522 | ---- | C] () -- C:\Program Files\wrar393.exe [2010/10/19 20:57:22 | 000,630,612 | ---- | C] () -- C:\Documents and Settings\Elaine\BankofAmer.MC.payment.2010.10.21.tif [2010/10/19 20:56:55 | 000,037,190 | ---- | C] () -- C:\Documents and Settings\Elaine\BankofAmer.MC.payment.2010.10.21 [2010/10/15 15:09:58 | 009,422,848 | ---- | C] () -- C:\Program Files\VzInHomeAgentInstaller.msi [2010/10/15 14:58:59 | 000,103,720 | ---- | C] () -- C:\Documents and Settings\Elaine\GoToAssistDownloadHelper.exe [2010/10/04 14:55:27 | 000,873,500 | ---- | C] () -- C:\Documents and Settings\Elaine\CapitalOnePayment.2010.10.tif [2010/10/04 14:55:02 | 000,019,242 | ---- | C] () -- C:\Documents and Settings\Elaine\CapitalOnePayment.2010.10.04 [2010/09/28 14:58:57 | 001,885,928 | ---- | C] () -- C:\Documents and Settings\Elaine\UnitedShanghai2010.tif [2010/09/28 14:57:05 | 000,062,352 | ---- | C] () -- C:\Documents and Settings\Elaine\UnitedShanghai2010 [2010/02/19 11:27:39 | 002,006,621 | ---- | C] () -- C:\Program Files\u9idat252zx.bin [2010/02/19 11:27:23 | 000,113,488 | ---- | C] () -- C:\Program Files\u9ichjw4qt.bin [2010/02/19 11:27:03 | 000,567,456 | ---- | C] () -- C:\Program Files\u9ifw57en.bin [2010/02/19 11:26:28 | 002,489,378 | ---- | C] () -- C:\Program Files\x8all279kj.bin [2010/02/19 10:55:58 | 064,213,381 | ---- | C] () -- C:\Program Files\w9all733vq.bin [2010/02/19 10:26:53 | 056,173,018 | ---- | C] () -- C:\Program Files\u9iavi2697mh.bin [2010/02/19 10:25:36 | 006,685,013 | ---- | C] () -- C:\Program Files\u7avi18567.bin [2009/09/24 14:20:58 | 000,117,844 | ---- | C] () -- C:\Documents and Settings\Elaine\DeltaLauren [2009/09/24 14:19:13 | 000,321,663 | ---- | C] () -- C:\Documents and Settings\Elaine\DeltaLaurenSkyMilesCard [2008/10/19 21:14:19 | 008,844,185 | ---- | C] () -- C:\Program Files\homesite3_dw.exe [2008/10/19 00:54:37 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/10/12 17:40:49 | 319,815,680 | ---- | C] () -- C:\Program Files\Adobe Photoshop Lightroom 1.0 Aio.iso [2000/10/26 01:55:56 | 000,000,388 | ---- | C] () -- C:\Program Files\file_id.diz [2000/10/12 11:39:02 | 001,023,143 | ---- | C] () -- C:\Program Files\fo-ec4.exe ========== ZeroAccess Check ========== [2008/04/25 17:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/06/26 04:15:29 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/11/28 10:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/09/08 14:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics [2012/01/27 15:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2013/12/26 20:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CDB [2010/10/24 07:30:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2008/10/12 17:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro [2013/09/08 16:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate [2012/01/27 15:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2013/12/30 01:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MR APP [2008/10/10 18:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon [2013/07/04 17:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache [2013/05/06 03:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic [2009/07/05 20:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2013/12/29 07:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2012/01/27 05:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008/10/02 16:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall [2013/12/27 02:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\0D0S1L2Z1P1B [2012/01/27 05:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\AVG [2012/01/27 05:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\AVG2012 [2009/06/30 10:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1 [2009/07/14 12:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\com.Spreadtweet2007.AirApp.84144EB30E332DDF53A5B500088B55A66190F3BE.1 [2013/09/08 14:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\CoreFTP [2008/10/12 17:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\DAEMON Tools Pro [2013/12/27 03:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\DigitalSites [2008/11/01 23:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\install_5849_MHw0MXwwfHx8fHx8fHw_[1] [2008/10/09 17:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Nikon [2013/09/08 16:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\OpenOffice [2008/10/11 05:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Opera [2012/06/03 23:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Oracle [2008/10/13 11:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Panasonic [2013/09/08 17:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\TeamViewer [2012/01/27 15:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Tific [2013/12/27 03:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Uniblue [2013/09/08 16:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\WinPatrol [2008/11/01 23:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\_5849_fHx8fDQ2Mnw0fHw_ ========== Purity Check ========== ========== Files - Unicode (All) ========== [2011/07/30 18:47:28 | 000,316,061 | ---- | M] ()(C:\Documents and Settings\Elaine\My Documents\01??????????.JPG) -- C:\Documents and Settings\Elaine\My Documents\01皖歙县许国大学士牌坊.JPG [2011/07/30 18:47:27 | 000,316,061 | ---- | C] ()(C:\Documents and Settings\Elaine\My Documents\01??????????.JPG) -- C:\Documents and Settings\Elaine\My Documents\01皖歙县许国大学士牌坊.JPG ========== Alternate Data Streams ========== @Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 < End of report >

The situation is still the same. AVG hijacks my search.

Am I missing something? I looked at the screenshot, and typed the same info into my SystemLook window. Here's what I got when I clicked "Look" this time. SystemLook 30.07.11 by jpshortstuff Log created at 12:40 on 30/03/2014 by Elaine Administrator - Elevation successful No Context: paste my script right here and click "Look" button -= EOF =-

I tried to use SystemLook, and when I hit "LOOK" I get an error message "script required". I updated my java, restarted my computer, and can play music and videos, so I'm not sure what's wrong. I downloaded System Look a second time, and the same error message appeared.

Yesterday, I did a search of all files (including hidden folders) containing "AVG" and there were 230. Today I did the same search, and now there are 282 files containing "AVG". Some are in quarantine. That's totally weird.

I ran Malwarebytes again with v2013.12.30.05, and no threats were found. What do I do next?

I ran spybot again, and no threats found. I ran Malwarebytes again and rebooted. Malwarebytes found 10 threats which I quarantined. Log for Malwarebytes below. (I updated Malwarebytes to v2013.12.30 AFTER I ran the scan.) Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.28.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Elaine :: MANHATTAN [administrator] 12/30/2013 6:45:31 AM mbam-log-2013-12-30 (06-45-31).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 341474 Time elapsed: 51 minute(s), 31 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 3 HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\MYSEARCHDIAL (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. HKLM\SYSTEM\CurrentControlSet\Services\Update Jump Flip (PUP.Optional.JumpFlip.A) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKCU\Software\mysearchdial|TM (PUP.Optional.MySearchDial.A) -> Data: 0131 -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 6 C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079060.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079061.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079062.exe (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079063.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079066.dll (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079076.exe (PUP.Optional.JumpFlip.A) -> Quarantined and deleted successfully. (end)

I still have the AVG search. The AVG-remover said it might take several reboots to complete the removal, and I've restarted my computer 5 times. One problem might be that 2-3 years ago I was using AVG's program for virus monitoring, and I have a lot of AVG files still in my computer. I stopped using AVG because I had some problem (can't remember what). I tried to attach the log for the AVG-remover search, but it was too long to post, so I did an attachment. I don't know if it will be of any help. AVG-remover log.doc

I decided to run the avg-remover, and then run a new OTL scan (log from this new scan below). All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. File C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\100-search-engines.xml not found. Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\ not found. File C:\Program Files\AVG\AVG2012\Firefox4 not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Elaine\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Elaine\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Elaine ->Temp folder emptied: 46645 bytes ->Temporary Internet Files folder emptied: 5943641 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 96208661 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 1575 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 555 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 97.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12292013_181342

I goofed. I ran the OTL fix before I ran the avg-remover. OTL fix log is below. What would you suggest I do to correct my mistake? (I haven't yet run avg-remover.) All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\100-search-engines.xml moved successfully. Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}\ not found. File C:\Program Files\AVG\AVG2012\Firefox4 not found. ========== FILES ========== < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Documents and Settings\Elaine\Desktop\cmd.bat deleted successfully. C:\Documents and Settings\Elaine\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 49152 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Flash cache emptied: 41365 bytes User: Elaine ->Temp folder emptied: 59610683 bytes ->Temporary Internet Files folder emptied: 21612614 bytes ->Java cache emptied: 6202752 bytes ->FireFox cache emptied: 360262948 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 4651 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 13165158 bytes User: NetworkService ->Temp folder emptied: 522790 bytes ->Temporary Internet Files folder emptied: 79535828 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 3613713 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3131244 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 592590046 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 27553 bytes Total Files Cleaned = 1,088.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12292013_164155 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...

Here are the results from the OTC scan. OTL logfile created on: 12/29/2013 4:07:34 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Elaine\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.25 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 73.54% Memory free 5.09 Gb Paging File | 4.30 Gb Available in Paging File | 84.53% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 455.94 Gb Total Space | 416.39 Gb Free Space | 91.33% Space Free | Partition Type: NTFS Drive D: | 298.08 Gb Total Space | 142.84 Gb Free Space | 47.92% Space Free | Partition Type: NTFS Computer Name: MANHATTAN | User Name: Elaine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/12/29 16:04:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elaine\Desktop\OTL.exe PRC - [2013/12/04 09:41:48 | 000,082,432 | ---- | M] (Microsoft) -- C:\Program Files\MR APP\MRAPP.UI.exe PRC - [2013/12/04 09:41:48 | 000,031,744 | ---- | M] (Digital Market Research Apps Pty Ltd) -- C:\Program Files\MR APP\MRAPP.Event.Service.exe PRC - [2013/12/04 09:41:10 | 000,031,232 | ---- | M] (Digital Market Research Apps Pty Ltd) -- C:\Program Files\MR APP\MRAPP.Transfer.Service.exe PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2013/10/08 07:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2013/09/04 21:09:20 | 000,441,408 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe PRC - [2013/09/02 09:29:08 | 005,071,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012/06/26 20:51:50 | 000,230,576 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe PRC - [2009/04/02 16:33:16 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/05 14:48:06 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files\Multimedia Card Reader(6337)\ShwiconX.exe PRC - [2008/12/11 10:12:00 | 000,159,528 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe PRC - [2008/12/11 10:11:30 | 002,749,736 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe PRC - [2008/07/13 20:21:46 | 000,565,248 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/01/15 13:31:58 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe PRC - [2008/01/03 16:57:52 | 000,184,864 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe PRC - [2005/11/14 10:25:02 | 000,057,344 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe PRC - [2001/10/25 09:55:01 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe PRC - [2001/10/25 09:55:00 | 000,311,296 | R--- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon03.exe PRC - [2001/10/25 09:54:58 | 000,077,824 | ---- | M] (HP) -- C:\WINDOWS\system32\hphipm09.exe PRC - [2000/08/03 15:52:22 | 000,294,912 | ---- | M] (Calibre Inc.) -- C:\Program Files\Calibre Inc\xConnect\IrButler.exe PRC - [2000/07/28 10:47:18 | 001,593,344 | ---- | M] (Calibre Inc.) -- C:\Program Files\Calibre Inc\xConnect\xConnect.exe ========== Modules (No Company Name) ========== MOD - [2013/10/11 02:18:09 | 001,142,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\0991480e062731a80dfb4da63488f901\System.ServiceModel.Discovery.ni.dll MOD - [2013/10/11 02:17:12 | 000,194,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\1878788a385cb23b2a43f04c1e984da5\System.ComponentModel.DataAnnotations.ni.dll MOD - [2013/10/11 02:08:07 | 018,109,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fcda1de189b146359ef01bc4a6ded4a\System.ServiceModel.ni.dll MOD - [2013/10/11 02:06:53 | 001,021,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\9c1d0ae97ff2771c17212cd15d8c9831\System.Runtime.DurableInstancing.ni.dll MOD - [2013/10/11 02:06:53 | 000,393,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\e079ea2aa0a75d81c20998a6419643ff\System.Xml.Linq.ni.dll MOD - [2013/10/11 02:06:50 | 002,658,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\b5faab90a38802d89ccf6f9ac4bff440\System.Runtime.Serialization.ni.dll MOD - [2013/10/11 02:02:28 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\1934369c96e549961e8b10309e4d7123\PresentationFramework.ni.dll MOD - [2013/10/11 02:02:21 | 013,199,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll MOD - [2013/10/11 02:02:14 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\c82e4e18d91c1cbf11342da73c7845a6\PresentationCore.ni.dll MOD - [2013/10/11 02:02:09 | 006,813,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\7294cfff4c5922b56ee89a6879ae8eef\System.Data.ni.dll MOD - [2013/10/11 02:02:04 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\75d88257b5bc5a5d15dd4c37d8bb18bd\System.Core.ni.dll MOD - [2013/10/11 02:02:04 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\e85c48d2567765f4153ee2af6c50dba3\WindowsBase.ni.dll MOD - [2013/10/11 02:01:59 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll MOD - [2013/08/14 05:08:45 | 000,626,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Messaging\aa1f40fa6634003f0d2637cea7e18131\System.Messaging.ni.dll MOD - [2013/08/14 05:08:44 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll MOD - [2013/08/14 05:07:26 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll MOD - [2013/08/14 05:07:23 | 000,143,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d083ee23a4c0d8cf76ae9e95e52d0388\SMDiagnostics.ni.dll MOD - [2013/08/14 05:07:21 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\6c422db78c17838c3eb9f9fcc01ca63f\System.Management.ni.dll MOD - [2013/08/14 05:07:04 | 000,649,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\102014a4f570b1dc944ff7eb8e1c6e2b\System.Transactions.ni.dll MOD - [2013/08/14 02:07:56 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll MOD - [2013/08/14 02:07:53 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e2d3740c10f91e2676570dcc3be6680e\PresentationFramework.Luna.ni.dll MOD - [2013/08/14 02:07:48 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll MOD - [2013/08/14 02:07:33 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll MOD - [2013/07/15 12:29:04 | 000,620,718 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll MOD - [2013/07/11 02:15:34 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll MOD - [2012/10/11 21:56:46 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/10/11 21:56:22 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2002/07/04 08:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\Share\PIHook.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe -- (vToolbarUpdater17.2.0) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Jump Flip\updateJumpFlip.exe -- (Update Jump Flip) SRV - [2013/12/22 17:55:49 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/12/20 08:35:54 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/12/04 09:41:48 | 000,031,744 | ---- | M] (Digital Market Research Apps Pty Ltd) [Auto | Running] -- C:\Program Files\MR APP\MRAPP.Event.Service.exe -- (EventService) SRV - [2013/12/04 09:41:10 | 000,031,232 | ---- | M] (Digital Market Research Apps Pty Ltd) [Auto | Running] -- C:\Program Files\MR APP\MRAPP.Transfer.Service.exe -- (TransferService) SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2013/10/08 07:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/09/02 09:29:08 | 005,071,712 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2008/12/11 10:11:30 | 002,749,736 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen) SRV - [2008/10/02 15:40:42 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2008/01/15 13:31:58 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService) SRV - [2001/10/25 09:54:58 | 000,077,824 | ---- | M] (HP) [On_Demand | Running] -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Elaine\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2013/12/26 19:23:54 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp) DRV - [2008/10/12 16:48:03 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2008/08/18 14:45:00 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2008/07/13 20:10:44 | 000,101,120 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus) DRV - [2008/04/14 07:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008/04/14 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2008/04/14 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2008/02/11 09:44:08 | 000,128,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvrd32.sys -- (nvrd32) DRV - [2008/02/11 09:44:08 | 000,102,400 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts) DRV - [2008/01/15 13:34:04 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev) DRV - [2008/01/14 22:20:12 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008/01/14 22:20:10 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2008/01/14 22:10:30 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2007/02/15 15:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid) DRV - [2007/02/03 09:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007/02/03 09:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL) DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2001/10/25 09:54:58 | 000,050,704 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09) DRV - [2001/10/25 09:54:58 | 000,050,179 | R--- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09) DRV - [2001/10/25 09:54:58 | 000,018,864 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09) DRV - [2001/10/25 09:54:58 | 000,015,984 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081002 IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.elainehudsonphotography.com IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..\SearchScopes,DefaultScope = {F913E42D-E0F1-489E-9E56-C4154E35CDD5} IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..\SearchScopes\{F913E42D-E0F1-489E-9E56-C4154E35CDD5}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:16110;https=127.0.0.1:16110; ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7Bb2509cd4-17cd-45ed-8146-a82af038f493%7D:2.02 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Elaine\Application Data\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\Elaine\Application Data\Mozilla\plugins\npo1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Elaine\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/26 18:49:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/26 18:49:51 | 000,000,000 | ---D | M] [2008/10/27 20:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Extensions [2013/12/28 00:23:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions [2010/08/24 10:45:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/06/18 17:57:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/01/29 11:44:17 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca} [2011/12/13 11:03:26 | 000,038,752 | ---- | M] () (No name found) -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions\{b2509cd4-17cd-45ed-8146-a82af038f493}.xpi [2010/09/05 12:41:41 | 000,001,449 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\100-search-engines.xml [2011/02/04 08:57:18 | 000,002,452 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\definr-dictionary-search.xml [2008/12/27 10:27:52 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\delicious-tag.xml [2011/11/15 10:54:25 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\dictionary.xml [2011/11/15 10:54:41 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\googletranslate.xml [2008/12/27 10:28:35 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\technorati.xml [2011/11/15 10:55:21 | 000,001,539 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\thesaurus---referencecom.xml [2011/02/04 08:57:54 | 000,001,238 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\thsrs.xml [2013/12/20 08:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013/12/20 08:35:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/12/20 08:35:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013/12/20 08:35:22 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/12/20 08:35:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2013/12/25 12:29:22 | 000,450,800 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 15476 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\system32\hphmon03.exe (Hewlett-Packard) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [shwiconXP6377] C:\Program Files\Multimedia Card Reader(6337)\ShwiconX.exe (Alcor Micro Corp.) O4 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005..\Run: [NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA) O4 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005..\Run: [sFP] C:\Program Files\Common Files\Verizon Online\SFP\vzSFPWin.EXE (Verizon Internet Solutions) O4 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - HKLM..\RunServicesOnce: [xSendReg] C:\Program Files\Calibre Inc\PrintConnect\xSendReg.exe (Calibre Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 6.2 HD Edition.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.3 PE.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation) O4 - Startup: C:\Documents and Settings\Elaine\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.) O4 - Startup: C:\Documents and Settings\Elaine\Start Menu\Programs\Startup\xConnect.lnk = C:\Program Files\Calibre Inc\xConnect\xConnect.exe (Calibre Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-2236806547-4188195164-2715391781-1005\..Trusted Domains: kodakgallery.com ([www] https in Trusted sites) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CF34D27-48AA-4BDD-B5E8-C29E7A83F7A6}: DhcpNameServer = 209.18.47.61 209.18.47.62 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Elaine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Elaine\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{81038542-3245-11e2-b389-001ec95c2dee}\Shell - "" = AutoRun O33 - MountPoints2\{81038542-3245-11e2-b389-001ec95c2dee}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{81038542-3245-11e2-b389-001ec95c2dee}\Shell\AutoRun\command - "" = H:\setup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/12/29 16:04:05 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Elaine\Desktop\OTL.exe [2013/12/27 23:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013/12/27 23:10:41 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Elaine\Desktop\esetsmartinstaller_enu.exe [2013/12/27 02:17:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013/12/27 01:57:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\.android [2013/12/27 01:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Local Settings\Application Data\cache [2013/12/27 01:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Local Settings\Application Data\genienext [2013/12/27 01:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Application Data\0D0S1L2Z1P1B [2013/12/27 01:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Elaine\Application Data\DigitalSites [2013/12/26 19:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CDB [2013/12/26 19:24:01 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys [2013/12/26 19:02:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013/12/26 19:00:43 | 001,034,531 | ---- | C] (Thisisu) -- C:\Documents and Settings\Elaine\Desktop\JRT.exe [2013/12/26 16:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2013/12/25 13:05:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Elaine\Start Menu\Programs\Administrative Tools [2013/12/25 13:03:48 | 000,688,992 | R--- | C] (Swearware) -- C:\Program Files\dds.com [2013/12/23 17:06:42 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe [2013/12/20 08:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013/12/19 22:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\MR APP [2013/12/15 14:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth [2013/07/30 20:09:32 | 000,072,008 | ---- | C] (Azureus Software, Inc.) -- C:\Program Files\VuzeBittorrentClientInstaller.exe [2013/07/04 16:39:59 | 000,280,136 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup Stub 22.0.exe [2013/05/04 16:58:00 | 002,138,776 | ---- | C] (Solid State Networks) -- C:\Program Files\install_flashplayer11x32au_mssa_aih.exe [2013/04/04 15:50:42 | 003,403,304 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WindowsXP-KB955704-x86-ENU.exe [2013/03/26 18:50:01 | 000,774,616 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthPluginSetup.exe [2012/12/07 07:13:43 | 003,461,001 | ---- | C] (ArcSoft ) -- C:\Program Files\raw_thumbnail_viewer.exe [2011/07/16 07:51:25 | 001,346,560 | ---- | C] (Matsushita Electric Industrial Co., Ltd. ) -- C:\Program Files\sdfv2003.exe [2010/12/25 17:45:15 | 007,466,152 | ---- | C] (Opera Software ASA) -- C:\Program Files\Opera_1100_en_Setup.exe [2010/09/10 11:12:24 | 000,567,640 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleVoiceAndVideoSetup.exe [2010/09/04 10:57:04 | 007,493,632 | ---- | C] (Login Recovery) -- C:\Program Files\Login-Recovery.exe [2010/04/04 19:29:17 | 000,835,712 | ---- | C] (WinRecovery Software ) -- C:\Program Files\cardrecovery_setup.exe [2009/08/12 17:43:47 | 000,913,832 | ---- | C] (Oracle Corporation) -- C:\Program Files\jxpiinstall.exe [2009/03/31 22:04:49 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe [2008/10/12 16:38:25 | 000,126,976 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\asneu.dll [2008/10/11 06:22:26 | 004,540,161 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\PS_41.exe [2008/10/10 16:00:24 | 003,085,984 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\Documents and Settings\Elaine\My Documents\*.tmp files -> C:\Documents and Settings\Elaine\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/12/29 16:07:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/12/29 16:04:21 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0CA4540B-AFD1-4736-94F5-0CD014FD7E13}.job [2013/12/29 16:04:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Elaine\Desktop\OTL.exe [2013/12/29 15:55:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2236806547-4188195164-2715391781-1005UA.job [2013/12/29 07:07:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/12/28 20:55:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2236806547-4188195164-2715391781-1005Core.job [2013/12/28 19:29:01 | 000,187,174 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2013/12/28 17:54:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/12/28 17:53:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/12/28 17:53:04 | 3487,006,720 | -HS- | M] () -- C:\hiberfil.sys [2013/12/27 23:10:52 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Elaine\Desktop\esetsmartinstaller_enu.exe [2013/12/27 08:33:58 | 000,000,306 | ---- | M] () -- C:\Documents and Settings\Elaine\Application Data\mbam.context.scan [2013/12/26 19:31:03 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013/12/26 19:24:05 | 000,003,747 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml [2013/12/26 19:23:54 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys [2013/12/26 19:16:28 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2013/12/26 19:00:43 | 001,034,531 | ---- | M] (Thisisu) -- C:\Documents and Settings\Elaine\Desktop\JRT.exe [2013/12/25 22:14:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/12/25 14:22:46 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Elaine\Desktop\Shortcut to dds.com.pif [2013/12/25 13:32:51 | 000,891,200 | ---- | M] () -- C:\Program Files\SecurityCheck.exe [2013/12/25 13:03:48 | 000,688,992 | R--- | M] (Swearware) -- C:\Program Files\dds.com [2013/12/25 12:29:22 | 000,450,800 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013/12/23 17:06:42 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\HijackThis.exe [2013/12/14 07:33:29 | 000,450,800 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20131225-122922.backup [2013/12/12 03:03:41 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013/12/11 02:44:15 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\Documents and Settings\Elaine\My Documents\*.tmp files -> C:\Documents and Settings\Elaine\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/12/27 08:33:58 | 000,000,306 | ---- | C] () -- C:\Documents and Settings\Elaine\Application Data\mbam.context.scan [2013/12/26 19:23:56 | 000,003,747 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml [2013/12/25 14:22:46 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Elaine\Desktop\Shortcut to dds.com.pif [2013/12/25 13:32:51 | 000,891,200 | ---- | C] () -- C:\Program Files\SecurityCheck.exe [2013/06/25 11:52:16 | 011,492,440 | ---- | C] () -- C:\Program Files\eri_setup_109037324566.exe [2013/05/15 02:21:58 | 000,913,186 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2236806547-4188195164-2715391781-1005-0.dat [2013/05/15 02:21:58 | 000,316,962 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat [2013/03/11 19:07:53 | 000,130,030 | ---- | C] () -- C:\Documents and Settings\Elaine\ASUS.Franz.2013.registration [2013/03/06 13:47:20 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat [2013/02/18 20:33:11 | 000,202,764 | ---- | C] () -- C:\Program Files\tweets.zip [2013/01/21 11:46:41 | 000,058,132 | ---- | C] () -- C:\Documents and Settings\Elaine\TD Ameritrade [2013/01/17 21:56:50 | 000,168,306 | ---- | C] () -- C:\Documents and Settings\Elaine\KrisFlyerMembershipCard [2012/12/05 13:18:05 | 006,104,576 | ---- | C] () -- C:\Program Files\MicrosoftCodecPack_x86.msi [2012/04/01 10:50:25 | 000,143,350 | ---- | C] () -- C:\Documents and Settings\Elaine\NYU - Stringer NYT 3-29-2012.tif [2012/04/01 10:46:31 | 000,141,814 | ---- | C] () -- C:\Documents and Settings\Elaine\NYU - Stringer NYT 3-29-2012 [2012/03/31 07:50:41 | 004,137,128 | ---- | C] () -- C:\Documents and Settings\Elaine\GlobeSt.com - MAS debate NYU2031 3-28-2012.tif [2012/03/31 07:44:27 | 000,228,574 | ---- | C] () -- C:\Documents and Settings\Elaine\GlobeSt.com - MAS debate NYU2031 3-28-2012 [2012/03/24 19:38:36 | 1842,465,194 | ---- | C] () -- C:\Program Files\photoshopcs6_p1_win_032112.zip [2012/03/12 16:58:27 | 001,606,064 | ---- | C] () -- C:\Program Files\googletalk-setup.exe [2012/03/10 21:09:11 | 007,615,784 | ---- | C] () -- C:\Program Files\PenTablet_510-4.exe [2012/02/16 14:25:56 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/19 15:03:15 | 001,793,028 | ---- | C] () -- C:\Documents and Settings\Elaine\OfficeDepotWorklifeRewards.tif [2012/01/19 15:02:50 | 000,166,800 | ---- | C] () -- C:\Documents and Settings\Elaine\OfficeDepotWorklifeRewards [2012/01/13 16:09:41 | 000,859,176 | ---- | C] () -- C:\Documents and Settings\Elaine\CapitalOnePayment.2012.01.13.tif [2012/01/13 16:09:20 | 000,062,898 | ---- | C] () -- C:\Documents and Settings\Elaine\CapitalOnePayment.2012.01.13 [2011/12/29 09:02:21 | 000,570,340 | ---- | C] () -- C:\Documents and Settings\Elaine\ChaseTransfer.2011.12.29.tif [2011/12/29 09:01:02 | 000,010,790 | ---- | C] () -- C:\Documents and Settings\Elaine\ChaseTransfer.2011.12.28 [2011/12/13 09:33:31 | 000,571,846 | ---- | C] () -- C:\Documents and Settings\Elaine\AOL.account.info.tif [2011/12/13 09:32:33 | 000,009,114 | ---- | C] () -- C:\Documents and Settings\Elaine\AOL.account.info [2011/05/31 11:40:50 | 002,940,886 | ---- | C] () -- C:\Documents and Settings\Elaine\K-YCoupon.tif [2011/05/31 11:40:20 | 000,629,098 | ---- | C] () -- C:\Documents and Settings\Elaine\K-Y [2010/12/21 16:29:44 | 000,630,232 | ---- | C] () -- C:\Documents and Settings\Elaine\BankAmerica.MC.payment.2010.12.21.tif [2010/12/21 16:29:05 | 000,036,594 | ---- | C] () -- C:\Documents and Settings\Elaine\BankAmericaMCpayment.2010.12.21 [2010/12/19 16:37:22 | 000,769,332 | ---- | C] () -- C:\Documents and Settings\Elaine\UnionPlusPayment.2010.12.19.tif [2010/12/19 16:37:05 | 000,058,852 | ---- | C] () -- C:\Documents and Settings\Elaine\UnionPlusPayment.2010.12.19 [2010/12/19 01:40:13 | 001,237,728 | ---- | C] () -- C:\Documents and Settings\Elaine\HomeInsuranceQuotes.2010.12.19.tif [2010/12/19 01:39:32 | 000,069,784 | ---- | C] () -- C:\Documents and Settings\Elaine\HomeInsuranceQuotes.2010.12.19 [2010/12/01 12:48:31 | 001,364,522 | ---- | C] () -- C:\Program Files\wrar393.exe [2010/10/19 19:57:22 | 000,630,612 | ---- | C] () -- C:\Documents and Settings\Elaine\BankofAmer.MC.payment.2010.10.21.tif [2010/10/19 19:56:55 | 000,037,190 | ---- | C] () -- C:\Documents and Settings\Elaine\BankofAmer.MC.payment.2010.10.21 [2010/10/15 14:09:58 | 009,422,848 | ---- | C] () -- C:\Program Files\VzInHomeAgentInstaller.msi [2010/10/15 13:58:59 | 000,103,720 | ---- | C] () -- C:\Documents and Settings\Elaine\GoToAssistDownloadHelper.exe [2010/10/04 13:55:27 | 000,873,500 | ---- | C] () -- C:\Documents and Settings\Elaine\CapitalOnePayment.2010.10.tif [2010/10/04 13:55:02 | 000,019,242 | ---- | C] () -- C:\Documents and Settings\Elaine\CapitalOnePayment.2010.10.04 [2010/09/28 13:58:57 | 001,885,928 | ---- | C] () -- C:\Documents and Settings\Elaine\UnitedShanghai2010.tif [2010/09/28 13:57:05 | 000,062,352 | ---- | C] () -- C:\Documents and Settings\Elaine\UnitedShanghai2010 [2010/02/19 10:27:39 | 002,006,621 | ---- | C] () -- C:\Program Files\u9idat252zx.bin [2010/02/19 10:27:23 | 000,113,488 | ---- | C] () -- C:\Program Files\u9ichjw4qt.bin [2010/02/19 10:27:03 | 000,567,456 | ---- | C] () -- C:\Program Files\u9ifw57en.bin [2010/02/19 10:26:28 | 002,489,378 | ---- | C] () -- C:\Program Files\x8all279kj.bin [2010/02/19 09:55:58 | 064,213,381 | ---- | C] () -- C:\Program Files\w9all733vq.bin [2010/02/19 09:26:53 | 056,173,018 | ---- | C] () -- C:\Program Files\u9iavi2697mh.bin [2010/02/19 09:25:36 | 006,685,013 | ---- | C] () -- C:\Program Files\u7avi18567.bin [2009/09/24 13:20:58 | 000,117,844 | ---- | C] () -- C:\Documents and Settings\Elaine\DeltaLauren [2009/09/24 13:19:13 | 000,321,663 | ---- | C] () -- C:\Documents and Settings\Elaine\DeltaLaurenSkyMilesCard [2008/11/04 05:23:52 | 000,181,426 | ---- | C] () -- C:\Program Files\hijackthis.zip [2008/10/19 20:14:19 | 008,844,185 | ---- | C] () -- C:\Program Files\homesite3_dw.exe [2008/10/18 23:54:37 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Elaine\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/10/12 16:40:49 | 319,815,680 | ---- | C] () -- C:\Program Files\Adobe Photoshop Lightroom 1.0 Aio.iso [2000/10/26 00:55:56 | 000,000,388 | ---- | C] () -- C:\Program Files\file_id.diz [2000/10/12 10:39:02 | 001,023,143 | ---- | C] () -- C:\Program Files\fo-ec4.exe ========== ZeroAccess Check ========== [2008/04/25 16:34:35 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/06/26 03:15:29 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013/11/28 09:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013/09/08 13:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics [2012/01/27 14:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012 [2013/12/26 19:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CDB [2010/10/24 06:30:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files [2008/10/12 16:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro [2013/09/08 15:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate [2012/01/27 14:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData [2013/12/19 22:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MR APP [2008/10/10 17:13:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon [2013/07/04 16:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache [2013/05/06 02:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic [2009/07/05 19:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2013/12/29 06:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2012/01/27 04:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008/10/02 15:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall [2013/12/27 01:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\0D0S1L2Z1P1B [2012/01/27 04:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\AVG [2012/01/27 04:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\AVG2012 [2009/06/30 09:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1 [2009/07/14 11:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\com.Spreadtweet2007.AirApp.84144EB30E332DDF53A5B500088B55A66190F3BE.1 [2013/09/08 13:59:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\CoreFTP [2008/10/12 16:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\DAEMON Tools Pro [2013/12/27 02:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\DigitalSites [2008/11/01 22:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\install_5849_MHw0MXwwfHx8fHx8fHw_[1] [2008/10/09 16:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Nikon [2013/09/08 15:56:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\OpenOffice [2008/10/11 04:05:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Opera [2012/06/03 22:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Oracle [2008/10/13 10:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Panasonic [2013/09/08 16:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\TeamViewer [2012/01/27 14:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Tific [2013/12/27 02:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\Uniblue [2013/09/08 15:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\WinPatrol [2008/11/01 22:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Elaine\Application Data\_5849_fHx8fDQ2Mnw0fHw_ ========== Purity Check ========== ========== Files - Unicode (All) ========== [2011/07/30 17:47:28 | 000,316,061 | ---- | M] ()(C:\Documents and Settings\Elaine\My Documents\01??????????.JPG) -- C:\Documents and Settings\Elaine\My Documents\01皖歙县许国大学士牌坊.JPG [2011/07/30 17:47:27 | 000,316,061 | ---- | C] ()(C:\Documents and Settings\Elaine\My Documents\01??????????.JPG) -- C:\Documents and Settings\Elaine\My Documents\01皖歙县许国大学士牌坊.JPG ========== Alternate Data Streams ========== @Alternate Data Stream - 157 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 < End of report > ______________________________________________________________________________________ OTL Extras logfile created on: 12/29/2013 4:07:35 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Elaine\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.25 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 73.54% Memory free 5.09 Gb Paging File | 4.30 Gb Available in Paging File | 84.53% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 455.94 Gb Total Space | 416.39 Gb Free Space | 91.33% Space Free | Partition Type: NTFS Drive D: | 298.08 Gb Total Space | 142.84 Gb Free Space | 47.92% Space Free | Partition Type: NTFS Computer Name: MANHATTAN | User Name: Elaine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* [HKEY_USERS\S-1-5-21-2236806547-4188195164-2715391781-1005\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Dell Video Chat\DellVideoChat.exe" = C:\Program Files\Dell Video Chat\DellVideoChat.exe:*:Enabled:SightSpeed -- (Dell Inc. and SightSpeed Inc.) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation) "C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google) "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer "C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google) "C:\Program Files\TeamViewer\Version8\TeamViewer.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) "C:\Program Files\MR APP\MRAPP.UI.exe" = C:\Program Files\MR APP\MRAPP.UI.exe:LocalSubNet:Enabled:MR APP UI -- (Microsoft) "C:\Program Files\MR APP\MRAPP.Transfer.Service.exe" = C:\Program Files\MR APP\MRAPP.Transfer.Service.exe:LocalSubNet:Enabled:MR APP Transfer Service -- (Digital Market Research Apps Pty Ltd) "C:\Program Files\MR APP\MRAPP.Event.Service.exe" = C:\Program Files\MR APP\MRAPP.Event.Service.exe:LocalSubNet:Enabled:MR APP Event Service -- (Digital Market Research Apps Pty Ltd) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only) "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45 "{2A83AD05-56E6-3FBD-8752-B4143162EF59}" = Google Talk Plugin "{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery DesignPro "{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}" = LUMIX Simple Viewer "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{41F71B19-4F04-49A9-99BE-7348AA1EA665}" = ArcSoft Software Suite "{45A82D1E-105D-4F49-9C2F-0DAF8118DC0C}" = Dynex mini card reader "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in "{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11 "{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}" = OpenOffice 4.0.0 "{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective "{5887D64D-2663-43FB-B4BD-7464C56AB425}" = NVIDIA System Monitor "{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter "{5B25274F-088A-4A24-AE12-4AEE9278025A}" = SILKYPIX Developer Studio 2.0 SE "{5F07A881-4A7F-4F16-AF9E-F2202B504A91}" = PHOTOfunSTUDIO 8.3 PE "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{6B36DEBF-27D0-4B1E-858D-D397091C6C7D}" = HP Precisionscan Pro 3.1 "{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance "{88D68A69-D247-466B-90DD-575F6BE16230}_is1" = CardRecovery 5.30 "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97657495-9cfa-43ed-852e-98891c53c055}" = "{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer- "{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}" = Nikon Scan "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) "{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes "{CAEF3BE9-F5CF-4355-BBC3-90134AD070F8}" = RAW Thumbnail Viewer "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBCDEDF3-A2E5-4402-8E9E-E2C23DBE1DA8}" = Adobe Photoshop Lightroom "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D09FAEB4-4343-06E9-5D8F-BF19CB999821}" = Seesmic Desktop "{DA65FD93-EA6D-4E14-BA49-2BF7523BD3C9}" = e-Rewards Notify "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center "{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher "{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{F12E6A25-2F3A-4FEA-8E22-A89BD47574B2}" = PHOTOfunSTUDIO 6.2 HD Edition "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "CCleaner" = CCleaner "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1" = Seesmic Desktop "Core FTP LE 2.1" = Core FTP LE 2.1 "Dell Video Chat" = Dell Video Chat (remove only) "ESET Online Scanner" = ESET Online Scanner v3 "ExtractNow_is1" = ExtractNow "Eye Candy 4000" = Eye Candy 4000 "G-Force" = G-Force "Google Desktop" = Google Desktop "GoToAssist" = GoToAssist 8.0.0.514 "hp photosmart printer series" = hp photosmart printer series (Remove only) "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{45A82D1E-105D-4F49-9C2F-0DAF8118DC0C}" = Dynex mini card reader "InstallShield_{5887D64D-2663-43FB-B4BD-7464C56AB425}" = NVIDIA System Monitor "InstallShield_{5B25274F-088A-4A24-AE12-4AEE9278025A}" = SILKYPIX Developer Studio 2.0 SE "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance "MagicDisc 2.7.101" = MagicDisc 2.7.101 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "Opera 11.00.1156" = Opera 11.00 "Pen Tablet Driver" = Pen Tablet "PrintConnect UNinstall" = PrintConnect "SearchAssist" = SearchAssist "TeamViewer 8" = TeamViewer 8 "weDownload Manager" = weDownload Manager "WhiteCap" = WhiteCap "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "xConnect UNinstall" = xConnect "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "YInstHelper" = Yahoo! Install Manager ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 9/8/2013 4:11:36 PM | Computer Name = MANHATTAN | Source = Microsoft Security Client | ID = 5000 Description = Error - 9/8/2013 4:15:39 PM | Computer Name = MANHATTAN | Source = MPSampleSubmission | ID = 5000 Description = Error - 9/8/2013 5:23:01 PM | Computer Name = MANHATTAN | Source = Application Error | ID = 1000 Description = Faulting application TeamViewer.exe, version 8.0.20768.0, faulting module unknown, version 0.0.0.0, fault address 0x05db7f78. Error - 10/7/2013 6:19:46 PM | Computer Name = MANHATTAN | Source = Application Error | ID = 1000 Description = Faulting application plugin-container.exe, version 22.0.0.4917, faulting module mozalloc.dll, version 22.0.0.4917, fault address 0x00001988. Error - 10/11/2013 3:30:46 AM | Computer Name = MANHATTAN | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error - 10/12/2013 12:14:43 PM | Computer Name = MANHATTAN | Source = Application Error | ID = 1000 Description = Faulting application plugin-container.exe, version 22.0.0.4917, faulting module mozalloc.dll, version 22.0.0.4917, fault address 0x00001988. Error - 12/9/2013 1:57:35 AM | Computer Name = MANHATTAN | Source = Application Error | ID = 1000 Description = Faulting application plugin-container.exe, version 22.0.0.4917, faulting module mozalloc.dll, version 22.0.0.4917, fault address 0x00001988. Error - 12/13/2013 4:32:52 AM | Computer Name = MANHATTAN | Source = MPSampleSubmission | ID = 5000 Description = Error - 12/22/2013 5:24:36 AM | Computer Name = MANHATTAN | Source = Application Error | ID = 1000 Description = Faulting application plugin-container.exe, version 26.0.0.5087, faulting module mozalloc.dll, version 26.0.0.5087, fault address 0x0000119c. Error - 12/22/2013 4:53:20 PM | Computer Name = MANHATTAN | Source = Microsoft Security Client | ID = 5000 Description = [ System Events ] Error - 11/21/2013 4:38:38 AM | Computer Name = MANHATTAN | Source = Microsoft Antimalware | ID = 2001 Description = Error - 11/30/2013 7:43:23 PM | Computer Name = MANHATTAN | Source = Dhcp | ID = 1000 Description = Your computer has lost the lease to its IP address 192.168.1.100 on the Network Card with network address 001EC95C2DEE. Error - 12/8/2013 3:37:44 AM | Computer Name = MANHATTAN | Source = Schannel | ID = 36870 Description = A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x80090016. Error - 12/11/2013 1:57:43 PM | Computer Name = MANHATTAN | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.100 for the Network Card with network address 001EC95C2DEE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 12/25/2013 3:32:29 PM | Computer Name = MANHATTAN | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.100 for the Network Card with network address 001EC95C2DEE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 12/27/2013 3:21:45 AM | Computer Name = MANHATTAN | Source = Service Control Manager | ID = 7034 Description = The Pml Driver service terminated unexpectedly. It has done this 1 time(s). Error - 12/27/2013 3:25:05 AM | Computer Name = MANHATTAN | Source = Service Control Manager | ID = 7000 Description = The vToolbarUpdater17.2.0 service failed to start due to the following error: %%2 Error - 12/27/2013 3:58:17 AM | Computer Name = MANHATTAN | Source = Service Control Manager | ID = 7000 Description = The vToolbarUpdater17.2.0 service failed to start due to the following error: %%2 Error - 12/27/2013 11:12:30 AM | Computer Name = MANHATTAN | Source = Dhcp | ID = 1002 Description = The IP address lease 192.168.1.100 for the Network Card with network address 001EC95C2DEE has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Error - 12/28/2013 6:54:08 PM | Computer Name = MANHATTAN | Source = Service Control Manager | ID = 7000 Description = The vToolbarUpdater17.2.0 service failed to start due to the following error: %%2 < End of report >

I ran Spybot again, and it came up with 8X Montera.Toolbar and 40X Toolbar.MySearchDial. I then ran Malwarebytes again (full scan), and it came up with 18 threats (log below). Contrary to what the log says, I DID quarantine all threats. The annoying "mysearch.avg.com" is still there when I open a new tab. What should I do next? _________________________________________________________________________________________ Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.28.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Elaine :: MANHATTAN [administrator] 12/28/2013 7:36:31 PM mbam-log-2013-12-28 (19-36-31).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 357988 Time elapsed: 49 minute(s), 55 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 6 HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Jump Flip (PUP.Optional.JumpFlip.A) -> No action taken. HKCU\Software\Jump Flip (PUP.Optional.JumpFlip.A) -> No action taken. HKCU\SOFTWARE\MYSEARCHDIAL (PUP.Optional.MySearchDial.A) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\Update Jump Flip (PUP.Optional.JumpFlip.A) -> No action taken. HKLM\Software\Jump Flip (PUP.Optional.JumpFlip.A) -> No action taken. Registry Values Detected: 1 HKCU\Software\mysearchdial|TM (PUP.Optional.MySearchDial.A) -> Data: 0131 -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Program Files\Jump Flip (PUP.Optional.JumpFlip.A) -> No action taken. Files Detected: 10 C:\Documents and Settings\Elaine\Local Settings\Temp\is1590112554\1206914_stp\JumpFlipSetup.exe (PUP.Optional.JumpFlip.A) -> No action taken. C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079060.dll (PUP.Optional.MySearchDial.A) -> No action taken. C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079061.dll (PUP.Optional.MySearchDial.A) -> No action taken. C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079062.exe (PUP.Optional.MySearchDial.A) -> No action taken. C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079063.dll (PUP.Optional.MySearchDial.A) -> No action taken. C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079066.dll (PUP.Optional.MySearchDial.A) -> No action taken. C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1665\A0079076.exe (PUP.Optional.JumpFlip.A) -> No action taken. C:\Program Files\Jump Flip\JumpFlip.ico (PUP.Optional.JumpFlip.A) -> No action taken. C:\Program Files\Jump Flip\JumpFlipUninstall.exe (PUP.Optional.JumpFlip.A) -> No action taken. C:\Program Files\Jump Flip\updateJumpFlip.InstallState (PUP.Optional.JumpFlip.A) -> No action taken. (end)

My computer is much faster. One problem persists: in Mozilla, if I click on "open a new tab", I'm redirected to "mysearch.avg.com," rather than to a group of previously used pages.

ESET scan: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\weDownloadMgr11.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen2.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinDownloadergen3.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined C:\Documents and Settings\Elaine\Application Data\0D0S1L2Z1P1B\Zip Extractor Packages\uninstaller.exe Win32/InstallCore.AZ application cleaned by deleting - quarantined C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\extensions\firefox@jumpflip.net.xpi Win32/BrowseFox.B application deleted - quarantined C:\Documents and Settings\Elaine\Application Data\Sun\Java\Deployment\cache\6.0\34\1e7e54e2-3f92550c Java/TrojanDownloader.Agent.AC trojan cleaned by deleting - quarantined C:\Documents and Settings\Elaine\Desktop\Setup.UnfriendFacebook.exe multiple threats cleaned by deleting - quarantined C:\Documents and Settings\Elaine\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\29\2b1dfadd-186850b9 a variant of Java/Exploit.CVE-2013-2423.DZ trojan cleaned by deleting - quarantined C:\Documents and Settings\Elaine\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\51\3db83733-7ef51c31 a variant of Java/JShrink.A application cleaned by deleting - quarantined C:\Documents and Settings\Elaine\Local Settings\Temp\is1590112554\1207074_stp\uninstaller.exe Win32/InstallCore.AZ application cleaned by deleting - quarantined C:\Documents and Settings\Elaine\Local Settings\Temporary Internet Files\Content.IE5\7KR4CTYX\Setup[1].exe multiple threats cleaned by deleting - quarantined C:\Documents and Settings\Elaine\My Documents\speedupmypc.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined C:\Documents and Settings\Elaine\My Documents\Downloads\cbsidlm-cbsi134-Media_Player_Codec_Pack-SEO-10749065.exe a variant of Win32/CNETInstaller.B application cleaned by deleting - quarantined C:\Documents and Settings\Elaine\My Documents\Downloads\ccsetup405.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined C:\Documents and Settings\Elaine\My Documents\Downloads\disk-defrag-setup.exe Win32/MyPCBackup.A application cleaned by deleting - quarantined C:\Documents and Settings\Elaine\My Documents\Downloads\ReimageExpress.exe Win32/Toolbar.Babylon.T application cleaned by deleting - quarantined C:\Documents and Settings\Elaine\My Documents\Downloads\ZipExtractorSetup.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined C:\Program Files\registrybooster(2).exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined C:\Program Files\Jump Flip\updateJumpFlip.exe a variant of Win32/BrowseFox.G application cleaned by deleting - quarantined C:\Program Files\SetupsOldComp\WebfettiSetup2.2.60.11-2.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined

Coupon printer for windows uninstalled. ___________________________________________________________________________________________ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.8 (11.05.2013:1) OS: Microsoft Windows XP x86 Ran by Elaine on Thu 12/26/2013 at 19:57:15.14 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\s Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\Documents and Settings\Elaine\Application Data\mozilla\firefox\profiles\mdjqifxb.default\user.js Successfully deleted: [Folder] C:\Documents and Settings\Elaine\Application Data\mozilla\firefox\profiles\mdjqifxb.default\extensions\0c3e9649-324d-4df0-a61e-7ac31aead042@2612bb82-5f8a-49b2-a299-348e707310fc.com Successfully deleted the following from C:\Documents and Settings\Elaine\Application Data\mozilla\firefox\profiles\mdjqifxb.default\prefs.js user_pref("Smartbar.ConduitSearchEngineList", ""); user_pref("Smartbar.ConduitSearchUrlList", ""); user_pref("Smartbar.SearchFromAddressBarSavedUrl", ""); user_pref("Smartbar.keywordURLSelectedCTID", "CT3290538"); user_pref("browser.search.defaultthis.engineName", "SafeMonitor Bar 3 Customized Web Search"); user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_channels.expiration", "Fri Feb 01 2030 00:00:00 user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_channels.value", "%7B%22app0%22%3A%22app0%22%2C user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_css.expiration", "Fri Dec 27 2013 12:16:32 GMT- user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_css.value", "%22.%25CSSClass%25%20%7B%5Cn%5Ctdi user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_geolocation.expiration", "Thu Jan 02 2014 19:07 user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_geolocation.value", "%22US%22"); user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_metadata.expiration", "Thu Dec 26 2013 20:31:29 user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.cookie.CrossriderNotifier_metadata.value", "%7B%22appId%22%3A34344%2C%22a user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.description", "Enhance your search results with direct download links and user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_meta.value", "%7B%22extension.css%22%3A%7B%22id%22%3 user_pref("extensions.a0c3e9649324d4df0a61e7ac31aead0422612bb825f8a49b2a299348e707310fccom34344.34344.internaldb.Resources_resource_335479.value", "%22.crossrider-nofity-34345 user_pref("extensions.crossrider.bic", "140e024653688d313d0b106ec94f27d7"); user_pref("extensions.dynconff.JS.3161502D.805898964 friends", "%7B%221677515146%22%3A%7B%22uid%22%3A1677515146%2C%22photo%22%3A%22hxxp%3A//profile.ak.fbcdn.net/hprofile-ak-as user_pref("extensions.dynconff.JS.CD1C3ECF.805898964 friends", "%7B%221677515146%22%3A%7B%22uid%22%3A1677515146%2C%22photo%22%3A%22hxxp%3A//profile.ak.fbcdn.net/hprofile-ak-as user_pref("extensions.dynconff.cache.d11vdn9ox0j18d.cloudfront.net.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1146_1348_1427_1482_1493\"><content id user_pref("extensions.dynconff.cache.deathnotices.michigan.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1479_1146_1348_1427_1480_1482_1493\"><cont user_pref("extensions.dynconff.cache.mail.google.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1146_1348_1427_1482_1493\"><content id=\"puConfig_20 user_pref("extensions.dynconff.cache.news.liveandinvestoverseas.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1479_1146_1348_1427_1480_1482_1493\"> user_pref("extensions.dynconff.cache.safemonitorbar3.ourtoolbar.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1479_1146_1348_1427_1480_1482_1493\"> user_pref("extensions.dynconff.cache.vsjcxomm.bounceme.net.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1479_1146_1348_1427_1480_1482_1493\"><content user_pref("extensions.dynconff.cache.www.bing.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1246_1169_1146_1247_1348_1427_1482_1493\"><content id=\"puCo user_pref("extensions.dynconff.cache.www.e-miles.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1479_1146_1348_1427_1480_1482_1493\"><content id=\"p user_pref("extensions.dynconff.cache.www.e-rewards.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1479_1146_1348_1427_1480_1482_1493\"><content id=\ user_pref("extensions.dynconff.cache.www.google.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1146_1348_1427_1482_1493\"><content id=\"puConfig_205 user_pref("extensions.dynconff.cache.www.ifaw.org.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1479_1146_1348_1427_1480_1482_1493\"><content id=\"puCo user_pref("extensions.dynconff.cache.www.linkedin.com.content", "<package expire=\"3600\" es=\"914\" pcdids=\"v51_1164_1169_1479_1146_1348_1427_1480_1482_1493\"><content id=\" user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true); user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", ""); user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2013100419"); user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm003^YYA^us"); user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "CLan3fev_rkCFYWd4Aod8CIAqw"); user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true); user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "85464FB8-735B-4292-9FCA-F440FC596E47"); user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1381206051361"); user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false); user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false); user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false); user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false); user_pref("extensions.toolbar.mindspark._4zMembers_.searchHistory", "Unmanned aircraft||Unmanned aircraft: technology and internet conn||Within Temptation ft. Tarja"); user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001"); user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com"); user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/ user_pref("google.toolbar.trseenlist", "j5ul8WWkHbceR0HCsU5ZAQ==,1pDxX0SxXGafbvUyRZ279g==,JjoBv9/SU3QFS4mLmvLyPg==,dUmjpN0AGe4j6UXkOcF82w==,1KHiUfuU9OIFhkJ/UmiWgg==,2XxG74vy8P user_pref("plugin.state.npconduitfirefoxplugin", 0); user_pref("smartbar.machineId", "5FCTD9PFJZKHS2MKEKHK86CGY22LL0B1XSHAS0Y8BVIZQMFP17JDIRQIQ9IYN94FNS5PW2DUQPAPLLZJH/VH6G"); Emptied folder: C:\Documents and Settings\Elaine\Application Data\mozilla\firefox\profiles\mdjqifxb.default\minidumps [5 files] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 12/26/2013 at 19:59:37.42 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ________________________________________________________________________________________________ # AdwCleaner v3.016 - Report created 27/12/2013 at 02:21:45 # Updated 23/12/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Elaine - MANHATTAN # Running from : C:\Documents and Settings\Elaine\My Documents\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\open it! Folder Deleted : C:\Program Files\AVG SafeGuard toolbar Folder Deleted : C:\Program Files\Mobogenie Folder Deleted : C:\Program Files\openit Folder Deleted : C:\Program Files\Common Files\AVG Secure Search Folder Deleted : C:\Documents and Settings\Elaine\Local Settings\Application Data\AVG SafeGuard toolbar Folder Deleted : C:\Documents and Settings\Elaine\Local Settings\Application Data\Mobogenie Folder Deleted : C:\Documents and Settings\Elaine\Local Settings\Application Data\PackageAware Folder Deleted : C:\Documents and Settings\Elaine\Application Data\AVG SafeGuard toolbar Folder Deleted : C:\Documents and Settings\Elaine\Application Data\Mysearchdial Folder Deleted : C:\Documents and Settings\Elaine\Application Data\Uniblue\SpeedUpMyPC Folder Deleted : C:\Documents and Settings\Elaine\My Documents\Mobogenie Folder Deleted : C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8} File Deleted : C:\Documents and Settings\All Users\Desktop\Open It!.lnk File Deleted : C:\Documents and Settings\Elaine\Desktop\MySearchDial.url File Deleted : C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\searchplugins\Mysearchdial.xml File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml File Deleted : C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\user.js File Deleted : C:\Documents and Settings\Elaine\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Key Deleted : HKCU\Software\AVG SafeGuard toolbar Key Deleted : HKCU\Software\dsiteproducts Key Deleted : HKCU\Software\InstallCore Key Deleted : HKLM\Software\AVG SafeGuard toolbar Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\Uniblue Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It! Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mysearchdial Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\OpenIt Open It! Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Documents and Settings\Elaine\Application Data\Mozilla\Firefox\Profiles\mdjqifxb.default\prefs.js ] Line Deleted : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com"); Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search"); Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd1202"); Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}"); Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtC0E0CzyyD0CtB0D0E0EtAtDyE0CtN0D0Tzu0SyBtByCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R"); Line Deleted : user_pref("extensions.mysearchdial.cr", "912696349"); Line Deleted : user_pref("extensions.mysearchdial.dfltLng", ""); Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true); Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true); Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false); Line Deleted : user_pref("extensions.mysearchdial.hmpg", true); Line Deleted : user_pref("extensions.mysearchdial.id", "001EC95C2DEE304C"); Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16066"); Line Deleted : user_pref("extensions.mysearchdial.instlRef", ""); Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial"); Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial"); Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial"); Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base"); Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0"); Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0"); Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true); Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false); Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none"); Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.01:57:1"); ************************* AdwCleaner[R0].txt - [9089 octets] - [27/12/2013 02:17:17] AdwCleaner[s0].txt - [8803 octets] - [27/12/2013 02:21:45] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8863 octets] ########## ______________________________________________________________________________________________ Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.12.27.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Elaine :: MANHATTAN [administrator] 12/27/2013 2:28:42 AM mbam-log-2013-12-27 (02-28-42).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 237517 Time elapsed: 5 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 5 HKCR\CLSID\{6db9fdfe-b718-4962-be0c-0a5fce7f7f7b} (PUP.Optional.JumpFlip) -> Quarantined and deleted successfully. HKCR\TypeLib\{F325945D-DAFE-4312-95D8-1913AEB1D810} (PUP.Optional.JumpFlip) -> Quarantined and deleted successfully. HKCR\Interface\{4318395F-DFF1-48AF-B5F0-958E93D16D56} (PUP.Optional.JumpFlip) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6DB9FDFE-B718-4962-BE0C-0A5FCE7F7F7B} (PUP.Optional.JumpFlip) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites (PUP.Optional.Updater) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 3 C:\Documents and Settings\Elaine\Application Data\DigitalSites\UpdateProc (PUP.Optional.Updater) -> Quarantined and deleted successfully. C:\Documents and Settings\Elaine\Application Data\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Elaine\Application Data\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully. Files Detected: 7 C:\Program Files\Jump Flip\JumpFlipBHO.dll (PUP.Optional.JumpFlip) -> Quarantined and deleted successfully. C:\Documents and Settings\Elaine\Application Data\DigitalSites\UpdateProc\UpdateTask.exe (PUP.Optional.Updater) -> Quarantined and deleted successfully. C:\Documents and Settings\Elaine\Application Data\DigitalSites\UpdateProc\config.dat (PUP.Optional.Updater) -> Quarantined and deleted successfully. C:\Documents and Settings\Elaine\Application Data\DigitalSites\UpdateProc\prod.dat (PUP.Optional.Updater) -> Quarantined and deleted successfully. C:\Documents and Settings\Elaine\Application Data\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Elaine\Application Data\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully. C:\Documents and Settings\Elaine\Application Data\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully. (end) ___________________________________________________________________________________________________ I had to uninstall Microsoft Security Essentials to follow your instructions. Which anti-virus program should I be using? Is there a better one? As far as firewalls are concerned, I'm using the Microsoft one, and I'm also operating this computer through a Linksys router. It is my understanding (correct me if I'm wrong) that the Microsoft firewall does the same thing as a router. I had Kerio on an older computer, and I loved it. I always knew EXACTLY what was going on. Should I install a firewall on this computer and, if so, which one? If I do, do I disable the Microsoft firewall? If you see anything else, please advise. Meanwhile, I'll work on the computer to see if I have any further problems. Thanks for your expert help!